Then, you tag team that idea with the chance of going months without key network security personnel after someone goes to a new job, then the need for role redundancy is greater - which means most organizations should be scrambling to increase security skills of the existing staff.
So, that's some of the substance of what I heard from Cisco. However, I was a bit skeptical, and asked if they had any publicly available data to back up the baseline assumption: security personnel demand does/will exceed supply. Cisco cited three references:
A 2010 CCIE survey, which showed that security is the top skill needed over the next 5 years. (Survey is dated Feb 2009.)
A 2009 Forrester research study, published on Cisco's web site. This survey asserts that managers need to focus on roles, coverage, and that managers claim that they look at certifications to validate skills. If you look closely, those certs follow behind the idea of looking for experience. (I have to admit, reading the report, it made me wonder if the objective was to favor certifications, but you can make your own assessment.)
An article on the HomelanSecurityNewsWire.com web site, which has some real evidence of the demand exceeds supply argument. In particular, this article sites competition with the private sector for security engineers and that the candidates currently filling the technical security jobs simply aren't technical.
Well, that's the news - some new Cisco specialty certifications, plus some seemingly good news on the job front if you're interested in network security. But I can't resist the urge to ask you all. Do you see it happening locally? Do you buy this idea that the demand exceeds the supply of network security engineers? Weigh in with written comments, take this poll, and join in.
Sign up for CIO Asia eNewsletters.