The Current Cybersecurity Landscape
Cybersecurity continues to dominate the headlines as one of the most important IT components in nearly every organization around the globe. And, while securing infrastructure, hardware, applications, and the like has become highly effective over the past 5+ years, the biggest threat to most companies continues to be individual users and a lack of awareness. Companies report that 31% of successful breaches stem from inadequate training of non-technical employees. Every Information Security team needs to be shouting from the proverbial rooftops to get all users trained and familiar with common attacks. Most of these attacks are not sophisticated. Phishing continues to top the list as one of the most effective vectors for breach. The simple act of familiarizing non-technical (and even some technical) staff with the common “red flags” of malicious e-mails can save a company from the next devastating cyberattack.
Cybersecurity Jobs, Certifications, and Education
It is currently estimated that 69% of companies are understaffed when it comes to information security. And 32% say that it can take six months or more to fill a single cybersecurity job. Artificial intelligence and machine learning are being leveraged to fill in gaps in staffing, supplementing the hard work of security analysts, but it’s not enough. It is anticipated that by 2022, there will be 1.8 million unfilled cybersecurity jobs, which is an increase of 20% from 2015 (1.5 million vacancies). These unfilled positions and understaffed security teams only exacerbate the data breach issues that face companies today.
While colleges and universities offer cybersecurity tracks, the skills gap is not necessarily being closed by these degree programs. Organizations are seeking analysts with practical experience and performance-based training that comes from well-respected certifications, such as Security+ from CompTIA®.
In addition to certification being practically mandatory for security focused job roles, some 10% of all IT job postings now include Security+ as a requirement, regardless of the role. From network engineers to service desk technicians, cybersecurity is becoming a core capability within the IT industry, and Security+ remains one of the most highly recommended and popular credentials in the field.
The Future of CompTIA Security+
Unsurprisingly, the field of cybersecurity is becoming more complex. Most practitioners agree that threats are increasing, and attack vectors are becoming more sophisticated. At present, CompTIA® is reworking the Security+ curriculum to amp up sections on threats and vulnerabilities as well as cloud security. Additionally, tools and technology along with automation and orchestration are being enhanced in response to the increase in the use of artificial intelligence and machine learning. It is anticipated that organizations will also rely upon practitioners at this level of education and experience to provide some penetration testing; thus, the next version of Security+ will likely include increased focus on this skillset.
The new version of the Security+ certification (SY0-601) is set to be released in November 2020. As is customary, CompTIA® will deprecate the current version (SY0-501) 6 months after release, May 2021.
How to get CompTIA Security+ Certified
Beyond20 offers public Security+ courses in our Washington, DC offices every quarter. These classes are taught by experienced industry experts with advanced certifications in cybersecurity, as well as extensive real-world experience in the IT industry. Click here to register for our next Security+ course, and if your organization is interested in onsite training, we also offer the full suite of CompTIA® certifications, from A+ through CASP+.