More CRISC jobs than CISSP jobs
It seems that for some reason I see more Risk Analysis jobs (CRISC) than Security Analyst jobs where the CISSP typically applies. Is it a fact that the shortage of professionals in Info. Security is driven by the lack of qualified Risk Analysis folks versus other areas in Info. Security?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Is there an area you prefer? I work in Risk personally.
Then many of the rest blindly echo the same study, as is so popular to do in modern news media nowadays. I believe there are many IT job shortages in general, and if you fixate on info sec in a study, it's easy to gather statistics that support such a shortage.
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
I wouldn't say that the market is driven by the lack of risk analysts in specific. This whole field is.. flexible in titles. I've met security analysts who are analysts by title but security officers or risk management in job function. Risk is generally though is growing in demand (I think anyways) because more orgs are getting onboard with compliance being a focus point.
In my area there are a great deal of (3,6,9 month) contracts where work may be needed. Most contractors do not want to leave an open ended contract only to walk into an unknown situation.
In addition, there is something to be said about surveys on both sides.
In most cases people do not want to (or cannot) pay for a full time security person but they need some contractor or professional service to get the job done.