The Unusual World of Information Security Professionals

Diving into the Unusual World of Information Security: An exploration of why the cybersecurity profession allows non-qualified individuals to enter its ranks, and the potential risks it poses in an increasingly digital world.


Roshan Yacob George CISA CISSP CFE

11/18/20231 min read

woman in yellow knit cap and black framed eyeglasses
woman in yellow knit cap and black framed eyeglasses

In the world of specialized professions, such as lawyers, doctors, and chartered accountants, stringent qualifications are a prerequisite to practice. However, there's one profession that seems to defy this norm - Information Security. Unlike these other fields, Information Security allows anyone to enter its ranks, even without any security certifications.

The scarcity of qualified information security professionals has led to the hiring of individuals who lack the necessary qualifications. This situation is akin to hiring individuals without medical degrees to work as doctors, and it's a growing concern in the field of cybersecurity.

One of the main reasons for this phenomenon is the limited number of skilled information security resources available in the market. As a result, non-qualified professionals have flooded the Indian job market, outnumbering their qualified counterparts. Organizations have embraced these non-qualified professionals for their cost-effectiveness, flexibility, and interpersonal skills, which often surpass those of the qualified candidates.

Qualified information security professionals tend to be introverted and, as some might say, "boring." In contrast, non-qualified professionals excel in communication and interpersonal skills, making them more appealing candidates to potential employers, even though they may lack the conceptual strength required for the job.

This paradox creates a significant challenge, as cybercrime rates continue to rise. Hiring non-qualified "quacks" in the field of information security might be more cost-effective, but it comes with a high price in terms of vulnerabilities and risks. It's like seeking a cure from someone who lacks the necessary medical expertise.

In conclusion, the Information Security profession's unique openness to non-qualified professionals has both advantages and disadvantages. While it provides opportunities for a diverse workforce, it also poses risks due to the lack of necessary qualifications. As the cybersecurity landscape continues to evolve, it's crucial for organizations to strike a balance between interpersonal skills and expertise to combat the growing threat of cybercrime effectively.