Fixing The Cyber Security Workforce Gap

The international security certification organisation  (ISC)2 has published findings from its 2022 Cybersecurity Hiring Managers research report that looks at best practices for recruiting, hiring and onboarding entry, and junior-level, cyber security practitioners. 

The research, reflecting the opinions of 1,250 cybersecurity hiring managers from the UK, US, Canada and India, highlights the need to build effective job descriptions, assign appropriate roles and responsibilities, along with the importance of non-technical skills and investing in career development. 

“With a global cyber security workforce gap of 2.7 million people, organisations must be creative with their cybersecurity hiring. But that doesn’t mean they have to take more hiring risks,” said Clar Rosso, CEO, (ISC). “Successful hiring managers have learned recruiting entry- and junior-level staff and investing in their professional development results in more resilient, sustainable cyber security teams... Hiring junior staff is not a ‘leap of faith’ when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cybersecurity career. Our latest research helps guide the way.” 

Key Report Findings Include:

  • 42% of participants said training costs less than $1,000 for entry-level hires (those with less than one year of experience) to handle assignments independently.
  • Nearly a third (30%) said it takes less than $1,000 in training cost for junior-level practitioners (one to three years of experience) to handle assignments independently.
  • 37% of participants estimate entry-level practitioners are considered “up to speed” after six months or less on the job. Half said it takes up to a year. 
  • 91% of hiring managers said they give entry- and junior-level cybersecurity team members career development time during work hours.
  • Certifications are considered the most effective method of talent development for entry- and junior-level practitioners (27%), followed by in-house training (20%), conferences (19%), external training (13%), and mentoring (11%).
  • 52% of participants work with recruitment organisations to find entry- and junior-level staff. This approach is followed by looking to certification organisations (46%); colleges and universities (46%); using standard job postings (45%); apprenticeships and internships (43%); along with leveraging government workforce programs (33%).
  • 18% of hiring managers are recruiting individuals from within their organisation working in different job functions, such as help desk (29%), HR (29%), customer service (22%) and communications (20%). 

Hiring managers also revealed their top five tasks for entry-level cyber security staff:

  • Alert and Event Monitoring 
  • Documenting Processes and Procedures 
  • Using Scripting Languages 
  • Incident Response 
  • Developing and Producing Reports  

When asked how entry- and junior-level staffers help their organisation, participants said they bring new perspectives, ideas, creativity, critical skills in innovative technologies, enthusiasm, and reinvigorating energy. 

One participated said, “They’re often well versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy.”

To learn more, download the 2022 Cybersecurity Hiring Managers Guide and register for the Webinar : How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners on June 23 for a roundtable discussion of (ISC)2members sharing their experiences and best practices for hiring entry- and junior-level practitioners.

You Might Also Read: 

The Cyber Skills Shortage Is Not Getting Any Better:

 

« Cloud Computing & Security: What Enterprises Should Know
Ransom: Prepare For The Worst »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Hubify

Hubify

Hubify is an experienced, service-driven technology company specialising in business connectivity across mobile, data, voice, cloud, & cyber security solutions.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.