This is an interesting read from CSIS: A Human Capital Crisis in Cybersecurity. In a nutshell, it repeats the timeworn complaint that “there’s not enough good information security people out there”. There’s nothing new there…we’ve heard it since before legions of self-promoters started using the ‘cyber-‘ prefix.
As usual, the prescription is education and certifications. The paper does a great job of listing out the many organizations that offer information security certifications. It proposes that these all be standardized, or unified under a government body. CSIS put a lot of work into the background and the proposed action plan. It is worth the read.
Threat Forward 