View from the airport: (ISC)2 Security Congress 2019

Airport waiting room
(Image credit: Shutterstock)

The sun has set, I've watched my last street performer and witnessed my last 10pm firework display, but I'm leaving Walt Disney World and (ISC)2 Security Congress in Orlando feeling learned and confident for the future of the industry. Let me explain.

The most apparent and uplifting focus of the event was the emphasis placed on addressing the ever-widening skills gap in the cyber security industry. Experts speaking this week were the first to admit that they, and the industry as a whole, have contributed to issue it's cyber security's own undoing.

Everyone seemed to agree that the industry must be demystified, the rampant acronyms must be stopped and the language must be made more accessible for a newbie, drastically reducing the barriers to entry.

Across the event, sessions on career guidance could be found all over and unsurprisingly they were extremely well-attended from budding cyber security professionals to those who had been in the industry for more than 20 years. Developing a deeper understanding of the careers within cyber security and how to navigate ones way further to the top was clearly on everybody's agenda.

This year's event welcomed more students than ever before, around 150 were in attendance thanks to discounted entry so they could explore the possibilities of a career in the field. While every effort was made to get more young people into the event, what was alarming was the number of experienced attendees looking for a way out.

As a disclaimer, I only went to a fraction of the career-centric sessions on offer, however, the number of attendees (and even the speakers in some cases) that were openly grieving about their lengthy experiences with burnout was a serious cause for concern.

One attendee spoke about his five-year stint with burnout and expressed confusion about where to go: Management didn't appeal to him and a lack of cyber firms in his region means he can't move laterally to find a new challenge. In jovial fashion, the same man stood up after the session ended inviting all the others who told of their career strifes to join him in the hotel bar to form a "burnout support group". The first round was on him.

Aside from the turbulent topic of careers, the usual chatter and speculation were on the cards regarding experts' thoughts on the threats of the future. The most interesting for me was from (ISC)2 board member Tony Cole who said space-based hacks will be more prevalent as we send more and more people to space.

Emerging technologies and Industry 4.0 will invariably create more problems for cyber security practitioners than they will solve, let's just hope this isn't enough to deter those looking to get stuck into a profession that's renowned for playing a perpetual game of catchup with the bad guys.

In sum, I won't miss the unrelenting clinking of metal-on-metal lanyards ruining my audio recordings of each session, but the venue and the people who were all up for a friendly chat have made it one of the most accessible and enjoyable events I've ever been to.

It's without a doubt a must-attend for any young budding cyber security professional and the focus on diversity with a broad selection of speakers and tailored ethnic minority networking events means its an event that has its arms open to all.

There is a nagging feeling, though, that the focus on inclusion could be symbolic of the industry's desperation to attract any and all talent that it can. The morality behind casting a wide net is still present, but also it's now being superseded by the sheer necessity to get anyone into the field. Gone are the days where a specialist degree is needed to get a job in infosec. No coding knowledge? No CISSP? No problem. A push to expand STEM applicants to include the arts too (STEAM), means anyone can pursue cyber security it's just about making people realise it.

Michael Leland said if we took every college student in America right now and put them in a vacant cyber role, there would still be a shortage of skilled workers. Just like Shakira's hips, the numbers don't lie and they're screaming at the industry to do better when it comes to attracting talent.

Deshini Newman, MD of EMEA for (ISC)2 said more role models are needed to attract younger people into the industry, especially young women. Others said the high salaries associated with a career in cyber should also be highlighted to a greater extent. There may not be a single correct answer, but every avenue must be explored if the industry wants to avoid reaching a breaking point.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.