Information Security Professionals: Underrated and Unappreciated

There is a significant shortage of cybersecurity talent in the region, as suggested by the projected – 3.5 million global shortfall by 2024.

Organizations in Saudi Arabia and the UAE actively seeking to fill critical roles like Chief Information Security Officers, Security Architects, and Penetration Testers and more.

But with the rise in cyber threats and the increasing importance of data protection, are these professionals finally getting the recognition and compensation they deserve?

Major firms in the region, such as banks, consulting companies, and technology firms, seem to be actively recruiting for various cybersecurity roles. Is this a sign of changing attitudes towards the value of these professionals?

Salaries for roles like Chief Information Security Officer ($256,040 median), Network Security Architect ($175,065 median), and Security Sales Engineer ($157,509 median) are quite lucrative. Does this reflect the high demand and appreciation for their skills?

For countries like Saudi Arabia (KSA) and the United Arab Emirates (UAE), the significance of information security professionals cannot be overstated. However, despite the crucial role they play in safeguarding data and ensuring the smooth operation of the cyber infrastructure, there is a sentiment that these individuals are often underrated, unappreciated, and overlooked. Let’s take a look.

Are Information Security Professionals Undervalued in KSA and UAE?

Recruitment Trends: In KSA and UAE, the demand for information security professionals is on the rise, driven by increased digital transformation and heightened cyber threats. However, the recruitment processes do not always reflect the criticality of their roles.

Workplace Perception: There is a disparity between the importance of information security roles and the recognition they receive within organizations. Reports suggest that board members may not fully translate their verbal support into tangible investment or appreciation for IT security teams (Dark Reading).

What Challenges Do Information Security Professionals Face?

Stress and Workload: A significant portion of information security professionals report high levels of day-to-day stress and workload, with some citing the threat of cyber attacks as a cause for concern (IT Pro).

Visibility and Support: Security professionals often struggle with gaining visibility and support from executive leadership, which can lead to a lack of resources necessary to perform their duties effectively.

How Can the Value of Information Security Professionals Be Enhanced in KSA and UAE?

Recognition of Expertise: Elevating the status of information security professionals requires acknowledgment of their specialized expertise and the critical nature of their work.

Professional Development: Encouraging and facilitating continuous professional development, such as through self-paced training and immersive boot camps, can help information security professionals stay ahead of emerging threats and increase their value to organizations (Infosec Institute).

Communication of Risks: The recently released COSO-ERM framework assists cybersecurity professionals in communicating risks in language that stakeholders can understand, which may help bridge the gap between technical teams and executive leadership (CSO Online).

Addressing this issue requires a concerted effort from both organizations and the broader industry to reframe perceptions, invest in professional development, and improve communication between technical teams and leadership. By doing so, the recruitment and retention of these critical roles can be enhanced, benefiting not only the professionals themselves but also the security posture of organizations within these countries.

References

“The CIA triad: Definition, components and examples.” CSO Online, https://www.csoonline.com/article/568917/the-cia-triad-definition-components-and-examples.html.
“Information security professionalism requires both credentialing and codes of professional practice.” CSO Online, https://www.csoonline.com/article/561249/information-security-professionalism-requires-both-credentialing-and-codes-of-professional-practice.html.
“How to become an information security professional.” Infosec Institute, https://www.infosecinstitute.com/resources/professional-development/how-to-become-an-information-security-professional/.
“Information security.” IBM, https://www.ibm.com/topics/information-security.
“How leaders can look after information security professionals.” IT Pro, https://www.itpro.com/business/leadership/how-leaders-can-look-after-information-security-professionals.
“What is information security? Definition, principles, and jobs.” CSO Online, https://www.csoonline.com/article/568841/what-is-information-security-definition-principles-and-jobs.html.
“Overlooked and underappreciated: IT security professionals are suffering from an image problem.” Dark Reading, https://www.darkreading.com/cyberattacks-data-breaches/overlooked-and-underappreciated-it-security-professionals-are-suffering-from-an-image-problem.
“How to become an information security analyst.” ComputerScience.org, https://www.computerscience.org/careers/cybersecurity/information-security-analyst/how-to-become/.