The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

(ISC)²® Announces U.S. Federal Government Findings of World’s Largest Information Security Workforce Study

Washington, D.C., U.S.A. – May 14, 2015 – (ISC)²® (“ISC-squared”), the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 110,000 members, today released the U.S. federal government findings of its seventh Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies, conducted by Frost & Sullivan. The study of nearly 14,000 information security professionals worldwide drew responses from over 1,800 in the U.S. federal government sector. The findings reveal that despite significant investments in new cybersecurity policies, guidance and tools, the federal government’s state of security readiness suggests little return on its investment.


“The results of this year’s workforce study are somewhat predictable, yet startling at the same time,” says Dan Waddell, CISSP, CAP, PMP, director of government affairs, National Capital Region, (ISC)². “While the task at hand is indeed overwhelming given the complexity of threats and the government’s limited resources, when we consider the amount of effort dedicated over the past two years to furthering the security readiness of federal systems and the nation’s overall security posture, our hope was to see an obvious step forward. The data shows that, in fact, we have taken a step back.”


Likely the largest study of the information security profession ever conducted, the 2015 GISWS was conducted October-December 2014 through a Web-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It aims to provide a clear understanding of pay scales, skills gaps, training requirements, hiring practices, security budgets, career progression and corporate attitude toward information security that is of use to organizations, hiring managers and information security professionals.


Key U.S. federal government findings from the study include:



• Nearly half of respondents say that security has not improved over the last two years, while 17 percent of respondents say their organization’s security posture is actually worse off – primarily due to an inability to keep pace with threats, a poor understanding of risk management, inadequate funding and not enough qualified professionals.

• Despite significant efforts over the last two years, 58 percent of respondents are still not confident that legislators will provide new or adequate levels of funding to meet cybersecurity needs.

• Threat response times have not changed in two years. More than half of survey respondents believe that their organization did not improve its security readiness, with response times lengthening. Application vulnerabilities and malware remain the top security threats and are increasing as a concern.

• Although procurement and acquisition are cited as moments of great vulnerability, there remains very little focus on applying security during the supply chain process.

• Despite the softening of hiring budgets and a decrease in barriers to entry, an increasing number of respondents say they do not have enough information security personnel to meet the demands of their mission, and that the workforce gap is hurting the organization and its customers.

• There has been little return on the larger investment in NIST’s Cybersecurity Framework. Just 15 percent of organizations outside of the federal government have implemented this Framework to date; and 45 percent say they don’t know if they’ll utilize it.

• Cloud is still slow to take off despite the federal government’s CloudFirst initiatives. The Federal Risk and Authorization Management Program (FedRAMP), in particular, is having less of an impact than was anticipated in advancing cloud migration, with 64 percent of respondents not knowing if it is having any impact.


“On a positive note, we are starting to see an uptick in federal personnel salaries, with a 4 percent jump over salaries reported in 2013,” says Waddell. “Overall, the federal government must invest more to improve cybersecurity, but it needs to find better ways to ensure that those investments will provide adequate returns. Given the significant demand for skilled professionals, training and education are areas of investment that can lead to significantly higher returns and help to both attract and retain cybersecurity professionals.”


The U.S. federal government findings were released today during a session, “Fallout of the U.S. Government's Personnel Shortage -- NEW Findings Released From (ISC)²'s 2015 Global Workforce Study,” that took place at (ISC)²’s 2015 CyberSecureGov training event at the Ronald Reagan Building. More information on this session can be found at  


The full U.S. federal government results of the 2015 GISWS can be downloaded at   


About (ISC)² and the (ISC)² Foundation


About Booz Allen Hamilton

Booz Allen Hamilton is a leading provider of management consulting, technology, and engineering services to the US government in defense, intelligence, and civil markets, and to major corporations and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 22,000 people, and had revenue of $5.48 billion for the 12 months ended March 31, 2014. In 2014, Booz Allen celebrated its 100th anniversary year. To learn more, visit (NYSE: BAH).
For more on Booz Allen’s presence at RSA, visit:


About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies?


© 2015, (ISC)² Inc. (ISC)², CISSP, CSSLP, ISSAP, ISSMP, ISSEP, CAP, CCFP, SSCP and CBK are registered marks, and CCSP and HCISPP are service marks, of (ISC)², Inc.



View PDF version.


Media Contact

Courtney Beveridge
Extension Group
This email address is being protected from spambots. You need JavaScript enabled to view it.