Top of Page

(ISC)² Finds IT Professionals are an Underutilized Cybersecurity Resource

Largest association of certified cybersecurity professionals enables IT pros to more quickly attain SSCP® certification and bolster their organization’s security posture

Clearwater, FL, Sept. 13, 2017 – (ISC)² today announced findings of its study IT Professionals are a Critically Underutilized Resource for Cybersecurity. The report underscores how many organizations are not fully maximizing the opportunity to empower and equip their IT staff – the very individuals most often tasked with implementing security policy and technologies – with the education and authority they need to effectively bolster their cybersecurity. The research is based on responses from more than 3,300 IT professionals worldwide who participated in the 2017 Global Information Security Workforce Study.

The report can be downloaded here.

“Our findings suggest too many organizations overlook a tremendous pool of cybersecurity talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer, CISSP. “The quickest way for many organizations to bolster their cyber defense is through continuous security education and empowerment of their IT team. Security is a shared responsibility across any enterprise or government agency. Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”

Key findings from surveyed IT professionals include:

  • 43% said their organization doesn’t provide adequate resources for security training
  • Only 35% agreed their security suggestions are acted upon
  • 55% said their organization doesn’t require IT staff to earn a security certification
  • 63% said their organization has too few security workers
  • 51% said their systems are less able to defend against a cyberattack compared to a year ago
  • Hiring managers rank communication skills (62%) and analytical skills (52%) as their top desired skills for new candidates, while IT pros cite cloud computing and security (64%), and risk assessment and management (40%) as top skills they believe are needed

IT Security Education and Certification
To help organizations bolster their cybersecurity expertise within IT, (ISC)² today also announced a new prerequisite pathway for its Systems Security Certified Practitioner (SSCP) certification. IT professionals and others who have earned a cybersecurity or computer science degree from an accredited college or university can attain certification without completing one year of paid, full-time work experience previously required in addition to passing the SSCP exam and completing the (ISC)² endorsement process. This creates a more streamlined path to SSCP cybersecurity certification for qualified IT professionals.

SSCP is an ideal cybersecurity certification for IT professionals responsible for the hands-on operations of securing their organizations. Those who earn the SSCP demonstrate their technical skill to implement, monitor and administer IT infrastructure using defined security policies and procedures, as well as the ability to protect the confidentiality, integrity and availability of data. The SSCP encompasses security operations and administration; risk identification, monitoring and analysis; incident response and recovery; network and communications security; system and application security; and cryptography.

Organizations can leverage (ISC)² Enterprise Solutions to educate and prepare their IT teams to pass the SSCP exam and start contributing to a stronger cyber defense immediately.

Learn more about the SSCP certification and (ISC)² cybersecurity education opportunities at

Download the study IT Professionals are a Critically Underutilized Resource for Cybersecurity here.

About (ISC)²®
(ISC)² is an international nonprofit membership association best known for its award-winning Certified Information Systems Security Professional (CISSP®) certification, with additional certification and education programs that holistically address security. Our membership, 125,000 strong internationally, is made up of sought-after cyber, information, software and infrastructure security professionals who are making a difference and helping to advance this new industry. Our vision to inspire a safe and secure cyber world reaches the general public through a commitment to social responsibility via our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit, follow us on Twitter or connect with us on Facebook.

# # #

© 2016, (ISC)² Inc., (ISC)², CAP, CCFP, CCSP, CISSP, CSSLP, HCISPP, SSCP and CBK are registered marks of (ISC)², Inc.