specialist recruitment knowledge for e- learning pathways ... · pdf filee-skills uk is the...

Alderbridge Specialists in Info Security

Specialist Recruitment Knowledge for e-skills UK’s Cyber Security

Learning Pathways Programme

Career Analysis into Cyber Security:

New & Evolving Occupations

© Copyright e-skills UK Sector Skills Council Ltd 2000-2013

© 2013 Reserved, e-skills UK

All rights reserved. No part of this material protected by this copyright may be reproduced or utilised in any form, or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without prior authorisation and credit to e-skills UK.

An e-skills UK publication, supported by Alderbridge Consulting Ltd.

For further information please contact:

e-skills UK 1 Castle Lane London SW1E 6DR Tel: 020 7963 8920 Fax: 020 7592 9138 [email protected]

www.e-skills.com

The National Skills Academy for IT 1 Castle Lane London SW1E 6DR Tel: 020 7963 0420 [email protected]

www.itskillsacademy.ac.uk

Proprietor: e-skills UK Sector Skills Council Ltd

Registered in England no. 4019051

The National Skills Academy for IT

Registered in England no. 7223753

Registered office: Victoria House, 39 Winchester Street, Basingstoke, Hampshire RG21 7EQ

The National Skills Academy for IT is wholly owned by e-skills UK

e-skills UK is the Sector Skills Council for Business and Information Technology; an employer–led organisation rated as ‘outstanding’ in the re-licensing of the Sector Skills Councils. e-skills UK’s mission is to ensure the UK has the technology skills it needs to compete in the global economy, working on behalf of employers to develop the software, internet, computer gaming, IT services and business change expertise necessary to thrive.

Focused on making the biggest contribution to enterprise, jobs and

growth across the economy, e-skills UK’s three strategic objectives are to:

inspire future talent,

support IT professionals,

increase digital capability.

Delivery on these strategic objectives is underpinned by employer engagement across the sector, authoritative research, a continually developing sector qualifications and learning strategy and effective strategic partnerships.

mailto:[email protected]

http://www.e-skills.com/

mailto:[email protected]

http://www.itskillsacademy.ac.uk/

Contents


Executive Summary ............................................................................................................................... 1

Summary of Findings................................................................................................................................. 1

Introduction ........................................................................................................................................... 3

Scope ......................................................................................................................................................... 3

Scope Limitations ...................................................................................................................................... 4

Section 1 – Overview ............................................................................................................................. 5

1.1 Pathways to Target Job Roles ............................................................................................................. 5

1.2 Non-Commercial roles ......................................................................................................................... 6

1.3 Commercial roles ................................................................................................................................ 8

1.4 Qualifications ...................................................................................................................................... 9

1.5 Demographic Profiles ........................................................................................................................ 13

Section 2 – Pathways to Target Job Roles ............................................................................................ 17

2.1 Information Security Manager .......................................................................................................... 17

2.2 Information Security Consultant ....................................................................................................... 19

2.3 IT Security Consultant ....................................................................................................................... 21

2.4 Account Manager.............................................................................................................................. 23

2.5 Pathways to Other Roles ................................................................................................................... 25

Section 3 – Qualifications and Degrees by Job Role ............................................................................. 27

3.1 Qualifications .................................................................................................................................... 27

3.2 Degrees ............................................................................................................................................. 30

Section 4 – Demographic Profiles by Job Role ...................................................................................... 33

4.1 Location ............................................................................................................................................. 33

4.2 Age Distribution ................................................................................................................................ 34

4.3 Gender............................................................................................................................................... 35

Summary of Key Findings ..................................................................................................................... 37

Summary of Section 1 – Overview........................................................................................................... 37

Summary of Section 2 – Pathways to Target Job Roles .......................................................................... 37

Summary of Section 3 – Qualifications and Degrees by Job Role ........................................................... 38

Summary of Section 4 - Demographic Profiles by Job Role ..................................................................... 38

Executive Summary

© Copyright e-skills UK Sector Skills Council Ltd 2000-2013 1

Executive Summary

e-skills UK engaged Alderbridge Consulting Ltd, specialists in Information Security recruitment and consultancy, to undertake an analysis of their intelligence covering the current recruitment landscape within Cyber Security. This analysis contributed to the e-skills UK’s Cyber Security Learning Pathways Programme. This report documents the output of this analysis and seeks to draw conclusions surrounding the demographic and academic profile of the UK Cyber Security sector, as well as highlighting potential educational and professional pathways to target job roles.

The analysis, data and results are presented in this document within the following key reporting areas for Cyber Security in the UK:

Age profiles Gender profiles Geographic profiles Job Title progressions Qualifications - learning & training pathways Pathways to target Job Title by Education, Qualifications & Experience

Data is presented in tables, charts and graphical representations together with Alderbridge’s summary analysis.

Summary of Findings

The most common pathway to non-commercial Cyber Security roles has been via other roles within IT. 46% of all professionals currently in non-commercial Cyber Security entered the profession in this way from their 3rd previous role of their career history.

As the overall body of professionals has grown, data collected over a period of 10 years suggests that now only 28% can enter the profession from a more general role in IT and 4% from a role outside of IT. Current non-commercial Cyber Security roles are being filled by seasoned and highly qualified professionals who are progressing within this relatively new profession.

The most popular specialised routes within the profession are as an Information Security Consultant, IT Security Consultant and Information Security Manager.

The two most common pathways into commercial/sales roles within Cyber Security are via non-IT or general IT sales roles. 42% of professionals currently in Cyber Security sales began in more general IT roles and 21% started out in other industries.

Overall, CISSP (Certified Information Systems Security Professional) is the most common professional certification, held by 54% of those in non-commercial roles. Around half of Cyber Security professionals have an undergraduate degree, with more of these being in non-commercial roles than commercial positions. The most common degree type is IT.

The majority (over 60%) of Cyber Security professionals across all job roles are located in the South East. The age profile across most roles was widespread, though for commercial roles it was slightly younger than for non-commercial roles. The gender profile was shown to be predominantly male across all job roles with a slightly higher proportion of females in the commercial roles compared to the other positions (19% compared to 10%).

2 © Copyright e-skills UK Sector Skills Council Ltd 2000-2013

Introduction


Introduction

On completion of Cyber Security recruitment data analysis conducted for e-skills UK, Alderbridge Consulting Ltd (“Alderbridge”) is pleased to present the findings in this report, which draws conclusions surrounding the demographic and academic profile of the UK Cyber Security sector, and to highlight potential educational and professional pathways to target job roles.

Scope

The scope of the work was to analyse Alderbridge’s Cyber Security recruitment industry knowledge to produce data in three main areas:-

Pathways to target job roles

Professional qualifications

Demographic information:

o Geographic profiles

o Age profiles

o Gender profiles

CYBER SECURITY

ROLE

Role History

EducationQualifications

Demographics


The analysis focused on the following 28 target job roles within Cyber Security:-

Information Security Analyst

Information Security Manager

Information Security Consultant

Information Security Officer

IT Security Analyst

IT Security Manager

IT Security Consultant

IT Security Officer

Network Security Engineer

Network Security Consultant

Network Security Analyst

Security Engineer

Security Administrator

CISO/Chief Information Security Officer/Head of Information Security

Security Architect (variants of)

Security Auditor

PCI Consultant/QSA Consultants

Computer/Digital Forensics Analyst/Investigator (variants of)

Penetration Tester/Pen Tester

Application Security Specialist (variants of)

Sales Engineer

Pre-sales Consultant

Technical Account Manager

Account Manager (with security)

Business Development Manager (with security)

Sales Executive (with security)

Sales Manager (with security)

Sales Director (with security)

Scope Limitations

The geographical scope of the analysis was across the whole of the UK. In order to present current information, only data produced from 1st January 2007 onwards was used in all analysis except pathways to target job roles, for which data from 1st January 2002 onwards was used when analysing previous roles. This amounted to 1750 data samples. Across these data samples, not all categories of data were available for analysis in some reports.

•Age

•Location

•GenderDemographics

•Higher Education Information

•Qualifications - Current and Historic

Education

Qualifications

•Job Title - Current

•Job Title - Historic

•Pathways to specific target jobsJob History

Cyber Security

Role

Section 1 – Overview


Section 1 – Overv iew

1.1 Pathways to Target Job Roles

The target job roles can be categorised into two main areas:

Non-commercial roles





IT Security Analyst

IT Security Manager


IT Security Officer

Network Security Engineer

Network Security Consultant

Network Security Analyst

Security Engineer

Security Administrator

CISO/Chief Information Security Officer/Head of Information Security

Security Architect (variants of)

Security Auditor

PCI Consultant/QSA Consultants

Computer/Digital Forensics Analyst/Investigator (variants of)

Penetration Tester/Pen Tester


Commercial (sales roles)

Sales Engineer

Pre-sales Consultant

Technical Account Manager


Business Development Manager (with security)


Sales Manager (with security)

Sales Director (with security)

The pathways to roles were determined by analysing the job history of Cyber Security Professionals whose current job titles are in the above list. The last three roles prior to the current role were noted to build up a picture of the most common pathways to roles within Cyber Security. Two additional occupations – “Other IT” and “Non-IT” were also added to account for roles outside of the Cyber Security industry. The next section discusses the aggregated pathways across all roles within the non-commercial and commercial categories.


1.2 Non-Commercial Roles

As can be seen from Figure 1, 46% of all professionals currently in non-commercial Cyber Security entered the profession in their 3rd previous role from other general roles in IT. This figure reduces to 39% across all 2nd previous roles.

Figure 1 – Aggregated pathways across all Non-Commercial roles

As the overall body of professionals has grown, this data illustrates that now only 28% can enter the profession from a more general role in IT and 4% from a role outside of IT. Current non-commercial Cyber Security roles are being filled by experienced professionals who are progressing and moving roles within the profession.

Other IT46%

Other IT39%

Other IT28%

Information Security

Consultant 7%Information Security


Consultant 13%IT Security Consultant

6%IT Security Consultant

5%IT Security Consultant

7%Information Security

Manager 5%Information Security


Manager 6%IT Security Analyst

4%IT Security Analyst

6%IT Security Analyst

5%Non-IT

9%Non-IT

8%Non-IT

4%Security Architect

(variants of: 3%Security Architect

(variants of: 4%Security Architect

(variants of: 4%Security Engineer

3%Security Engineer

3%Security Engineer

4%Information Security

Analyst 3%Information Security


Analyst 4%Network Security

Engineer 2%Network Security


Engineer 3%IT Security Manager

2%IT Security Manager

3%IT Security Manager

3%Penetration Tester/Pen

Tester 1%Penetration Tester/Pen

Tester 1%Penetration Tester/Pen

Tester 3%Information Security

Officer 1%Information Security


Officer 3%Network Security

Consultant 1%Network Security


Consultant 2%Computer/Digital

Forensics 1%Computer/Digital


Forensics 2%Security Administrator

1%Security Administrator

3%Security Administrator

2%CISO/Head of

Information Security 1%CISO/Head of

Information Security 1%CISO/Head of

Information Security 2%Network Security



Analyst 2%Security Auditor

1%Security Auditor

2%Security Auditor

1%PCI Consultant (variants

of)/QSA Consultants 1%PCI Consultant (variants

of)/QSA Consultants 1%PCI Consultant (variants

of)/QSA Consultants 1%IT Security Officer

0%IT Security Officer

1%IT Security Officer

1%Application / Systems

Security Specialist 1%Application / Systems

Security Specialist 1%Application / Systems

Security Specialist 0%

01 January 2002 20 August 2012

3rd Previous Role 2nd Previous Role 1st Previous Role


Figure 2 – Chart illustrating the split of the top three categories of roles that lead to a non-commercial role in Cyber Security, displayed in 3rd previous, 2nd previous and 1st previous (most recent) position

The most popular specialised routes are as an Information Security Consultant, IT Security Consultant and Information Security Manager. The pathways to these roles are explained in more detail in section 2 of this report.

3rd Previous Role

2nd Previous Role

1st Previous Role

46%39%

28%

9%8%

4%

45%53%

68%

Specialist within Cyber Security

Non-IT

Other IT


1.3 Commercial Roles

The two most common pathways into commercial/sales roles within Cyber Security are via non-IT or general IT sales roles. 42% of professionals currently in Cyber Security Sales began in more general IT roles and 21% started out in other industries. Many commercial Cyber Security professionals progress through Account Management into their current roles. The pathway to an Account Manager role is discussed further in Section 2. A relatively small number of professionals progress to commercial roles via technical routes such as Security Engineer and IT Security Consultant.

Figure 3 – Aggregated pathways across all Commercial roles

Other IT42%

Other IT38%

Other IT32%

Non-IT21%

Non-IT18%

Non-IT12%

Account Manager

(with security) 11%Account Manager


(with security) 16%Sales Executive



(with security) 7%Sales Manager



(with security) 7%Business

Development 5%Business


Development 8%Sales Director

(with security) 2%Sales Director

(with security) 3%Sales Director

(with security) 5%Sales Engineer

2%Sales Engineer

1%Sales Engineer

1%Security Engineer

2%Security Engineer

2%Security Engineer

3%Pre-sales

Consultant 1%Pre-sales

Consultant 3%Pre-sales

Consultant 6%Technical Account

Manager 1%Technical Account


Manager 2%IT Security

Consultant 1%IT Security


Consultant 1%Security Architect

(variants of) 0%Security Architect


(variants of) 0%

3rd Previous Role 2nd Previous Role 1st Previous Role

01 January 2002 20 August 2012


Figure 4 - Chart illustrating the split of the categories of roles that lead to a Commercial role in Cyber Security, displayed as 3rd previous, 2nd previous and 1st previous (most recent) position

1.4 Qualifications

Two categories of qualifications were analysed - professional qualifications and degree types. The list of professional qualifications is shown below and mostly relate to the Cyber Security industry specifically. The CCNA certification is a more general IT qualification and is included to complement the above data on pathways. This illustrates that general IT is a common pathway into a Cyber Security role. The MSc Information Security is a specialist post-graduate academic qualification for Cyber Security professionals. The MBA (Masters of Business Administration) may be of more relevance to those in commercial roles. The table below shows the percentage of professionals who have gained particular professional qualifications (NC = non-commercial roles, Com = commercial roles).

3rd Previous Role

2nd Previous Role

1st Previous Role

42% 38% 32%

21%18%

12%

37% 44%56% Within Cyber

Security

Non-IT

Other IT


Table 1 – Overall qualification data with top 10 highlighted for non-commercial roles

It is interesting to note that 54% of non-commercial Cyber Security professionals hold a CISSP certification. The CISSP is a general certification covering a broad range of topics and it is widely accepted as the leading specialist cyber security qualification. The charts below highlight some other areas of interest within this data.

Qualification All NC Com

MSc Infosec 5% 9% 0%

MBA 4% 4% 5%

CISSP 34% 54% 5%

CISA 9% 15% 1%

CISM 9% 15% 0%

QSA 4% 6% 1%

CLAS 4% 6% 1%

GIAC 3% 5% 0%

CEH 9% 14% 1%

CREST 1% 2% 1%

CHECK 1% 2% 0%

Tiger 0% 1% 0%

LPT 0% 1% 0%

CCNA 21% 31% 6%

ISO 27001 LA 4% 7% 0%CompTIA Security+ 3% 4% 1%


Figure 5 – Overall qualifications

Figure 6 – Qualifications breakdown in commercial and non-commercial roles

0%

5%

10%

15%

20%

25%

30%

35%

MSc

In

fose

c

MB

A

CIS

SP

CIS

A

CIS

M

QSA

CLA

S

GIA

C

CEH

CR

EST

CH

ECK

Tige

r

LPT

CC

NA

ISO

27

00

1 L

A

Co

mp

TIA

Se

curi

ty+

0%

10%

20%

30%

40%

50%

60%

MSc

In

fose

c

MB

A

CIS

SP

CIS

A

CIS

M

QSA

CLA

S

GIA

C

CEH

CR

EST

CH

ECK

Tige

r

LPT

CC

NA

ISO

27

00

1 L

A

Co

mp

TIA

Se

curi

ty+

Com

NC


The table below illustrates the percentage of professionals who have an undergraduate degree and the type of degree: IT (including computing and computer science), Technical (including physics, mathematics and engineering) and Other (such as law, geography, social sciences etc).

Almost 50% of Cyber Security professionals possess a degree and a higher proportion of non-commercial professionals have a degree compared to those in commercial roles. Perhaps unsurprisingly,

the most common degree type overall and in non-commercial roles is IT, however many have entered the Cyber Security profession having studied other disciplines.

Table 2 – Degree types overall and by job type

Figure 7 – Comparison of degree types in commercial and non-commercial job roles

IT Technical Other No Degree

Overall 22% 11% 15% 52%

NC 29% 14% 11% 46%

Com 11% 7% 21% 61%

0%

20%

40%

60%

80%

100%

120%

IT Technical Other No Degree

29%14% 11%

46%

11%

7% 21%

61%

Com

NC


1.5 Demographic Profiles

Demographic information was taken from a sample of the entire data. Three types of information were analysed – Region (Geographical), Age and Gender, in order to produce a demographic profile of the Cyber Security profession in general and per specific job role. The following table displays the overall demographic information for the sample as a whole. These figures are broken down by job role in Section 4.

Table 3 – Demographic profile overall for non-commercial and commercial roles

M F No data

Non-Commercial 86% 10% 4%

Commercial 80% 19% 1%

Gender

20-29 30-39 40-49 50+ No Data

Non-Commercial 7% 31% 21% 8% 33%

Commercial 7% 34% 25% 12% 22%

Age

NW NE SW SE Mids Scot Wales N. Ire

Non-Commercial 6% 8% 7% 59% 14% 2% 3% 1%

Commercial 7% 11% 6% 66% 8% 1% 1% 0%

Region


Figure 8 – Chart highlighting the geographical profile of cyber security professionals (for non-commercial roles)

Figure 9 – Chart displaying the age distribution across Cyber Security professionals (for non-commercial roles where age information was available)

0% 10% 20% 30% 40% 50% 60%

NW

NE

SW

SE

Mids

Scot

Wales

N. Ire

0%

5%

10%

15%

20%

25%

30%

35%

20-29 30-39 40-49 50+

7%

31%

21%

8%


Figure 10 – Pie chart displaying the gender profile of Cyber Security professionals (for non-commercial roles)

M

86%

F10%

No data

4%

Section 2 – Pathways to Target Job Roles


Section 2 – Pa thways to Target Job Roles

As discussed in section 1.1, the most common pathways to a target non-commercial cyber security role are via a general IT route and a specialised route. The top three specialised route pathways are via roles as an Information Security Manager, Information Security Consultant or IT Security Consultant. The specific pathways to these three roles are discussed in more detail below.

2.1 Information Security Manager

Figure 11 – Chart displaying job history leading to a role as an Information Security Manager


Manager 8% Information Security

Manager 15% Information Security

Manager 26%

Other IT 49% Other IT 44% Other IT 24%


Consultant 7% Information Security

Consultant 14% Information Security

Consultant 22%


Analyst 4% Information Security

Analyst 4% Information Security

Analyst 6%


Officer 3% Information Security

Officer 5% Information Security

Officer 6%

Non-IT 11% Non-IT 6% Non-IT 5%

IT Security Analyst 3% IT Security Analyst 0% IT Security Analyst 2%

IT Security Consultant 5% IT Security Consultant 1% IT Security Consultant 2%

IT Security Manager 5% IT Security Manager 3% IT Security Manager 1%

IT Security Specialist 0% IT Security Specialist 0% IT Security Specialist 1%

Network Security

Consultant 3% Network Security

Consultant 0% Network Security

Consultant 1%

Security Administrator 0% Security Administrator 0% Security Administrator 1%

Security Architect

(variants of: 0% Security Architect

(variants of: 1% Security Architect

(variants of: 1%

Security Auditor 0% Security Auditor 1% Security Auditor 1%

Security Engineer 1% Security Engineer 1% Security Engineer 1%

Application Security

Specialist0% Application Security

Specialist4% Application Security

Specialist0%

IT Security Officer 1% IT Security Officer 1% IT Security Officer 0%

Network Security

Engineer 0% Network Security

Engineer 0% Network Security

Engineer 0%

Information

Security

Manager3rd Previous 2nd Previous 1st Previous


Figure 12 – Chart showing the top three roles at each stage on the path to a role as an Information Security Manager

These figures illustrate that many Information Security Managers begin in other IT roles (49% in their 3rd previous role and 44% in their 2rd previous role). These percentages are greater than all aggregated non-commercial Cyber Security roles, demonstrating that general management skills are more in demand than specialised technical skills.

Figure 13 – Illustrates the most common roles that lead to a role as an Information Security Manager

3rd Previous Role

2nd Previous Role

1st Previous Role

7%14%

22%

49% 44% 24%

8%15%

26%


Other IT



Manager

Consultant

Other IT


2.2 Information Security Consultant

Figure 14 - Chart displaying job history leading to a role as an Information Security Consultant

3rd Previous Role 2nd Previous Role 1st Previous RoleInformation Security



Consultant 41%

Other IT38%

Other IT30%

Other IT18%




Manager 11%

IT Security



Consultant 4%




Analyst 4%

Security Engineer 4%



IT Security Analyst 3%



Non-IT3%

Non-IT5%

Non-IT3%




Officer 3%

IT Security Manager 1%



Penetration

Tester/Pen Tester 1%Penetration


Tester/Pen Tester 2%

Security

Administrator 0%Security


Administrator 2%

Network Security



Consultant 1%

Pre-sales Consultant 1%



Computer/Digital



Forensics 1%

Security Auditor 1%

Security Auditor 2%

Security Auditor 0%

Security Architect



(variants of) 0%

Network Security



Analyst 0%

Information

Security

Consultant


Figure 15 - Chart showing the top three roles at each stage on the path to a role as an Information Security Consultant

These figures show that many Cyber Security professionals remained as Information Security Consultants throughout the last 10 years of their career. Those who moved into the profession initially came through a general IT route or from an Information Security Manager role. It is interesting to note that the ability to move into this role from other IT roles has considerably reduced in recent years, more so than all aggregated non-commercial Cyber Security roles.

Figure 16 – Illustrating the most common roles that lead to a role as an Information Security Consultant

3rd Previous Role

2nd Previous Role

1st Previous Role

38%30%

18%

24%24%

41%

7% 10% 11%



Other IT


Manager

Consultant

Other IT


2.3 IT Security Consultant

Figure 17 - Chart displaying job history leading to a role as an IT Security Consultant

Other IT44%

Other IT29%

Other IT9%

Non-IT16%

Non-IT10%

Non-IT7%




IT Security



Consultant 17%




Consultant 4%




Network Security



Consultant 9%

Penetration



Tester/Pen Tester 7%

Security



Administrator 2%




IT Security Officer 0%






Analyst 2%

Network Security



Engineer 2%

Network Security



Analyst 0%




Account Manager



(with security) 0%




Manager 4%

Security Architect



(variants of) 2%

Security Auditor 0%

Security Auditor 0%

Security Auditor 2%

PCI Consultant

(variants of)/QSA 0%PCI Consultant

(variants of)/QSA 0%PCI Consultant

(variants of)/QSA 2%

IT Security

Consultant 3rd Previous Role 2nd Previous Role 1st Previous Role


Figure 18 - Chart showing the top four roles at each stage on the path to a role as an IT Security Consultant

The most common path to a role as IT Security Consultant is through general IT roles or through other industries. Another common path is via a role as an IT Security Analyst.

Figure 19 – Chart showing the main three roles that lead to the position of IT Security Consultant

3rd Previous Role

2nd Previous Role

1st Previous Role

44%29%

9%

16%

10%

7%

12%

8%

7%

8%14%

17%


IT Security Analyst

Non-IT

Other IT

IT SECURITY CONSULTANT

Other IT

Non-IT

IT Security Analyst


2.4 Account Manager

Section 1 discussed the general pathways to commercial/sales roles within Cyber Security. The most common routes were through other industries, general IT and via a role as an Account Manager. Many of those who came up through other industries or general IT were in sales roles. Relatively few have come from non-commercial security roles.

The pathways into a role as an Account Manager in Cyber Security are explained further below.

Figure 20 – Chart displaying job history leading to a role as an Account Manager within Cyber Security

The figures suggest that the predominant route into an Account Manager role within Cyber Security is via Other IT roles. The general IT roles that Account Managers come from tend to be within sales, as did the non-IT roles. Within Cyber Security, many progressed into the Account Manager role from the same role or from a Sales Executive position.

Other IT45%

Other IT43%

Other IT37%

Non-IT31%

Non-IT24%

Non-IT16%

Account Manager



(with security) 24%

Sales Executive



(with security) 11%

Business



Development 7%

Sales Manager (with

security) 2%Sales Manager (with

security) 4%Sales Manager (with

security) 2%




Technical Account



Manager 1%

Network Security



Analyst 0%

Sales Engineer 1%

Sales Engineer 0%

Sales Engineer 0%




Account

Manager3rd Previous 2nd Previous 1st Previous


Figure 21 – Displaying the most common four roles in the job history of Cyber Security Account Managers

This figure illustrates that there has been an increased demand from the Cyber Security industry in recent times to hire more specialised Cyber Security experienced Account Managers.

Figure 22 – Displaying the most popular roles at each stage in the pathway to an Account Manager position in Cyber Security

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

3rd Previous 2nd Previous 1st Previous

Other IT

Non-IT



3rd Previous

•Other IT

•Non-IT

•Account Manager

•Sales Executive

2nd Previous

•Other IT

•Non-IT

•Account Manager

•Sales Executive

1st Previous

•Other IT

•Account Manager

•Non-IT

•Sales Executive


2.5 Pathways to Other Roles

The charts below show the top three roles at each stage in the path towards 23 other roles.

Figure 23 - Non-Commercial Roles

Current Role

Other IT Other IT Other IT

Non-IT Non-IT Information Security Analyst Information Security Analyst

Information Security Analyst Information Security Analyst Information Security Consultant


Information Security Manager Information Security Officer Information Security Manager Information Security Officer

IT Security Analyst Information Security Consultant Information Security Analyst


Non-IT Non-IT IT Security Analyst IT Security Analyst

IT Security Analyst IT Security Analyst IT Security Consultant


IT Security Manager Security Architect IT Security Analyst IT Security Officer

Non-IT Non-IT IT Security Manager

Other IT Other IT IT Security Manager

IT Security Analyst IT Security Manager Other IT IT Security Manager

IT Security Consultant IT Security Analyst


IT Security Analyst Network Security Analyst Network Security Engineer Network Security Analyst

Network Security Engineer IT Security Analyst Network Security Consultant


Network Security Consultant Network Security Consultant Network Security Consultant Network Security Consultant

IT Security Consultant IT Security Analyst Network Security Engineer


Network Security Engineer Network Security Engineer Network Security Engineer Network Security Engineer

Security Engineer IT Security Analyst Network Security Analyst


Non-IT IT Security Analyst Security Engineer Security Engineer

Security Engineer Network Security Engineer IT Security Consultant


Non-IT Security Administrator Security Administrator Security Administrator

Security Administrator Non-IT IT Security Analyst

Other IT Other IT Security Architect

Security Architect Security Architect q Information Security Consultant Security Architect

IT Security Consultant IT Security Consultant IT Security Consultant

Other IT Other IT Security Auditor

Security Auditor Security Auditor Information Security Manager Security Auditor

Information Security Analyst Information Security Analyst IT Security Officer

Other IT Other IT PCI Consultant

Information Security Manager PCI DSS Consultant Other IT PCI DSS Consultant/ QSA

IT Security Consultant IT Security Consultant Information Security Manager

Other IT Other IT Computer Forensics Specialist

Computer Forensics Specialist Computer Forensics Specialist Non-IT Computer Forensics Specialist

Non-IT Non-IT Other

Other IT Other IT Penetration Tester

Penetration Tester Other IT Other IT Penetration Tester

Computer Forensics Specialist IT Security Analyst Information Security Consultant

Other IT Application/ System Security Security Administrator

Information Security Consultant Information Security Consultant Other IT Application/ System Security

Application/ System Security IT Security Analyst IT Security Consultant

3rd Previous Role 2nd Previous Role 1st Previous role


Figure 24 - Commercial Roles

This section of the report has illustrated that there are many routes and pathways into jobs within Cyber Security. Generally, many professionals come through general IT and even other industries to join the Cyber Security profession.

Current Role


Sales Engineer Sales Engineer Sales Engineer Sales Engineer

Non-IT Technical Account Manager Pre-Sales Consultant

Other Other IT Pre-Sales Consultant

Sales Engineer Pre-Sales Consultant Other IT Pre-Sales Consultant

Account Manager IT Security Consultant Security Engineer


IT Security Consultant IT Security Consultant IT Security Consultant Technical Account Manager

Security Engineer Security Engineer Security Engineer


Non-IT Non-IT Non-IT

Account Manager Business Development Manager Account Manager

Non-IT Non-IT Other IT

Other IT Other IT Sales Executive Sales Executive

Account Manager Account Manager Non-IT


Account Manager Account Manager Sales Manager Sales Manager

Non-IT Non-IT Account Manager

Other IT Other IT Sales Director

Sales Manager Sales Manager Other IT Sales Director

Sales Director Sales Director Sales Manager

Business Development

Manager

3rd Previous Role 2nd Previous Role 1st Previous role

Section 3 – Qualifications and Degrees by Job Role


Section 3 – Qualifica tions and Degrees by Job Role

3.1 Qualifications

Table 4 – Table showing professional qualifications per job role

Role

MSc

Infosec MBA CISSP CISA CISM QSA CLAS GIAC CEH CREST CHECK Tiger LPT CCNA

ISO27001

Lead

Auditor

Comp TIA

Security+

Information Security Analyst 12% 4% 48% 19% 12% 1% 1% 7% 10% 0% 0% 0% 0% 25% 6% 10%

Information Security Manager 11% 7% 64% 19% 33% 4% 5% 5% 7% 0% 0% 1% 1% 17% 13% 5%

Information Security Consultant 14% 7% 62% 24% 18% 10% 7% 5% 13% 0% 3% 0% 1% 26% 17% 5%

Information Security Officer 11% 3% 55% 24% 31% 5% 3% 3% 9% 0% 0% 0% 1% 23% 8% 3%

IT Security Analyst 11% 2% 42% 17% 6% 0% 4% 4% 17% 4% 0% 0% 2% 30% 0% 6%

IT Security Manager 12% 2% 73% 16% 35% 4% 0% 4% 8% 0% 0% 0% 0% 35% 8% 0%

IT Security Consultant 4% 0% 73% 24% 16% 10% 6% 12% 35% 2% 2% 4% 0% 35% 4% 4%

IT Security Officer 0% 8% 50% 4% 17% 4% 8% 0% 8% 0% 0% 0% 0% 17% 8% 0%

Network Security Engineer 0% 3% 15% 0% 0% 0% 3% 3% 13% 5% 0% 0% 0% 74% 0% 8%

Network Security Consultant 13% 0% 40% 0% 7% 0% 0% 0% 27% 7% 0% 7% 0% 67% 7% 0%

Network Security Analyst 6% 0% 44% 0% 6% 6% 0% 11% 6% 0% 0% 0% 0% 72% 0% 6%

Security Engineer 6% 5% 56% 6% 4% 2% 2% 6% 20% 0% 0% 1% 2% 70% 2% 4%

Security Administrator 4% 0% 18% 4% 2% 0% 0% 2% 4% 4% 0% 0% 0% 24% 0% 4%

CISO6% 17% 89% 33% 22% 11% 22% 11% 6% 0% 0% 0% 0% 17% 17% 6%

Security Architect7% 5% 74% 10% 12% 6% 22% 4% 15% 0% 2% 1% 0% 21% 10% 4%

Security Auditor 0% 0% 71% 86% 0% 7% 7% 7% 36% 0% 0% 0% 0% 36% 14% 7%

QSA Consultants 10% 0% 41% 15% 20% 46% 0% 5% 5% 2% 0% 0% 0% 17% 7% 0%

Computer Forensics Investigator14% 0% 23% 9% 0% 14% 3% 3% 3% 0% 0% 3% 0% 14% 0% 3%

Penetration Tester/Pen Tester10% 3% 50% 3% 3% 3% 3% 10% 43% 18% 33% 3% 5% 33% 3% 5%

Application Security Specialist0% 0% 50% 5% 14% 5% 0% 14% 9% 9% 5% 0% 0% 18% 5% 0%

Sales Engineer 0% 2% 18% 2% 2% 0% 0% 2% 4% 0% 0% 0% 0% 24% 0% 4%

Pre-sales Consultant 0% 2% 16% 2% 0% 0% 2% 0% 2% 0% 0% 0% 0% 20% 0% 0%

Technical Account Manager 0% 0% 25% 3% 3% 0% 3% 0% 9% 0% 6% 0% 0% 13% 3% 6%

Account Manager 0% 4% 2% 1% 0% 0% 0% 0% 0% 0% 0% 0% 0% 3% 0% 0%

Business Development Manager0% 10% 0% 1% 0% 4% 1% 0% 1% 1% 0% 0% 0% 4% 0% 0%

Sales Executive 0% 5% 0% 0% 0% 0% 0% 0% 0% 2% 0% 0% 0% 2% 0% 0%

Sales Manager 0% 4% 5% 1% 0% 0% 1% 1% 1% 1% 0% 0% 0% 3% 0% 0%

Sales Director 2% 11% 2% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 2% 0% 0%

Qualifications


The above table highlights qualifications in order of popularity for each job role. CISSP is, as discussed in Section 1, the most common qualification overall and for most of the non-commercial roles. CCNA is also prevalent, more so in highly technical roles such as Security Engineer.

Often, particular qualifications are more common in one role, such as CEH for Penetration Testers and Security Analysts. This is due to the fact that certain qualifications are focused towards a particular set

of specialised skills that are required only in certain positions. Of the two post-graduate qualifications analysed, the MBA is most popular throughout the more commercial roles towards the bottom of the table. The MSc Information Security is more popular in non-commercial roles.

It is worthy of note that, recently, CESG (Communications Electronics Security Group – the National Technical Authority for Information Assurance) has produced a certification scheme for professionals working in HMG Information Assurance. As these certifications are relatively new they have not been included in this analysis. However the more generalised CLAS credential is included.

Figure 25 – Chart highlighting the distribution of CISSP certified professionals across all non-commercial job roles

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%


Figure 26 – Chart comparing qualifications of four Cyber Security roles: Information Security Manager, Information Security Consultant and their IT security equivalents

0%

10%

20%

30%

40%

50%

60%

70%

80%


IT Security Manager




3.2 Degrees

Table 5 – Table of degree types across all job roles

In total across all roles, almost 50% of Cyber Security professionals have an undergraduate degree. In some cases, a higher proportion of those in more junior roles have a degree compared to their more senior counterparts, for example 65% of Information Security Analysts have a degree compared to 47% of Information Security Managers. Some sectors of the Cyber Security industry equally value professionals with senior military backgrounds and experience who may not be degree educated. This reflects the emphasis for managers with organisational, process and communication skills.

Another consideration in these figures is that that those entering the profession more recently tend to be graduates.

Some of the more specialised roles, such as Forensics Analyst and Application Security Specialist require more specific knowledge and skills that often can only be acquired via degree studies, which may explain why a higher proportion of professionals in roles such as these have a degree.

Role IT Technical Other No DegreeInformation Security Analyst 32% 14% 19% 35%Information Security Manager 19% 16% 12% 53%Information Security Consultant 28% 17% 9% 46%Information Security Officer 36% 14% 12% 38%IT Security Analyst 21% 13% 11% 55%IT Security Manager 20% 16% 10% 54%IT Security Consultant 33% 16% 12% 39%IT Security Officer 17% 25% 4% 54%Network Security Engineer 31% 26% 3% 40%Network Security Consultant 33% 27% 0% 40%Network Security Analyst 17% 22% 17% 44%Security Engineer 44% 9% 9% 38%Security Administrator 29% 7% 11% 53%CISO/Head of Information Security 45% 11% 0% 44%Security Architect (variants of) 23% 14% 10% 53%Security Auditor 43% 7% 0% 50%PCI Consultant (variants of)/QSA Consultants 17% 15% 12% 56%Forensics Analyst/Investigator (variants of) 40% 11% 20% 29%Penetration Tester/Pen Tester 44% 5% 8% 43%Application Security Specialist (variants of) 45% 5% 18% 32%Sales Engineer 25% 8% 10% 57%Pre-sales Consultant 22% 27% 12% 39%Technical Account Manager 22% 0% 16% 62%Account Manager (with security) 9% 4% 24% 63%Business Development Manager (with security) 7% 10% 15% 68%Sales Executive (with security) 16% 4% 25% 55%Sales Manager (with security) 8% 7% 26% 59%Sales Director (with security) 4% 5% 23% 68%Total 22% 11% 15% 52%


Perhaps unsurprisingly, of those who have a degree, the most common category is IT. However, these figures show that many professionals enter the industry having studied other disciplines. Graduates with a degree in a non-IT and non-technical subject tend to have more commercial roles that require less specific knowledge.

Figure 27 – Pie chart showing split of degree types across all roles

Figure 28 – Displaying the degree categories of the four roles with the highest proportion of graduates

IT22%

Technical11%

Other15%

No Degree52%

0%

10%

20%

30%

40%

50%

ITTechnical Other

No Degree



Forensics Analyst/Investigator (variants of)


Section 4 – Demographic Profiles by Job Role


Section 4 – Demographic Profi les by Job Role

4.1 Location

Table 6 – Location data across all job roles

The data clearly shows that the vast majority of Cyber Security professionals live in the South East, though there is a wide geographical distribution across many of the above roles. The roles that are the most dispersed throughout the UK are Network Security Consultant and QSA Consultant. Many professionals in consultancy roles work from home and so may be based elsewhere in the country whilst their employer is located in the South East.

Job Title NW NE SW SE Mids Scot Wales N. Ire

Information Security Analyst 0% 6% 0% 81% 13% 0% 0% 0%

Information Security Manager 0% 12% 4% 60% 16% 0% 8% 0%

Information Security Consultant 9% 0% 23% 50% 18% 0% 0% 0%

Information Security Officer 6% 29% 0% 53% 6% 0% 6% 0%

IT Security Analyst 8% 17% 8% 67% 0% 0% 0% 0%

IT Security Manager 8% 0% 0% 59% 25% 0% 8% 0%

IT Security Consultant 0% 0% 8% 59% 25% 8% 0% 0%

IT Security Officer 4% 0% 8% 43% 29% 4% 8% 4%

Network Security Engineer 8% 13% 4% 62% 13% 0% 0% 0%

Network Security Consultant 0% 14% 0% 79% 7% 0% 0% 0%

Network Security Analyst 0% 11% 0% 77% 6% 6% 0% 0%

Security Engineer 11% 0% 26% 53% 5% 5% 0% 0%

Security Administrator 0% 15% 0% 85% 0% 0% 0% 0%

CISO 6% 17% 6% 71% 0% 0% 0% 0%

Security Architect 4% 8% 15% 53% 12% 8% 0% 0%

Security Auditor 36% 7% 7% 29% 21% 0% 0% 0%

QSA Consultants 8% 16% 4% 40% 24% 8% 0% 0%

Computer Forensics Investigator 10% 0% 5% 50% 20% 0% 15% 0%

Penetration Tester/Pen Tester 13% 0% 4% 54% 25% 0% 0% 4%

Application Security Specialist 0% 0% 14% 72% 5% 0% 9% 0%

Sales Engineer 0% 17% 8% 50% 25% 0% 0% 0%

Pre-sales Consultant 4% 16% 8% 72% 0% 0% 0% 0%

Technical Account Manager 0% 0% 10% 90% 0% 0% 0% 0%

Account Manager 7% 11% 6% 63% 13% 0% 0% 0%

Business Development Manager 16% 16% 8% 48% 4% 4% 4% 0%

Sales Executive 8% 23% 0% 54% 15% 0% 0% 0%

Sales Manager 10% 10% 3% 74% 0% 0% 3% 0%

Sales Director 0% 0% 8% 77% 15% 0% 0% 0%

Region


4.2 Age Distribution

Table 7 – Age distribution data across all roles

Age distribution clearly varies throughout the roles listed and encouragingly, the age profile of Cyber Security professionals appears to be quite wide. There is a comparatively younger age profile in Cyber Security consultancy positions, perhaps due to the lifestyle and amount of travel generally involved with these roles together with knowledge of new leading-edge Cyber Security technologies.

Job Title 20-29 30-39 40-49 50+ No Data

Information Security Analyst 13% 25% 0% 0% 62%

Information Security Manager 0% 20% 28% 8% 44%

Information Security Consultant 0% 41% 5% 5% 49%

Information Security Officer 0% 24% 41% 6% 29%

IT Security Analyst 0% 33% 25% 8% 34%

IT Security Manager 0% 8% 42% 8% 42%

IT Security Consultant 8% 42% 8% 8% 34%

IT Security Officer 0% 17% 29% 21% 33%

Network Security Engineer 13% 63% 13% 0% 11%

Network Security Consultant 0% 21% 7% 0% 72%

Network Security Analyst 6% 28% 11% 11% 44%

Security Engineer 5% 32% 16% 5% 42%

Security Administrator 31% 8% 15% 0% 46%

CISO 6% 22% 6% 6% 60%

Security Architect 0% 42% 19% 12% 27%

Security Auditor 7% 21% 7% 14% 51%

QSA Consultants 4% 24% 56% 16% 0%

Computer Forensics Investigator 30% 45% 10% 15% 0%

Penetration Tester/Pen Tester 17% 42% 37% 4% 0%

Application Security Specialist 14% 27% 23% 5% 31%

Sales Engineer 8% 42% 33% 8% 9%

Pre-sales Consultant 8% 24% 16% 8% 44%

Technical Account Manager 10% 52% 24% 5% 9%

Account Manager 6% 50% 19% 13% 12%

Business Development Manager 4% 16% 40% 20% 20%

Sales Executive 15% 23% 15% 8% 39%

Sales Manager 10% 19% 35% 6% 30%

Sales Director 0% 31% 15% 38% 16%

Age


4.3 Gender

Table 8 – Gender profiles across all job roles

It is apparent from this data that the gender profile across all of the job roles is predominantly male. The proportion of females is generally higher in less technical roles such as Security Administrators and Sales Executives.

Job Title M F No data

Information Security Analyst 68% 19% 13%

Information Security Manager 76% 20% 4%

Information Security Consultant 95% 0% 5%

Information Security Officer 82% 18% 0%

IT Security Analyst 92% 8% 0%

IT Security Manager 75% 17% 8%

IT Security Consultant 92% 8% 0%

IT Security Officer 83% 13% 4%

Network Security Engineer 96% 0% 4%

Network Security Consultant 79% 0% 21%

Network Security Analyst 94% 0% 6%

Security Engineer 95% 5% 0%

Security Administrator 77% 23% 0%

CISO 88% 6% 6%

Security Architect 88% 12% 0%

Security Auditor 72% 21% 7%

QSA Consultants 92% 8% 0%

Computer Forensics Investigator 80% 20% 0%

Penetration Tester/Pen Tester 96% 4% 0%

Application Security Specialist 86% 9% 5%

Sales Engineer 92% 8% 0%

Pre-sales Consultant 80% 20% 0%

Technical Account Manager 95% 5% 0%

Account Manager 74% 24% 2%

Business Development Manager 84% 16% 0%

Sales Executive 69% 31% 0%

Sales Manager 71% 29% 0%

Sales Director 92% 8% 0%

Gender

Summary of Key Findings


Summary of Key Findings

Summary of Section 1 – Overview

In this section, aggregated data across all roles within the non-commercial and commercial categories was assessed.

The trends highlighted include:

Historically the most common pathways into non-commercial Cyber Security roles were via general IT roles or via other industries. As the overall body of professionals within Cyber Security has grown, this percentage has significantly reduced and these roles are now being filled by experienced professionals who are progressing and moving roles within the profession.

From within Cyber Security, the most common specialised pathways were via roles as IT Security Consultant, Information Security Consultant or Information Security Manager. The pathways to these roles were analysed in more detail in Section 2.

The most common pathways into commercial/sales roles within Cyber Security are via non-IT and general IT sales roles. The pathway to a role as an Account Manager was discussed further in Section 2.

Overall, CISSP is the most common professional certification.

Around half of Cyber Security professionals have an undergraduate degree, with more of these being in non-commercial roles than commercial positions. The most common degree type was IT.

Summary of Section 2 – Pathways to Target Job Roles

In this section, the pathways to the most common specialised specific job roles were analysed: Information Security Manager, Information Security Consultant, IT Security Consultant and Account Manager.


The analysis showed that many Information Security Managers come from general IT and Information Security Consultant roles.


The figures showed that many of those in this role have held the same position for their last three roles also. Those entering from other roles generally came from general IT or an Information Security Manager position.


Many professionals appeared to move into this role from general IT. Those who came from within the Cyber Security profession were mostly from an IT Security Analyst role.

Account Manager

The data suggested that many professionals in this role come from a general IT background or other industries, and within Cyber Security they had held the Account Manager role previously or progressed from a Sales Executive position. The general IT and non-IT roles these professionals came from were generally within sales.


Summary of Section 3 – Qualifications and Degrees by Job Role

Qualifications

CISSP is the most common professional qualification, covering a broad range of disciplines across information security. More specialised roles require more specific qualifications. Specialised Cyber Security qualifications feature highly in the non-commercial roles and are becoming increasingly focused on specific subject areas.

Degrees

The figures demonstrate that undergraduate degrees may be more important in some job roles than others. Those in highly technical or very specialist roles more commonly had a degree, most likely due to the specific knowledge required for these roles, which could only be gained through academic study.

Significant numbers of professionals without degrees have moved into management roles, where experience and a proven track record is the primary consideration over academics.

Summary of Section 4 - Demographic Profiles by Job Role

Location

With just a few exceptions, the majority of professionals in all of the job roles were located in the South East. Certain positions, such as consultancy roles, tend to be home-based and therefore have a wider geographical distribution.

Age

The age profile across most roles was widespread and did not tend to follow the trend of younger people in more “junior” roles and older people in management positions.

Compared to other industries, there is a comparatively younger age profile in Cyber Security consultancy positions. This is perhaps due to the lifestyle and amount of travel generally involved with these roles together with knowledge of new leading-edge Cyber Security technologies.

Gender

The gender profile was shown to be predominantly male across all job roles. The roles with a higher proportion of female professionals were less technical positions such as Analyst, Officer, Manager and Security Administrator roles. Commercial roles also generally had a higher proportion of female professionals.


About Alderbridge Providing professional recruitment services to the Cyber Security industry since 1997, Alderbridge has

worked with over 35,000 professionals across the UK and Europe, in Cyber Security and closely related sectors. Alderbridge has supplied Cyber Security professionals to a wide range of prestigious organisations across the UK and Europe. Alderbridge team members are also practitioners in this field and lead industry bodies globally on information systems security. For more information on Alderbridge please contact: 01423 321900 [email protected] www.alderbridge.com

Alderbridge Specialists in Info Security

e-skills UK, the Sector Skills Council responsible for: Business and Information Technology, including Software, Internet & Web, Computer Games, IT Services, Telecommunications and Business Change.

© 2000-2013 Reserved, e-skills UK

All rights reserved. No part of this material protected by this copyright may be reproduced or utilised in any form, or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without prior authorisation and credit to e-skills UK.

An e-skills UK publication

For further information please contact:

e-skills UK 1 Castle Lane London SW1E 6DR UK

Tel: 020 7963 8920

[email protected]

www.e-skills.com

specialist recruitment knowledge for e- learning pathways ... · pdf filee-skills uk is the...

Documents