The demand for network security talents is rising, and there is a serious shortage of practical and practical talents. Hack the box, a British network security skills training platform, announced that it had obtained 10.6 million round a financing. This enterprise, founded in 2017, is a huge online network security training platform. HTB said it has the world’s largest ethical hacker community, with more than 500000 members from different it backgrounds: CISO, CIO, penetration testers, information security practitioners, hackers, beginners, developers and university professors from all over the world.
On the same track as HTB, there is also the immersive labs platform, which was established in the same year as HTB and successively obtained round a financing of US $8 million and round B financing of US $40 million in 2019. In addition, official security, born in 2007, overseas network security professional training platforms come to the stage one by one to transport talents and fill the market gap.
The market is growing rapidly and there is a great shortage of talents.
Network security has risen to the national level, and its importance is self-evident. At the same time, one of the current contradictions of network security is the contradiction between the growing network security threat, the rapidly developing market scale and the lack of high-quality talents.
On the one hand, the urgent needs of the network security market.
In the next decade, the network security market will grow at a rate of more than 25% every year. According to this growth rate, the scale of the network security market will exceed 2 trillion by 2035. Relevant data show that in the decade from 2015 to 2025, the potential global economic losses caused by cyber attacks may be as high as US $294 billion.
On the one hand, there is a shortage of network security talents.
With the development of Internet of things and new infrastructure, the subdivided fields of network security will become more and more complex. Specifically, in the 5g era, everything is programmable, everything should be interconnected, networking devices are constantly upgraded and iterated, and the number of software vulnerabilities will be positively related to it. Network security talents are in short supply. It is reported that the shortage of network security talents is at least 1.5 million, and there is a serious shortage of practical talents.
“Talent is both saturated and scarce.”
A person in the industry commented on the current situation of the safety industry. There is an extreme shortage of upper level talents and an extreme saturation of lower level talents. Why?
There are many fields of network security, which can cover almost all fields of computer science. Network security technology is a complex general specialty. It needs to be involved in the fields of underlying language, network security, computer science and technology, database, network attack prevention and so on. What does an excellent network security talent need?
Familiar with multiple programming languages, proficient in Python, PHP and C, and able to operate freely;
Be familiar with penetration test, steps, methods and processes, be familiar with heart, and skillfully use various penetration test tools;
Be familiar with the construction of safety system, the use of protection means and the implementation of safety assessment;
Skillfully use defense and skillfully arrange defense front.
On this basis, we should be able to fight on multiple lines and ensure quality at the same time. To put it bluntly, to become an excellent network security talent, the threshold is very high. It is highly systematic and has few professional background
At present, there are only more than 20000 graduates majoring in network security every year, and there are few graduates, which is in short supply. Relevant data show that job seekers for network security posts actually come from fraternal majors such as computer, electronic information engineering, software engineering and network engineering. This means that the number of talents from network security specialty to the market is limited.
Network security is a systematic and practical field
Network security involves many contents. For example, the equipment layer, network layer, platform layer, data layer and application layer of the Internet of things all have security requirements. Its system learning attribute is strong and learning is difficult. Moreover, network security itself has high requirements for the experimental environment, and the knowledge accumulated in the process of practice will have very strong scene attributes. The market of network security awareness education started late and is still in the primary stage of development.
The first is that the punishment is not enough.
When the network security awareness education has not been incorporated into the compliance scope, for thousands of small and medium-sized enterprises, the general network security awareness education for employees is insufficient, which makes the procurement of network security education products or services not paid enough attention.
The second is the dislocation of responsibility.
The budget of employee training is in the human resources department or office, but the responsibility of network security is in the information security department or it department. Domestic network security awareness education enterprises have not realized the dislocation of budget allocation and responsibility.
The law is not perfect.
The relevant legal systems of European and American countries were formed earlier, more complete and professional. Taking the United States as an example, Congress promulgated the freedom of information act in 1966 on the legislative norms of network security, which has been revised seven times as of 2007.
Without network security, there will be no national security, and without informatization, there will be no modernization. Education and talent training are the basis and premise for the advancement and development of network security industry. Under the new threat, the demand for the ability, systematization, phased and scenario of network security talent education is particularly urgent. With the popularity of cloud computing and the rise of edge computing, the equipment environment involving information security is becoming more and more complex, and the technical reserve requirements for technicians are becoming higher and higher, so the relevant posts are becoming more and more subdivided.
At present, all walks of life such as finance, medical treatment, security, Internet, communication, real estate, industry and securities urgently need network security talents. With the improvement of laws and regulations such as network security law, the attention of colleges and universities and the internal training of enterprises, the talent shortage market will be alleviated. But filling the gap is not overnight. There is still a long way to go in China’s network security market.