Post on 10-Feb-2018
Alderbridge Specialists in Info Security
Specialist Recruitment Knowledge for e-skills UK’s Cyber Security
Learning Pathways Programme
Career Analysis into Cyber Security:
New & Evolving Occupations
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013
© 2013 Reserved, e-skills UK
All rights reserved. No part of this material protected by this copyright may be reproduced or utilised in any form, or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without prior authorisation and credit to e-skills UK.
An e-skills UK publication, supported by Alderbridge Consulting Ltd.
For further information please contact:
e-skills UK 1 Castle Lane London SW1E 6DR Tel: 020 7963 8920 Fax: 020 7592 9138 info@e-skills.com
www.e-skills.com
The National Skills Academy for IT 1 Castle Lane London SW1E 6DR Tel: 020 7963 0420 info@itskillsacademy.ac.uk
www.itskillsacademy.ac.uk
Proprietor: e-skills UK Sector Skills Council Ltd
Registered in England no. 4019051
The National Skills Academy for IT
Registered in England no. 7223753
Registered office: Victoria House, 39 Winchester Street, Basingstoke, Hampshire RG21 7EQ
The National Skills Academy for IT is wholly owned by e-skills UK
e-skills UK is the Sector Skills Council for Business and Information Technology; an employer–led organisation rated as ‘outstanding’ in the re-licensing of the Sector Skills Councils. e-skills UK’s mission is to ensure the UK has the technology skills it needs to compete in the global economy, working on behalf of employers to develop the software, internet, computer gaming, IT services and business change expertise necessary to thrive.
Focused on making the biggest contribution to enterprise, jobs and
growth across the economy, e-skills UK’s three strategic objectives are to:
inspire future talent,
support IT professionals,
increase digital capability.
Delivery on these strategic objectives is underpinned by employer engagement across the sector, authoritative research, a continually developing sector qualifications and learning strategy and effective strategic partnerships.
Contents
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Executive Summary ............................................................................................................................... 1
Summary of Findings................................................................................................................................. 1
Introduction ........................................................................................................................................... 3
Scope ......................................................................................................................................................... 3
Scope Limitations ...................................................................................................................................... 4
Section 1 – Overview ............................................................................................................................. 5
1.1 Pathways to Target Job Roles ............................................................................................................. 5
1.2 Non-Commercial roles ......................................................................................................................... 6
1.3 Commercial roles ................................................................................................................................ 8
1.4 Qualifications ...................................................................................................................................... 9
1.5 Demographic Profiles ........................................................................................................................ 13
Section 2 – Pathways to Target Job Roles ............................................................................................ 17
2.1 Information Security Manager .......................................................................................................... 17
2.2 Information Security Consultant ....................................................................................................... 19
2.3 IT Security Consultant ....................................................................................................................... 21
2.4 Account Manager.............................................................................................................................. 23
2.5 Pathways to Other Roles ................................................................................................................... 25
Section 3 – Qualifications and Degrees by Job Role ............................................................................. 27
3.1 Qualifications .................................................................................................................................... 27
3.2 Degrees ............................................................................................................................................. 30
Section 4 – Demographic Profiles by Job Role ...................................................................................... 33
4.1 Location ............................................................................................................................................. 33
4.2 Age Distribution ................................................................................................................................ 34
4.3 Gender............................................................................................................................................... 35
Summary of Key Findings ..................................................................................................................... 37
Summary of Section 1 – Overview........................................................................................................... 37
Summary of Section 2 – Pathways to Target Job Roles .......................................................................... 37
Summary of Section 3 – Qualifications and Degrees by Job Role ........................................................... 38
Summary of Section 4 - Demographic Profiles by Job Role ..................................................................... 38
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Executive Summary
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 1
Executive Summary
e-skills UK engaged Alderbridge Consulting Ltd, specialists in Information Security recruitment and consultancy, to undertake an analysis of their intelligence covering the current recruitment landscape within Cyber Security. This analysis contributed to the e-skills UK’s Cyber Security Learning Pathways Programme. This report documents the output of this analysis and seeks to draw conclusions surrounding the demographic and academic profile of the UK Cyber Security sector, as well as highlighting potential educational and professional pathways to target job roles.
The analysis, data and results are presented in this document within the following key reporting areas for Cyber Security in the UK:
Age profiles Gender profiles Geographic profiles Job Title progressions Qualifications - learning & training pathways Pathways to target Job Title by Education, Qualifications & Experience
Data is presented in tables, charts and graphical representations together with Alderbridge’s summary analysis.
Summary of Findings
The most common pathway to non-commercial Cyber Security roles has been via other roles within IT. 46% of all professionals currently in non-commercial Cyber Security entered the profession in this way from their 3rd previous role of their career history.
As the overall body of professionals has grown, data collected over a period of 10 years suggests that now only 28% can enter the profession from a more general role in IT and 4% from a role outside of IT. Current non-commercial Cyber Security roles are being filled by seasoned and highly qualified professionals who are progressing within this relatively new profession.
The most popular specialised routes within the profession are as an Information Security Consultant, IT Security Consultant and Information Security Manager.
The two most common pathways into commercial/sales roles within Cyber Security are via non-IT or general IT sales roles. 42% of professionals currently in Cyber Security sales began in more general IT roles and 21% started out in other industries.
Overall, CISSP (Certified Information Systems Security Professional) is the most common professional certification, held by 54% of those in non-commercial roles. Around half of Cyber Security professionals have an undergraduate degree, with more of these being in non-commercial roles than commercial positions. The most common degree type is IT.
The majority (over 60%) of Cyber Security professionals across all job roles are located in the South East. The age profile across most roles was widespread, though for commercial roles it was slightly younger than for non-commercial roles. The gender profile was shown to be predominantly male across all job roles with a slightly higher proportion of females in the commercial roles compared to the other positions (19% compared to 10%).
2 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Introduction
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 3
Introduction
On completion of Cyber Security recruitment data analysis conducted for e-skills UK, Alderbridge Consulting Ltd (“Alderbridge”) is pleased to present the findings in this report, which draws conclusions surrounding the demographic and academic profile of the UK Cyber Security sector, and to highlight potential educational and professional pathways to target job roles.
Scope
The scope of the work was to analyse Alderbridge’s Cyber Security recruitment industry knowledge to produce data in three main areas:-
Pathways to target job roles
Professional qualifications
Demographic information:
o Geographic profiles
o Age profiles
o Gender profiles
CYBER SECURITY
ROLE
Role History
EducationQualifications
Demographics
4 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
The analysis focused on the following 28 target job roles within Cyber Security:-
Information Security Analyst
Information Security Manager
Information Security Consultant
Information Security Officer
IT Security Analyst
IT Security Manager
IT Security Consultant
IT Security Officer
Network Security Engineer
Network Security Consultant
Network Security Analyst
Security Engineer
Security Administrator
CISO/Chief Information Security Officer/Head of Information Security
Security Architect (variants of)
Security Auditor
PCI Consultant/QSA Consultants
Computer/Digital Forensics Analyst/Investigator (variants of)
Penetration Tester/Pen Tester
Application Security Specialist (variants of)
Sales Engineer
Pre-sales Consultant
Technical Account Manager
Account Manager (with security)
Business Development Manager (with security)
Sales Executive (with security)
Sales Manager (with security)
Sales Director (with security)
Scope Limitations
The geographical scope of the analysis was across the whole of the UK. In order to present current information, only data produced from 1st January 2007 onwards was used in all analysis except pathways to target job roles, for which data from 1st January 2002 onwards was used when analysing previous roles. This amounted to 1750 data samples. Across these data samples, not all categories of data were available for analysis in some reports.
•Age
•Location
•GenderDemographics
•Higher Education Information
•Qualifications - Current and Historic
Education
Qualifications
•Job Title - Current
•Job Title - Historic
•Pathways to specific target jobsJob History
Cyber Security
Role
Section 1 – Overview
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 5
Section 1 – Overv iew
1.1 Pathways to Target Job Roles
The target job roles can be categorised into two main areas:
Non-commercial roles
Information Security Analyst
Information Security Manager
Information Security Consultant
Information Security Officer
IT Security Analyst
IT Security Manager
IT Security Consultant
IT Security Officer
Network Security Engineer
Network Security Consultant
Network Security Analyst
Security Engineer
Security Administrator
CISO/Chief Information Security Officer/Head of Information Security
Security Architect (variants of)
Security Auditor
PCI Consultant/QSA Consultants
Computer/Digital Forensics Analyst/Investigator (variants of)
Penetration Tester/Pen Tester
Application Security Specialist (variants of)
Commercial (sales roles)
Sales Engineer
Pre-sales Consultant
Technical Account Manager
Account Manager (with security)
Business Development Manager (with security)
Sales Executive (with security)
Sales Manager (with security)
Sales Director (with security)
The pathways to roles were determined by analysing the job history of Cyber Security Professionals whose current job titles are in the above list. The last three roles prior to the current role were noted to build up a picture of the most common pathways to roles within Cyber Security. Two additional occupations – “Other IT” and “Non-IT” were also added to account for roles outside of the Cyber Security industry. The next section discusses the aggregated pathways across all roles within the non-commercial and commercial categories.
6 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
1.2 Non-Commercial Roles
As can be seen from Figure 1, 46% of all professionals currently in non-commercial Cyber Security entered the profession in their 3rd previous role from other general roles in IT. This figure reduces to 39% across all 2nd previous roles.
Figure 1 – Aggregated pathways across all Non-Commercial roles
As the overall body of professionals has grown, this data illustrates that now only 28% can enter the profession from a more general role in IT and 4% from a role outside of IT. Current non-commercial Cyber Security roles are being filled by experienced professionals who are progressing and moving roles within the profession.
Other IT46%
Other IT39%
Other IT28%
Information Security
Consultant 7%Information Security
Consultant 9%Information Security
Consultant 13%IT Security Consultant
6%IT Security Consultant
5%IT Security Consultant
7%Information Security
Manager 5%Information Security
Manager 3%Information Security
Manager 6%IT Security Analyst
4%IT Security Analyst
6%IT Security Analyst
5%Non-IT
9%Non-IT
8%Non-IT
4%Security Architect
(variants of: 3%Security Architect
(variants of: 4%Security Architect
(variants of: 4%Security Engineer
3%Security Engineer
3%Security Engineer
4%Information Security
Analyst 3%Information Security
Analyst 2%Information Security
Analyst 4%Network Security
Engineer 2%Network Security
Engineer 2%Network Security
Engineer 3%IT Security Manager
2%IT Security Manager
3%IT Security Manager
3%Penetration Tester/Pen
Tester 1%Penetration Tester/Pen
Tester 1%Penetration Tester/Pen
Tester 3%Information Security
Officer 1%Information Security
Officer 2%Information Security
Officer 3%Network Security
Consultant 1%Network Security
Consultant 1%Network Security
Consultant 2%Computer/Digital
Forensics 1%Computer/Digital
Forensics 1%Computer/Digital
Forensics 2%Security Administrator
1%Security Administrator
3%Security Administrator
2%CISO/Head of
Information Security 1%CISO/Head of
Information Security 1%CISO/Head of
Information Security 2%Network Security
Analyst 1%Network Security
Analyst 2%Network Security
Analyst 2%Security Auditor
1%Security Auditor
2%Security Auditor
1%PCI Consultant (variants
of)/QSA Consultants 1%PCI Consultant (variants
of)/QSA Consultants 1%PCI Consultant (variants
of)/QSA Consultants 1%IT Security Officer
0%IT Security Officer
1%IT Security Officer
1%Application / Systems
Security Specialist 1%Application / Systems
Security Specialist 1%Application / Systems
Security Specialist 0%
01 January 2002 20 August 2012
3rd Previous Role 2nd Previous Role 1st Previous Role
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 7
Figure 2 – Chart illustrating the split of the top three categories of roles that lead to a non-commercial role in Cyber Security, displayed in 3rd previous, 2nd previous and 1st previous (most recent) position
The most popular specialised routes are as an Information Security Consultant, IT Security Consultant and Information Security Manager. The pathways to these roles are explained in more detail in section 2 of this report.
3rd Previous Role
2nd Previous Role
1st Previous Role
46%39%
28%
9%8%
4%
45%53%
68%
Specialist within Cyber Security
Non-IT
Other IT
8 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
1.3 Commercial Roles
The two most common pathways into commercial/sales roles within Cyber Security are via non-IT or general IT sales roles. 42% of professionals currently in Cyber Security Sales began in more general IT roles and 21% started out in other industries. Many commercial Cyber Security professionals progress through Account Management into their current roles. The pathway to an Account Manager role is discussed further in Section 2. A relatively small number of professionals progress to commercial roles via technical routes such as Security Engineer and IT Security Consultant.
Figure 3 – Aggregated pathways across all Commercial roles
Other IT42%
Other IT38%
Other IT32%
Non-IT21%
Non-IT18%
Non-IT12%
Account Manager
(with security) 11%Account Manager
(with security) 13%Account Manager
(with security) 16%Sales Executive
(with security) 7%Sales Executive
(with security) 5%Sales Executive
(with security) 7%Sales Manager
(with security) 5%Sales Manager
(with security) 6%Sales Manager
(with security) 7%Business
Development 5%Business
Development 6%Business
Development 8%Sales Director
(with security) 2%Sales Director
(with security) 3%Sales Director
(with security) 5%Sales Engineer
2%Sales Engineer
1%Sales Engineer
1%Security Engineer
2%Security Engineer
2%Security Engineer
3%Pre-sales
Consultant 1%Pre-sales
Consultant 3%Pre-sales
Consultant 6%Technical Account
Manager 1%Technical Account
Manager 2%Technical Account
Manager 2%IT Security
Consultant 1%IT Security
Consultant 2%IT Security
Consultant 1%Security Architect
(variants of) 0%Security Architect
(variants of) 1%Security Architect
(variants of) 0%
3rd Previous Role 2nd Previous Role 1st Previous Role
01 January 2002 20 August 2012
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 9
Figure 4 - Chart illustrating the split of the categories of roles that lead to a Commercial role in Cyber Security, displayed as 3rd previous, 2nd previous and 1st previous (most recent) position
1.4 Qualifications
Two categories of qualifications were analysed - professional qualifications and degree types. The list of professional qualifications is shown below and mostly relate to the Cyber Security industry specifically. The CCNA certification is a more general IT qualification and is included to complement the above data on pathways. This illustrates that general IT is a common pathway into a Cyber Security role. The MSc Information Security is a specialist post-graduate academic qualification for Cyber Security professionals. The MBA (Masters of Business Administration) may be of more relevance to those in commercial roles. The table below shows the percentage of professionals who have gained particular professional qualifications (NC = non-commercial roles, Com = commercial roles).
3rd Previous Role
2nd Previous Role
1st Previous Role
42% 38% 32%
21%18%
12%
37% 44%56% Within Cyber
Security
Non-IT
Other IT
10 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Table 1 – Overall qualification data with top 10 highlighted for non-commercial roles
It is interesting to note that 54% of non-commercial Cyber Security professionals hold a CISSP certification. The CISSP is a general certification covering a broad range of topics and it is widely accepted as the leading specialist cyber security qualification. The charts below highlight some other areas of interest within this data.
Qualification All NC Com
MSc Infosec 5% 9% 0%
MBA 4% 4% 5%
CISSP 34% 54% 5%
CISA 9% 15% 1%
CISM 9% 15% 0%
QSA 4% 6% 1%
CLAS 4% 6% 1%
GIAC 3% 5% 0%
CEH 9% 14% 1%
CREST 1% 2% 1%
CHECK 1% 2% 0%
Tiger 0% 1% 0%
LPT 0% 1% 0%
CCNA 21% 31% 6%
ISO 27001 LA 4% 7% 0%CompTIA Security+ 3% 4% 1%
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 11
Figure 5 – Overall qualifications
Figure 6 – Qualifications breakdown in commercial and non-commercial roles
0%
5%
10%
15%
20%
25%
30%
35%
MSc
In
fose
c
MB
A
CIS
SP
CIS
A
CIS
M
QSA
CLA
S
GIA
C
CEH
CR
EST
CH
ECK
Tige
r
LPT
CC
NA
ISO
27
00
1 L
A
Co
mp
TIA
Se
curi
ty+
0%
10%
20%
30%
40%
50%
60%
MSc
In
fose
c
MB
A
CIS
SP
CIS
A
CIS
M
QSA
CLA
S
GIA
C
CEH
CR
EST
CH
ECK
Tige
r
LPT
CC
NA
ISO
27
00
1 L
A
Co
mp
TIA
Se
curi
ty+
Com
NC
12 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
The table below illustrates the percentage of professionals who have an undergraduate degree and the type of degree: IT (including computing and computer science), Technical (including physics, mathematics and engineering) and Other (such as law, geography, social sciences etc).
Almost 50% of Cyber Security professionals possess a degree and a higher proportion of non-commercial professionals have a degree compared to those in commercial roles. Perhaps unsurprisingly,
the most common degree type overall and in non-commercial roles is IT, however many have entered the Cyber Security profession having studied other disciplines.
Table 2 – Degree types overall and by job type
Figure 7 – Comparison of degree types in commercial and non-commercial job roles
IT Technical Other No Degree
Overall 22% 11% 15% 52%
NC 29% 14% 11% 46%
Com 11% 7% 21% 61%
0%
20%
40%
60%
80%
100%
120%
IT Technical Other No Degree
29%14% 11%
46%
11%
7% 21%
61%
Com
NC
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 13
1.5 Demographic Profiles
Demographic information was taken from a sample of the entire data. Three types of information were analysed – Region (Geographical), Age and Gender, in order to produce a demographic profile of the Cyber Security profession in general and per specific job role. The following table displays the overall demographic information for the sample as a whole. These figures are broken down by job role in Section 4.
Table 3 – Demographic profile overall for non-commercial and commercial roles
M F No data
Non-Commercial 86% 10% 4%
Commercial 80% 19% 1%
Gender
20-29 30-39 40-49 50+ No Data
Non-Commercial 7% 31% 21% 8% 33%
Commercial 7% 34% 25% 12% 22%
Age
NW NE SW SE Mids Scot Wales N. Ire
Non-Commercial 6% 8% 7% 59% 14% 2% 3% 1%
Commercial 7% 11% 6% 66% 8% 1% 1% 0%
Region
14 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 8 – Chart highlighting the geographical profile of cyber security professionals (for non-commercial roles)
Figure 9 – Chart displaying the age distribution across Cyber Security professionals (for non-commercial roles where age information was available)
0% 10% 20% 30% 40% 50% 60%
NW
NE
SW
SE
Mids
Scot
Wales
N. Ire
0%
5%
10%
15%
20%
25%
30%
35%
20-29 30-39 40-49 50+
7%
31%
21%
8%
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 15
Figure 10 – Pie chart displaying the gender profile of Cyber Security professionals (for non-commercial roles)
M
86%
F10%
No data
4%
16 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Section 2 – Pathways to Target Job Roles
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 17
Section 2 – Pa thways to Target Job Roles
As discussed in section 1.1, the most common pathways to a target non-commercial cyber security role are via a general IT route and a specialised route. The top three specialised route pathways are via roles as an Information Security Manager, Information Security Consultant or IT Security Consultant. The specific pathways to these three roles are discussed in more detail below.
2.1 Information Security Manager
Figure 11 – Chart displaying job history leading to a role as an Information Security Manager
Information Security
Manager 8% Information Security
Manager 15% Information Security
Manager 26%
Other IT 49% Other IT 44% Other IT 24%
Information Security
Consultant 7% Information Security
Consultant 14% Information Security
Consultant 22%
Information Security
Analyst 4% Information Security
Analyst 4% Information Security
Analyst 6%
Information Security
Officer 3% Information Security
Officer 5% Information Security
Officer 6%
Non-IT 11% Non-IT 6% Non-IT 5%
IT Security Analyst 3% IT Security Analyst 0% IT Security Analyst 2%
IT Security Consultant 5% IT Security Consultant 1% IT Security Consultant 2%
IT Security Manager 5% IT Security Manager 3% IT Security Manager 1%
IT Security Specialist 0% IT Security Specialist 0% IT Security Specialist 1%
Network Security
Consultant 3% Network Security
Consultant 0% Network Security
Consultant 1%
Security Administrator 0% Security Administrator 0% Security Administrator 1%
Security Architect
(variants of: 0% Security Architect
(variants of: 1% Security Architect
(variants of: 1%
Security Auditor 0% Security Auditor 1% Security Auditor 1%
Security Engineer 1% Security Engineer 1% Security Engineer 1%
Application Security
Specialist0% Application Security
Specialist4% Application Security
Specialist0%
IT Security Officer 1% IT Security Officer 1% IT Security Officer 0%
Network Security
Engineer 0% Network Security
Engineer 0% Network Security
Engineer 0%
Information
Security
Manager3rd Previous 2nd Previous 1st Previous
18 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 12 – Chart showing the top three roles at each stage on the path to a role as an Information Security Manager
These figures illustrate that many Information Security Managers begin in other IT roles (49% in their 3rd previous role and 44% in their 2rd previous role). These percentages are greater than all aggregated non-commercial Cyber Security roles, demonstrating that general management skills are more in demand than specialised technical skills.
Figure 13 – Illustrates the most common roles that lead to a role as an Information Security Manager
3rd Previous Role
2nd Previous Role
1st Previous Role
7%14%
22%
49% 44% 24%
8%15%
26%
Information Security Manager
Other IT
Information Security Consultant
Information Security Manager
Manager
Consultant
Other IT
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 19
2.2 Information Security Consultant
Figure 14 - Chart displaying job history leading to a role as an Information Security Consultant
3rd Previous Role 2nd Previous Role 1st Previous RoleInformation Security
Consultant 24%Information Security
Consultant 24%Information Security
Consultant 41%
Other IT38%
Other IT30%
Other IT18%
Information Security
Manager 7%Information Security
Manager 10%Information Security
Manager 11%
IT Security
Consultant 7%IT Security
Consultant 5%IT Security
Consultant 4%
Information Security
Analyst 3%Information Security
Analyst 2%Information Security
Analyst 4%
Security Engineer 4%
Security Engineer 7%
Security Engineer 3%
IT Security Analyst 3%
IT Security Analyst 4%
IT Security Analyst 3%
Non-IT3%
Non-IT5%
Non-IT3%
Information Security
Officer 1%Information Security
Officer 5%Information Security
Officer 3%
IT Security Manager 1%
IT Security Manager 2%
IT Security Manager 3%
Penetration
Tester/Pen Tester 1%Penetration
Tester/Pen Tester 0%Penetration
Tester/Pen Tester 2%
Security
Administrator 0%Security
Administrator 2%Security
Administrator 2%
Network Security
Consultant 3%Network Security
Consultant 0%Network Security
Consultant 1%
Pre-sales Consultant 1%
Pre-sales Consultant 0%
Pre-sales Consultant 1%
Computer/Digital
Forensics 0%Computer/Digital
Forensics 1%Computer/Digital
Forensics 1%
Security Auditor 1%
Security Auditor 2%
Security Auditor 0%
Security Architect
(variants of) 0%Security Architect
(variants of) 1%Security Architect
(variants of) 0%
Network Security
Analyst 3%Network Security
Analyst 0%Network Security
Analyst 0%
Information
Security
Consultant
20 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 15 - Chart showing the top three roles at each stage on the path to a role as an Information Security Consultant
These figures show that many Cyber Security professionals remained as Information Security Consultants throughout the last 10 years of their career. Those who moved into the profession initially came through a general IT route or from an Information Security Manager role. It is interesting to note that the ability to move into this role from other IT roles has considerably reduced in recent years, more so than all aggregated non-commercial Cyber Security roles.
Figure 16 – Illustrating the most common roles that lead to a role as an Information Security Consultant
3rd Previous Role
2nd Previous Role
1st Previous Role
38%30%
18%
24%24%
41%
7% 10% 11%
Information Security Manager
Information Security Consultant
Other IT
Information Security Consultant
Manager
Consultant
Other IT
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 21
2.3 IT Security Consultant
Figure 17 - Chart displaying job history leading to a role as an IT Security Consultant
Other IT44%
Other IT29%
Other IT9%
Non-IT16%
Non-IT10%
Non-IT7%
IT Security Analyst 12%
IT Security Analyst 8%
IT Security Analyst 7%
IT Security
Consultant 8%IT Security
Consultant 14%IT Security
Consultant 17%
Information Security
Consultant 8%Information Security
Consultant 5%Information Security
Consultant 4%
Security Engineer 4%
Security Engineer 5%
Security Engineer 11%
Network Security
Consultant 4%Network Security
Consultant 3%Network Security
Consultant 9%
Penetration
Tester/Pen Tester 4%Penetration
Tester/Pen Tester 0%Penetration
Tester/Pen Tester 7%
Security
Administrator 0%Security
Administrator 5%Security
Administrator 2%
IT Security Manager 0%
IT Security Manager 3%
IT Security Manager 9%
IT Security Officer 0%
IT Security Officer 3%
IT Security Officer 4%
Information Security
Analyst 0%Information Security
Analyst 3%Information Security
Analyst 2%
Network Security
Engineer 0%Network Security
Engineer 3%Network Security
Engineer 2%
Network Security
Analyst 0%Network Security
Analyst 3%Network Security
Analyst 0%
Pre-sales Consultant 0%
Pre-sales Consultant 3%
Pre-sales Consultant 0%
Account Manager
(with security) 0%Account Manager
(with security) 3%Account Manager
(with security) 0%
Information Security
Manager 0%Information Security
Manager 0%Information Security
Manager 4%
Security Architect
(variants of) 0%Security Architect
(variants of) 0%Security Architect
(variants of) 2%
Security Auditor 0%
Security Auditor 0%
Security Auditor 2%
PCI Consultant
(variants of)/QSA 0%PCI Consultant
(variants of)/QSA 0%PCI Consultant
(variants of)/QSA 2%
IT Security
Consultant 3rd Previous Role 2nd Previous Role 1st Previous Role
22 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 18 - Chart showing the top four roles at each stage on the path to a role as an IT Security Consultant
The most common path to a role as IT Security Consultant is through general IT roles or through other industries. Another common path is via a role as an IT Security Analyst.
Figure 19 – Chart showing the main three roles that lead to the position of IT Security Consultant
3rd Previous Role
2nd Previous Role
1st Previous Role
44%29%
9%
16%
10%
7%
12%
8%
7%
8%14%
17%
IT Security Consultant
IT Security Analyst
Non-IT
Other IT
IT SECURITY CONSULTANT
Other IT
Non-IT
IT Security Analyst
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 23
2.4 Account Manager
Section 1 discussed the general pathways to commercial/sales roles within Cyber Security. The most common routes were through other industries, general IT and via a role as an Account Manager. Many of those who came up through other industries or general IT were in sales roles. Relatively few have come from non-commercial security roles.
The pathways into a role as an Account Manager in Cyber Security are explained further below.
Figure 20 – Chart displaying job history leading to a role as an Account Manager within Cyber Security
The figures suggest that the predominant route into an Account Manager role within Cyber Security is via Other IT roles. The general IT roles that Account Managers come from tend to be within sales, as did the non-IT roles. Within Cyber Security, many progressed into the Account Manager role from the same role or from a Sales Executive position.
Other IT45%
Other IT43%
Other IT37%
Non-IT31%
Non-IT24%
Non-IT16%
Account Manager
(with security) 8%Account Manager
(with security) 15%Account Manager
(with security) 24%
Sales Executive
(with security) 8%Sales Executive
(with security) 7%Sales Executive
(with security) 11%
Business
Development 2%Business
Development 5%Business
Development 7%
Sales Manager (with
security) 2%Sales Manager (with
security) 4%Sales Manager (with
security) 2%
Security Engineer 1%
Security Engineer 0%
Security Engineer 0%
Technical Account
Manager 1%Technical Account
Manager 1%Technical Account
Manager 1%
Network Security
Analyst 1%Network Security
Analyst 0%Network Security
Analyst 0%
Sales Engineer 1%
Sales Engineer 0%
Sales Engineer 0%
Pre-sales Consultant 0%
Pre-sales Consultant 1%
Pre-sales Consultant 2%
Account
Manager3rd Previous 2nd Previous 1st Previous
24 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 21 – Displaying the most common four roles in the job history of Cyber Security Account Managers
This figure illustrates that there has been an increased demand from the Cyber Security industry in recent times to hire more specialised Cyber Security experienced Account Managers.
Figure 22 – Displaying the most popular roles at each stage in the pathway to an Account Manager position in Cyber Security
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
3rd Previous 2nd Previous 1st Previous
Other IT
Non-IT
Account Manager (with security)
Sales Executive (with security)
3rd Previous
•Other IT
•Non-IT
•Account Manager
•Sales Executive
2nd Previous
•Other IT
•Non-IT
•Account Manager
•Sales Executive
1st Previous
•Other IT
•Account Manager
•Non-IT
•Sales Executive
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 25
2.5 Pathways to Other Roles
The charts below show the top three roles at each stage in the path towards 23 other roles.
Figure 23 - Non-Commercial Roles
Current Role
Other IT Other IT Other IT
Non-IT Non-IT Information Security Analyst Information Security Analyst
Information Security Analyst Information Security Analyst Information Security Consultant
Other IT Other IT Other IT
Information Security Manager Information Security Officer Information Security Manager Information Security Officer
IT Security Analyst Information Security Consultant Information Security Analyst
Other IT Other IT Other IT
Non-IT Non-IT IT Security Analyst IT Security Analyst
IT Security Analyst IT Security Analyst IT Security Consultant
Other IT Other IT Other IT
IT Security Manager Security Architect IT Security Analyst IT Security Officer
Non-IT Non-IT IT Security Manager
Other IT Other IT IT Security Manager
IT Security Analyst IT Security Manager Other IT IT Security Manager
IT Security Consultant IT Security Analyst
Other IT Other IT Other IT
IT Security Analyst Network Security Analyst Network Security Engineer Network Security Analyst
Network Security Engineer IT Security Analyst Network Security Consultant
Other IT Other IT Other IT
Network Security Consultant Network Security Consultant Network Security Consultant Network Security Consultant
IT Security Consultant IT Security Analyst Network Security Engineer
Other IT Other IT Other IT
Network Security Engineer Network Security Engineer Network Security Engineer Network Security Engineer
Security Engineer IT Security Analyst Network Security Analyst
Other IT Other IT Other IT
Non-IT IT Security Analyst Security Engineer Security Engineer
Security Engineer Network Security Engineer IT Security Consultant
Other IT Other IT Other IT
Non-IT Security Administrator Security Administrator Security Administrator
Security Administrator Non-IT IT Security Analyst
Other IT Other IT Security Architect
Security Architect Security Architect q Information Security Consultant Security Architect
IT Security Consultant IT Security Consultant IT Security Consultant
Other IT Other IT Security Auditor
Security Auditor Security Auditor Information Security Manager Security Auditor
Information Security Analyst Information Security Analyst IT Security Officer
Other IT Other IT PCI Consultant
Information Security Manager PCI DSS Consultant Other IT PCI DSS Consultant/ QSA
IT Security Consultant IT Security Consultant Information Security Manager
Other IT Other IT Computer Forensics Specialist
Computer Forensics Specialist Computer Forensics Specialist Non-IT Computer Forensics Specialist
Non-IT Non-IT Other
Other IT Other IT Penetration Tester
Penetration Tester Other IT Other IT Penetration Tester
Computer Forensics Specialist IT Security Analyst Information Security Consultant
Other IT Application/ System Security Security Administrator
Information Security Consultant Information Security Consultant Other IT Application/ System Security
Application/ System Security IT Security Analyst IT Security Consultant
3rd Previous Role 2nd Previous Role 1st Previous role
26 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Figure 24 - Commercial Roles
This section of the report has illustrated that there are many routes and pathways into jobs within Cyber Security. Generally, many professionals come through general IT and even other industries to join the Cyber Security profession.
Current Role
Other IT Other IT Other IT
Sales Engineer Sales Engineer Sales Engineer Sales Engineer
Non-IT Technical Account Manager Pre-Sales Consultant
Other Other IT Pre-Sales Consultant
Sales Engineer Pre-Sales Consultant Other IT Pre-Sales Consultant
Account Manager IT Security Consultant Security Engineer
Other IT Other IT Other IT
IT Security Consultant IT Security Consultant IT Security Consultant Technical Account Manager
Security Engineer Security Engineer Security Engineer
Other IT Other IT Other IT
Non-IT Non-IT Non-IT
Account Manager Business Development Manager Account Manager
Non-IT Non-IT Other IT
Other IT Other IT Sales Executive Sales Executive
Account Manager Account Manager Non-IT
Other IT Other IT Other IT
Account Manager Account Manager Sales Manager Sales Manager
Non-IT Non-IT Account Manager
Other IT Other IT Sales Director
Sales Manager Sales Manager Other IT Sales Director
Sales Director Sales Director Sales Manager
Business Development
Manager
3rd Previous Role 2nd Previous Role 1st Previous role
Section 3 – Qualifications and Degrees by Job Role
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 27
Section 3 – Qualifica tions and Degrees by Job Role
3.1 Qualifications
Table 4 – Table showing professional qualifications per job role
Role
MSc
Infosec MBA CISSP CISA CISM QSA CLAS GIAC CEH CREST CHECK Tiger LPT CCNA
ISO27001
Lead
Auditor
Comp TIA
Security+
Information Security Analyst 12% 4% 48% 19% 12% 1% 1% 7% 10% 0% 0% 0% 0% 25% 6% 10%
Information Security Manager 11% 7% 64% 19% 33% 4% 5% 5% 7% 0% 0% 1% 1% 17% 13% 5%
Information Security Consultant 14% 7% 62% 24% 18% 10% 7% 5% 13% 0% 3% 0% 1% 26% 17% 5%
Information Security Officer 11% 3% 55% 24% 31% 5% 3% 3% 9% 0% 0% 0% 1% 23% 8% 3%
IT Security Analyst 11% 2% 42% 17% 6% 0% 4% 4% 17% 4% 0% 0% 2% 30% 0% 6%
IT Security Manager 12% 2% 73% 16% 35% 4% 0% 4% 8% 0% 0% 0% 0% 35% 8% 0%
IT Security Consultant 4% 0% 73% 24% 16% 10% 6% 12% 35% 2% 2% 4% 0% 35% 4% 4%
IT Security Officer 0% 8% 50% 4% 17% 4% 8% 0% 8% 0% 0% 0% 0% 17% 8% 0%
Network Security Engineer 0% 3% 15% 0% 0% 0% 3% 3% 13% 5% 0% 0% 0% 74% 0% 8%
Network Security Consultant 13% 0% 40% 0% 7% 0% 0% 0% 27% 7% 0% 7% 0% 67% 7% 0%
Network Security Analyst 6% 0% 44% 0% 6% 6% 0% 11% 6% 0% 0% 0% 0% 72% 0% 6%
Security Engineer 6% 5% 56% 6% 4% 2% 2% 6% 20% 0% 0% 1% 2% 70% 2% 4%
Security Administrator 4% 0% 18% 4% 2% 0% 0% 2% 4% 4% 0% 0% 0% 24% 0% 4%
CISO6% 17% 89% 33% 22% 11% 22% 11% 6% 0% 0% 0% 0% 17% 17% 6%
Security Architect7% 5% 74% 10% 12% 6% 22% 4% 15% 0% 2% 1% 0% 21% 10% 4%
Security Auditor 0% 0% 71% 86% 0% 7% 7% 7% 36% 0% 0% 0% 0% 36% 14% 7%
QSA Consultants 10% 0% 41% 15% 20% 46% 0% 5% 5% 2% 0% 0% 0% 17% 7% 0%
Computer Forensics Investigator14% 0% 23% 9% 0% 14% 3% 3% 3% 0% 0% 3% 0% 14% 0% 3%
Penetration Tester/Pen Tester10% 3% 50% 3% 3% 3% 3% 10% 43% 18% 33% 3% 5% 33% 3% 5%
Application Security Specialist0% 0% 50% 5% 14% 5% 0% 14% 9% 9% 5% 0% 0% 18% 5% 0%
Sales Engineer 0% 2% 18% 2% 2% 0% 0% 2% 4% 0% 0% 0% 0% 24% 0% 4%
Pre-sales Consultant 0% 2% 16% 2% 0% 0% 2% 0% 2% 0% 0% 0% 0% 20% 0% 0%
Technical Account Manager 0% 0% 25% 3% 3% 0% 3% 0% 9% 0% 6% 0% 0% 13% 3% 6%
Account Manager 0% 4% 2% 1% 0% 0% 0% 0% 0% 0% 0% 0% 0% 3% 0% 0%
Business Development Manager0% 10% 0% 1% 0% 4% 1% 0% 1% 1% 0% 0% 0% 4% 0% 0%
Sales Executive 0% 5% 0% 0% 0% 0% 0% 0% 0% 2% 0% 0% 0% 2% 0% 0%
Sales Manager 0% 4% 5% 1% 0% 0% 1% 1% 1% 1% 0% 0% 0% 3% 0% 0%
Sales Director 2% 11% 2% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 2% 0% 0%
Qualifications
28 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
The above table highlights qualifications in order of popularity for each job role. CISSP is, as discussed in Section 1, the most common qualification overall and for most of the non-commercial roles. CCNA is also prevalent, more so in highly technical roles such as Security Engineer.
Often, particular qualifications are more common in one role, such as CEH for Penetration Testers and Security Analysts. This is due to the fact that certain qualifications are focused towards a particular set
of specialised skills that are required only in certain positions. Of the two post-graduate qualifications analysed, the MBA is most popular throughout the more commercial roles towards the bottom of the table. The MSc Information Security is more popular in non-commercial roles.
It is worthy of note that, recently, CESG (Communications Electronics Security Group – the National Technical Authority for Information Assurance) has produced a certification scheme for professionals working in HMG Information Assurance. As these certifications are relatively new they have not been included in this analysis. However the more generalised CLAS credential is included.
Figure 25 – Chart highlighting the distribution of CISSP certified professionals across all non-commercial job roles
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 29
Figure 26 – Chart comparing qualifications of four Cyber Security roles: Information Security Manager, Information Security Consultant and their IT security equivalents
0%
10%
20%
30%
40%
50%
60%
70%
80%
Information Security Manager
IT Security Manager
Information Security Consultant
IT Security Consultant
30 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
3.2 Degrees
Table 5 – Table of degree types across all job roles
In total across all roles, almost 50% of Cyber Security professionals have an undergraduate degree. In some cases, a higher proportion of those in more junior roles have a degree compared to their more senior counterparts, for example 65% of Information Security Analysts have a degree compared to 47% of Information Security Managers. Some sectors of the Cyber Security industry equally value professionals with senior military backgrounds and experience who may not be degree educated. This reflects the emphasis for managers with organisational, process and communication skills.
Another consideration in these figures is that that those entering the profession more recently tend to be graduates.
Some of the more specialised roles, such as Forensics Analyst and Application Security Specialist require more specific knowledge and skills that often can only be acquired via degree studies, which may explain why a higher proportion of professionals in roles such as these have a degree.
Role IT Technical Other No DegreeInformation Security Analyst 32% 14% 19% 35%Information Security Manager 19% 16% 12% 53%Information Security Consultant 28% 17% 9% 46%Information Security Officer 36% 14% 12% 38%IT Security Analyst 21% 13% 11% 55%IT Security Manager 20% 16% 10% 54%IT Security Consultant 33% 16% 12% 39%IT Security Officer 17% 25% 4% 54%Network Security Engineer 31% 26% 3% 40%Network Security Consultant 33% 27% 0% 40%Network Security Analyst 17% 22% 17% 44%Security Engineer 44% 9% 9% 38%Security Administrator 29% 7% 11% 53%CISO/Head of Information Security 45% 11% 0% 44%Security Architect (variants of) 23% 14% 10% 53%Security Auditor 43% 7% 0% 50%PCI Consultant (variants of)/QSA Consultants 17% 15% 12% 56%Forensics Analyst/Investigator (variants of) 40% 11% 20% 29%Penetration Tester/Pen Tester 44% 5% 8% 43%Application Security Specialist (variants of) 45% 5% 18% 32%Sales Engineer 25% 8% 10% 57%Pre-sales Consultant 22% 27% 12% 39%Technical Account Manager 22% 0% 16% 62%Account Manager (with security) 9% 4% 24% 63%Business Development Manager (with security) 7% 10% 15% 68%Sales Executive (with security) 16% 4% 25% 55%Sales Manager (with security) 8% 7% 26% 59%Sales Director (with security) 4% 5% 23% 68%Total 22% 11% 15% 52%
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 31
Perhaps unsurprisingly, of those who have a degree, the most common category is IT. However, these figures show that many professionals enter the industry having studied other disciplines. Graduates with a degree in a non-IT and non-technical subject tend to have more commercial roles that require less specific knowledge.
Figure 27 – Pie chart showing split of degree types across all roles
Figure 28 – Displaying the degree categories of the four roles with the highest proportion of graduates
IT22%
Technical11%
Other15%
No Degree52%
0%
10%
20%
30%
40%
50%
ITTechnical Other
No Degree
Information Security Analyst
Information Security Officer
Forensics Analyst/Investigator (variants of)
Application Security Specialist (variants of)
32 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Section 4 – Demographic Profiles by Job Role
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 33
Section 4 – Demographic Profi les by Job Role
4.1 Location
Table 6 – Location data across all job roles
The data clearly shows that the vast majority of Cyber Security professionals live in the South East, though there is a wide geographical distribution across many of the above roles. The roles that are the most dispersed throughout the UK are Network Security Consultant and QSA Consultant. Many professionals in consultancy roles work from home and so may be based elsewhere in the country whilst their employer is located in the South East.
Job Title NW NE SW SE Mids Scot Wales N. Ire
Information Security Analyst 0% 6% 0% 81% 13% 0% 0% 0%
Information Security Manager 0% 12% 4% 60% 16% 0% 8% 0%
Information Security Consultant 9% 0% 23% 50% 18% 0% 0% 0%
Information Security Officer 6% 29% 0% 53% 6% 0% 6% 0%
IT Security Analyst 8% 17% 8% 67% 0% 0% 0% 0%
IT Security Manager 8% 0% 0% 59% 25% 0% 8% 0%
IT Security Consultant 0% 0% 8% 59% 25% 8% 0% 0%
IT Security Officer 4% 0% 8% 43% 29% 4% 8% 4%
Network Security Engineer 8% 13% 4% 62% 13% 0% 0% 0%
Network Security Consultant 0% 14% 0% 79% 7% 0% 0% 0%
Network Security Analyst 0% 11% 0% 77% 6% 6% 0% 0%
Security Engineer 11% 0% 26% 53% 5% 5% 0% 0%
Security Administrator 0% 15% 0% 85% 0% 0% 0% 0%
CISO 6% 17% 6% 71% 0% 0% 0% 0%
Security Architect 4% 8% 15% 53% 12% 8% 0% 0%
Security Auditor 36% 7% 7% 29% 21% 0% 0% 0%
QSA Consultants 8% 16% 4% 40% 24% 8% 0% 0%
Computer Forensics Investigator 10% 0% 5% 50% 20% 0% 15% 0%
Penetration Tester/Pen Tester 13% 0% 4% 54% 25% 0% 0% 4%
Application Security Specialist 0% 0% 14% 72% 5% 0% 9% 0%
Sales Engineer 0% 17% 8% 50% 25% 0% 0% 0%
Pre-sales Consultant 4% 16% 8% 72% 0% 0% 0% 0%
Technical Account Manager 0% 0% 10% 90% 0% 0% 0% 0%
Account Manager 7% 11% 6% 63% 13% 0% 0% 0%
Business Development Manager 16% 16% 8% 48% 4% 4% 4% 0%
Sales Executive 8% 23% 0% 54% 15% 0% 0% 0%
Sales Manager 10% 10% 3% 74% 0% 0% 3% 0%
Sales Director 0% 0% 8% 77% 15% 0% 0% 0%
Region
34 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
4.2 Age Distribution
Table 7 – Age distribution data across all roles
Age distribution clearly varies throughout the roles listed and encouragingly, the age profile of Cyber Security professionals appears to be quite wide. There is a comparatively younger age profile in Cyber Security consultancy positions, perhaps due to the lifestyle and amount of travel generally involved with these roles together with knowledge of new leading-edge Cyber Security technologies.
Job Title 20-29 30-39 40-49 50+ No Data
Information Security Analyst 13% 25% 0% 0% 62%
Information Security Manager 0% 20% 28% 8% 44%
Information Security Consultant 0% 41% 5% 5% 49%
Information Security Officer 0% 24% 41% 6% 29%
IT Security Analyst 0% 33% 25% 8% 34%
IT Security Manager 0% 8% 42% 8% 42%
IT Security Consultant 8% 42% 8% 8% 34%
IT Security Officer 0% 17% 29% 21% 33%
Network Security Engineer 13% 63% 13% 0% 11%
Network Security Consultant 0% 21% 7% 0% 72%
Network Security Analyst 6% 28% 11% 11% 44%
Security Engineer 5% 32% 16% 5% 42%
Security Administrator 31% 8% 15% 0% 46%
CISO 6% 22% 6% 6% 60%
Security Architect 0% 42% 19% 12% 27%
Security Auditor 7% 21% 7% 14% 51%
QSA Consultants 4% 24% 56% 16% 0%
Computer Forensics Investigator 30% 45% 10% 15% 0%
Penetration Tester/Pen Tester 17% 42% 37% 4% 0%
Application Security Specialist 14% 27% 23% 5% 31%
Sales Engineer 8% 42% 33% 8% 9%
Pre-sales Consultant 8% 24% 16% 8% 44%
Technical Account Manager 10% 52% 24% 5% 9%
Account Manager 6% 50% 19% 13% 12%
Business Development Manager 4% 16% 40% 20% 20%
Sales Executive 15% 23% 15% 8% 39%
Sales Manager 10% 19% 35% 6% 30%
Sales Director 0% 31% 15% 38% 16%
Age
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 35
4.3 Gender
Table 8 – Gender profiles across all job roles
It is apparent from this data that the gender profile across all of the job roles is predominantly male. The proportion of females is generally higher in less technical roles such as Security Administrators and Sales Executives.
Job Title M F No data
Information Security Analyst 68% 19% 13%
Information Security Manager 76% 20% 4%
Information Security Consultant 95% 0% 5%
Information Security Officer 82% 18% 0%
IT Security Analyst 92% 8% 0%
IT Security Manager 75% 17% 8%
IT Security Consultant 92% 8% 0%
IT Security Officer 83% 13% 4%
Network Security Engineer 96% 0% 4%
Network Security Consultant 79% 0% 21%
Network Security Analyst 94% 0% 6%
Security Engineer 95% 5% 0%
Security Administrator 77% 23% 0%
CISO 88% 6% 6%
Security Architect 88% 12% 0%
Security Auditor 72% 21% 7%
QSA Consultants 92% 8% 0%
Computer Forensics Investigator 80% 20% 0%
Penetration Tester/Pen Tester 96% 4% 0%
Application Security Specialist 86% 9% 5%
Sales Engineer 92% 8% 0%
Pre-sales Consultant 80% 20% 0%
Technical Account Manager 95% 5% 0%
Account Manager 74% 24% 2%
Business Development Manager 84% 16% 0%
Sales Executive 69% 31% 0%
Sales Manager 71% 29% 0%
Sales Director 92% 8% 0%
Gender
36 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Summary of Key Findings
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 37
Summary of Key Findings
Summary of Section 1 – Overview
In this section, aggregated data across all roles within the non-commercial and commercial categories was assessed.
The trends highlighted include:
Historically the most common pathways into non-commercial Cyber Security roles were via general IT roles or via other industries. As the overall body of professionals within Cyber Security has grown, this percentage has significantly reduced and these roles are now being filled by experienced professionals who are progressing and moving roles within the profession.
From within Cyber Security, the most common specialised pathways were via roles as IT Security Consultant, Information Security Consultant or Information Security Manager. The pathways to these roles were analysed in more detail in Section 2.
The most common pathways into commercial/sales roles within Cyber Security are via non-IT and general IT sales roles. The pathway to a role as an Account Manager was discussed further in Section 2.
Overall, CISSP is the most common professional certification.
Around half of Cyber Security professionals have an undergraduate degree, with more of these being in non-commercial roles than commercial positions. The most common degree type was IT.
Summary of Section 2 – Pathways to Target Job Roles
In this section, the pathways to the most common specialised specific job roles were analysed: Information Security Manager, Information Security Consultant, IT Security Consultant and Account Manager.
Information Security Manager
The analysis showed that many Information Security Managers come from general IT and Information Security Consultant roles.
Information Security Consultant
The figures showed that many of those in this role have held the same position for their last three roles also. Those entering from other roles generally came from general IT or an Information Security Manager position.
IT Security Consultant
Many professionals appeared to move into this role from general IT. Those who came from within the Cyber Security profession were mostly from an IT Security Analyst role.
Account Manager
The data suggested that many professionals in this role come from a general IT background or other industries, and within Cyber Security they had held the Account Manager role previously or progressed from a Sales Executive position. The general IT and non-IT roles these professionals came from were generally within sales.
38 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013
Summary of Section 3 – Qualifications and Degrees by Job Role
Qualifications
CISSP is the most common professional qualification, covering a broad range of disciplines across information security. More specialised roles require more specific qualifications. Specialised Cyber Security qualifications feature highly in the non-commercial roles and are becoming increasingly focused on specific subject areas.
Degrees
The figures demonstrate that undergraduate degrees may be more important in some job roles than others. Those in highly technical or very specialist roles more commonly had a degree, most likely due to the specific knowledge required for these roles, which could only be gained through academic study.
Significant numbers of professionals without degrees have moved into management roles, where experience and a proven track record is the primary consideration over academics.
Summary of Section 4 - Demographic Profiles by Job Role
Location
With just a few exceptions, the majority of professionals in all of the job roles were located in the South East. Certain positions, such as consultancy roles, tend to be home-based and therefore have a wider geographical distribution.
Age
The age profile across most roles was widespread and did not tend to follow the trend of younger people in more “junior” roles and older people in management positions.
Compared to other industries, there is a comparatively younger age profile in Cyber Security consultancy positions. This is perhaps due to the lifestyle and amount of travel generally involved with these roles together with knowledge of new leading-edge Cyber Security technologies.
Gender
The gender profile was shown to be predominantly male across all job roles. The roles with a higher proportion of female professionals were less technical positions such as Analyst, Officer, Manager and Security Administrator roles. Commercial roles also generally had a higher proportion of female professionals.
© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 39
About Alderbridge Providing professional recruitment services to the Cyber Security industry since 1997, Alderbridge has
worked with over 35,000 professionals across the UK and Europe, in Cyber Security and closely related sectors. Alderbridge has supplied Cyber Security professionals to a wide range of prestigious organisations across the UK and Europe. Alderbridge team members are also practitioners in this field and lead industry bodies globally on information systems security. For more information on Alderbridge please contact: 01423 321900 recruitment@alderbridge.com www.alderbridge.com
Alderbridge Specialists in Info Security
e-skills UK, the Sector Skills Council responsible for: Business and Information Technology, including Software, Internet & Web, Computer Games, IT Services, Telecommunications and Business Change.
© 2000-2013 Reserved, e-skills UK
All rights reserved. No part of this material protected by this copyright may be reproduced or utilised in any form, or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without prior authorisation and credit to e-skills UK.
An e-skills UK publication
For further information please contact:
e-skills UK 1 Castle Lane London SW1E 6DR UK
Tel: 020 7963 8920
info@e-skills.com
www.e-skills.com