author photo
By Bruce Sussman
Thu | Sep 24, 2020 | 9:59 AM PDT

In a world full of Penguins, Jokers, and Riddlers, there is one name above the rest: Batman. That's the way it is in Gotham City.

If you carry that story line over into the real world, you could write it like this:

On a planet full of hackers, cybercriminals, and ransomware operators, there is one profession above the rest: cybersecurity. 

New research reveals cybersecurity professionals are riding a wave of popularity from those outside of the security community. And in some cases, the public is expressing gratitude:

"I'm just thankful somebody's doing it," said one of the respondents in this new survey.

ISC(2) Cybersecurity Perceptions Study 2020 results

In its 2020 Cybersecurity Perception Study, ISC(2) surveyed 2,500 people in the U.S. and  U.K. about their views on cybersecurity as a profession. 

And the results may put a smile on your face.

When asked how they view cybersecurity professionals, respondents from outside security voted like this:

  • 71% of participants say they view cybersecurity professionals as "smart, technically skilled individuals"
  • 51% say they think of security professionals as one of the "good guys
    fighting cybercrime."
  • 35% say cybersecurity professionals "keep us safe, like police and firefighters."
  • 9% of respondents say they think of cybersecurity professionals as "heroes"

Hello, Batman.

ISC(2) says these findings come as a welcome and overdue surprise to those in the security field.

"The results indicate a marked change since a Thycotic study as recently as 2019 found that many security professionals believe they've got an image problem, with roughly two-thirds believing their teams are regarded as the company naysayers—either 'doom mongers' or a 'necessary evil.'

On the contrary, a new level of respect and appreciation has developed for cybersecurity professionals."

Why are opinions of cybersecurity professionals surging?

What is causing this swing in opinion and this more positive view of cybersecurity professionals? 

Constant headlines about hacking and cyberattacks have raised awareness of the risk, and security teams get credit for defending against these mysterious foes.

However, a large part of this popularity surge has to be credited to the attitude of security leaders. Just look at some of the sentiments expressed during featured presentations at this week's virtual SecureWorld Atlanta-Charlotte conference. 

Rick Doten, Vice President of Information Security at Centene Corporation, says security has finally transitioned away from hampering the business and switched to business enablement:

"Ten years ago, the security community was like the Department of 'No.' Like no, we can't do that. But what happened is we made our users our biggest hackers, and they started going around our controls. That's where shadow IT comes in, because, hey, 'I have no way to send a large file to somebody outside, so I'm just going to put it on Dropbox,' or I'm going to be putting a thumb drive and mail it to somebody, you know, unencrypted.

I need to understand all these business processes that our users are needing. And when someone says, 'Hey, can I do something?' well, let's figure out a way to do this securely. And that goes back into what you're presenting to the leadership. There are some requirements that [end] users have that I want to be able to do in a secure way."

And Tamika Bass, CISO at the Georgia Department of Revenue, says she and her team are intentional about building bridges across the organization so that security can actually help.

"We ask what are your departmental goals? And then you can start to think about aligning with them to achieve those goals. The next thing we need to do... is really to operate with a mindset of servant. Right? How can you help them achieve their goals?"

And at the virtual SecureWorld Boston, Sandy Silk, Director of Information Security Education and Consulting at Harvard University, explained she is extremely intentional about getting security on board with digital transformation:

"I can see what a fantastic job my team at Harvard is doing in these culture and workforce shifts, embracing technology and data driven decisions that have really moved us from being that department of 'no' and that kind of legacy bias and prejudiced expectation that people have about information security professionals.

That 'Oh, if I have to go to them, it's going to slow us down, they're going to crush all of our innovation' to really a group that's enabling them to put new processes, new innovations, new ways of doing things into place. The rest of the organization looks forward to working with us as we consult on the projects that involve high risk data or high risk system functionality."

All organizations should be moving this direction, Silk says, because security teams that do not embrace enabling digital transformation risk getting left behind.

[RELATED: Podcast interview with Sandy Silk]

What's stopping people from pursuing a cybersecurity career

So with cybersecurity's personality shift paying dividends within organizations, and security professionals being viewed as smart and crucial, there is a lingering question: why don't more people pursue a career in information security?

ISC(2) asked questions related to this in its survey. And responses reveal what security must overcome to develop a broader talent pipeline:

  • 32% of respondents believe a cybersecurity career would require too much technical knowledge or training
  • 27% say the issue is they "don't know how to code"
  • 26% say "the field is too intimidating"

More than a third of women responded that the "field is too intimidating" to transition into, compared to 17% of men saying the same thing.

And ISC(2) cites several additional challenges to bringing more people into the cybersecurity career field.

"Another factor that could be causing confusion about the profession is the sheer breadth and sprawl of cybersecurity as a far-reaching discipline, which pervades nearly every function of an organization. This makes it difficult for outsiders to easily grasp exactly what the professional does.

Moreover, pop culture references and lack of exposure in educational curriculum also seem to play a role."

Want to know more about this study? See the ISC(2) Cybersecurity Perception Study.

To join SecureWorld's virtual conference series, go here: 
2020 SecureWorld Virtual Conference Calendar