Blog
Building the Next Generation of Security and Privacy Professionals
The International Association of Privacy Professionals (IAPP) and (ISC)² teamed up to dive into similar challenges facing security and privacy professionals in a constantly evolving world.
The latest (ISC)² Workforce Study shows an IT background – either from education or work experience – remains the most common point of entry for cybersecurity roles as 63% of participants reported it as their path to cybersecurity. This percentage has lowered in recent years, giving way to a variety of other entry points. Today, just over one-third of cybersecurity professionals get their start outside of IT. This number continues to expand as the profession sees exponential growth and businesses embrace diversity in order to bridge the workforce gap of 3.4 million and protect critical assets against highly evolved and diverse threat actors.
In the field today:
- 17% of cybersecurity professionals transitioned into their roles from unrelated career fields.
- 15% gained access through cybersecurity education.
- 15% explored cybersecurity concepts independently through training, certifications, accreditations and knowledge sharing.
The privacy profession has seen a similar trend. Individuals across a range of backgrounds including law, policy, professional services, technology, advertising, human resources — hold privacy roles and identify as part of the privacy profession.
Cybersecurity professionals and privacy professionals alike are seeing overlap in job functions and titles, and both are increasingly identifying as the other type of profession depending on how their organizations describe roles.
The growing field of data security continues to emerge as a core role of proper data stewardship. It is due to this growing overlap that those in privacy and security roles who manage or oversee the collection and use of data in their organizations should embrace the merging of roles and skills. Not only are privacy and security professionals overlapping more in their job duties, but they are also faced with circumstances that would best be managed with a deeper understanding of their counterparts’ industry.
Teams should consider actionable objectives to keep up with this trend, from incorporating privacy and security concepts into the software development lifecycle to cross-training as a preventive measure against security features that worsen privacy outcomes. Regardless of method, both professions will greatly benefit from the crossover in the years to come.
Just five years ago, 35,000 individuals were qualified as privacy professionals, holding roles as lawyers, technologists and administrators in both the public and private sectors. Now, the International Association of Privacy Professionals boasts more than 75,000 privacy professional members in more than 150 countries and is the only established organization providing ANSI-accredited certifications for individuals seeking to practice in the field.
The digital age has brought with it the ubiquity of data. This omnipresent data, of all kinds, has necessitated the spread of organizational roles that manage, organize and safeguard this data.
IAPP and (ISC)² understand the importance of these synergies. This paper, Building the Next Generation of Security and Privacy Professionals, represents the first step in an ongoing collaborative effort to ensure organizations benefit from cross-functional, nimble and well-resourced professionals in both fields. Moving forward, we will continue to work together across targeted projects to help deliver insights and value to benefit both professions.