Fixing The Cyber Security Workforce Gap

Uploaded on 2022-06-16 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The international security certification organisation  (ISC)2 has published findings from its 2022 Cybersecurity Hiring Managers research report that looks at best practices for recruiting, hiring and onboarding entry, and junior-level, cyber security practitioners. 

The research, reflecting the opinions of 1,250 cybersecurity hiring managers from the UK, US, Canada and India, highlights the need to build effective job descriptions, assign appropriate roles and responsibilities, along with the importance of non-technical skills and investing in career development. 

“With a global cyber security workforce gap of 2.7 million people, organisations must be creative with their cybersecurity hiring. But that doesn’t mean they have to take more hiring risks,” said Clar Rosso, CEO, (ISC). “Successful hiring managers have learned recruiting entry- and junior-level staff and investing in their professional development results in more resilient, sustainable cyber security teams... Hiring junior staff is not a ‘leap of faith’ when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cybersecurity career. Our latest research helps guide the way.” 

Key Report Findings Include:

  • 42% of participants said training costs less than $1,000 for entry-level hires (those with less than one year of experience) to handle assignments independently.
  • Nearly a third (30%) said it takes less than $1,000 in training cost for junior-level practitioners (one to three years of experience) to handle assignments independently.
  • 37% of participants estimate entry-level practitioners are considered “up to speed” after six months or less on the job. Half said it takes up to a year. 
  • 91% of hiring managers said they give entry- and junior-level cybersecurity team members career development time during work hours.
  • Certifications are considered the most effective method of talent development for entry- and junior-level practitioners (27%), followed by in-house training (20%), conferences (19%), external training (13%), and mentoring (11%).
  • 52% of participants work with recruitment organisations to find entry- and junior-level staff. This approach is followed by looking to certification organisations (46%); colleges and universities (46%); using standard job postings (45%); apprenticeships and internships (43%); along with leveraging government workforce programs (33%).
  • 18% of hiring managers are recruiting individuals from within their organisation working in different job functions, such as help desk (29%), HR (29%), customer service (22%) and communications (20%). 

Hiring managers also revealed their top five tasks for entry-level cyber security staff:

  • Alert and Event Monitoring 
  • Documenting Processes and Procedures 
  • Using Scripting Languages 
  • Incident Response 
  • Developing and Producing Reports  

When asked how entry- and junior-level staffers help their organisation, participants said they bring new perspectives, ideas, creativity, critical skills in innovative technologies, enthusiasm, and reinvigorating energy. 

One participated said, “They’re often well versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy.”

To learn more, download the 2022 Cybersecurity Hiring Managers Guide and register for the Webinar : How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners on June 23 for a roundtable discussion of (ISC)2members sharing their experiences and best practices for hiring entry- and junior-level practitioners.

You Might Also Read: 

The Cyber Skills Shortage Is Not Getting Any Better:

 

« Cloud Computing & Security: What Enterprises Should Know
Ransom: Prepare For The Worst »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.