More CRISC jobs than CISSP jobs

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 500 ■■■■■□□□□□
It seems that for some reason I see more Risk Analysis jobs (CRISC) than Security Analyst jobs where the CISSP typically applies.  Is it a fact that the shortage of professionals in Info. Security is driven by the lack of qualified Risk Analysis folks versus other areas in Info. Security?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • scascscasc Member Posts: 438 ■■■■■■□□□□
    Generally speaking there are a number of roles for both - risk will always be important because in a nutshell your board/SM want to know what your cyber risks are/mitigations etc, whilst security will always be important because you need to defend against attacks/ensure you have secure solutions deployed etc. 

    Is there an area you prefer? I work in Risk personally.
    MSc, BSc (Hons), C-CISO, CISSP, CCSP, CASP, CCSK, CISM, CISA, CRISC, GSTRT, GSLC, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP
  • yoba222yoba222 Senior Member Member Posts: 1,237 ■■■■■■■■□□
    edited October 2019
    I'm not convinced there is a shortage of professionals in info security personally. Most articles I find preaching the idea cite studies performed by companies (ISC2, for example) who profit from selling info sec training and certification. This is a biased source with an agenda, and disqualifies its outcome in my opinion.

    Then many of the rest blindly echo the same study, as is so popular to do in modern news media nowadays. I believe there are many IT job shortages in general, and if you fixate on info sec in a study, it's easy to gather statistics that support such a shortage.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • MooseboostMooseboost Senior Member Member Posts: 778 ■■■■□□□□□□
    As someone who has been a hiring position before, I agree that there is a hiring shortage with an asterisk there. I think there is a shortage of good infosec people, a ton of people seem to be flooding the market because security seems to be getting the rep IT had a while back (easy high paying jobs in high demand).. I've interviewed people who tried to tell me they didn't like Cybrary because its too expensive.. Finding good folks is difficult and at least in my area, its definitely an employee market because if you are good, you are in demand. 

    I wouldn't say that the market is driven by the lack of risk analysts in specific. This whole field is.. flexible in titles. I've met security analysts who are analysts by title but security officers or risk management in job function. Risk is generally though is growing in demand (I think anyways) because more orgs are getting onboard with compliance being a focus point. 
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    @egrizzly To answer your statement directly, I think that YMMV by location and demand. There may be more demand as the those with the CRISC certification may be paid less than those with the CISSP  designation. The ask for those with the CRISC are mainly receiving compliance work with some other Info Security domains thrown in at the company's discretion. 
    In my area there are a great deal of (3,6,9 month) contracts where work may be needed. Most contractors do not want to leave an open ended contract only to walk into an unknown situation.

    In addition, there is something to be said about surveys on both sides. 
    In most cases people do not want to (or cannot) pay for a full time security person but they need some contractor or professional service to get the job done. 
Sign In or Register to comment.