A major new role for the practitioner

Yesterday, I was reviewing State of Cybersecurity 2022 from ISACA. They surveyed 2,031 people who “hold the ISACA Certified Information Security Manager® (CISM®) certification or have registered information security job titles”.

The results are sad. They include (with my emphasis):

• Sixty-three percent of respondent enterprises have unfilled cybersecurity positions.
• Fifteen percent say they are significantly understaffed.
• Sixty percent of enterprises report experiencing difficulties in retaining qualified cybersecurity professionals.
• The number of survey respondents who believe their cybersecurity programs are appropriately funded increased to 42 percent—a five percentage-point jump and the most favorable report since ISACA began its state of cybersecurity reporting.
• Last year’s declining optimism about cybersecurity budgets reversed course this year, with 55 percent of respondents expecting an increase in funding.
• Although 82 percent of respondents believe their leadership team sees value in conducting a cyberrisk assessment, only 41 percent of respondent enterprises perform an annual cyberrisk assessment.
• 33% perform assessments more often than annually: 8% every 7-12 months; 16% every 1-6…