Hiring Good Cyber Security Professionals Is Hard Work

Uploaded on 2021-02-12 in JOBS-Careers, FREE TO VIEW

The Coronavirus pandemic has thrown cyber security professionals into an  unprecedented situation, with many facing the most difficult challenges of their career. For Business and IT leaders the challenge is exaggerated by the shortage of qualified cyber security professionals to fill jobs at their organisations. This is despite the relatively high salaries and stability associated with jobs in the field.

In a recent cyber skills survey carried out by Cyberbit,  60% of respondents said that barely half of all applicants for cyber security positions at their companies were properly qualified. This included a lack of adequate skills in intrusion detection, and network monitoring, again with almost 60% saying these are major areas of concern.

Cyber security jobs will grow by 31% between 2019 and 2020, or much faster than the average for virtually all other occupations, the US Bureau of Labor Statistics has projected. In 2020, the worldwide cybersecurity workforce gap, or the difference between the number of skilled professionals required to protect organisations and the number available to fill those roles, declined slightly according to the leading professional certification organistaion (ISC)2. They calculated the  number of unfilled cybersecurity jobs worldwide in 2019 - 2020 to be 3.12 million people worldwide, with 359,000 of those in the US.

Concerns over inadequately prepared cyber security job applicants come even as demand for cyber security jobs remains strong and there are five important reasons why organisations have difficulty  in finding the right cyber security employees.  

  • There is a disconnect exists between HR and the information security team at many organisations.  Cyberbit's survey found that HR departments often do not have a clear idea of cyber security roles and the requirements for those roles; in fact, just one-third of the respondents to the survey felt that HR understood those requirements. The gap can often affect an organisation's ability to attract the right talent for the cybersecurity team.
  • Wrong perceptions about cyber security may be holding back people from entering or exploring the field as a career option.   A 2020 report from (ISC)2 of 2,500 individuals in the US and UK who are not currently in the cyber security field suggests that not enough job seekers are considering a cybersecurity job to close the gaps. Despite a ready availability of jobs, relatively high salaries, and good job stability, many are not drawn to the field because of mistaken perceptions of what the work entails. Many individuals consider the cyber security profession to be one that requires a high level of specialised technical skills, the survey found.

Though 69% agreed that cyber security might offer a good career path, 61% felt that they would need more education or certifications to enter the field. Some 27% felt that their inability to code was a disqualification, while more than one-quarter (26%) described the field as being too intimidating.

  • One important reason why some organisations have a hard time finding cyber security professionals is that they insist on hiring only people with formal four-year degrees in cyber security. That's a mistake, said John Pescatore at the SANS Institute, who thinks that its more valuable  to have hands-on experience with cyber security, rather than merely having attended classroom lectures that talk about doing something.

This is especially true for entry-level cyber security jobs, he said. Many university cyber security degree programs tend not to be very useful to hiring organisations because of their over emphasis on a lecture-driven format, Pescatore said. Often, they are also not especially exciting to creative, inquisitive, and analytical individuals seeking a career in cyber security, he added. 

  • Hiring managers should think more broadly about the requirements for cyber security roles. Academic degrees in cyber security and certifications in the field are important. But not all roles require technical skills. In fact, plenty of opportunities in the cyber security field are good fits for non-technical professionals. 
  • Individuals looking to break into the cyber security profession can help themselves and their employers by picking up coding skills and one of the best skills to break in at the entry level is considered to be Python coding, which was designed to be a straight-forward and generally lightweight scripting language that would require minimal coding background to accomplish automation and analysis.

Tackling the skills shortage calls for a fundamental reassessment of how organisations deal with defining the requirements for cyber security roles. Also, improving the ways in which they communicate those requirements to candidates, especially those who may want to enter the field but are put off by their misconceptions about the profession.

ISC2:          Cyberbit:          TechBeacon:       US Bureau of Labor Statistics:     Image: Unsplash

You Might Also Read: 

Five Reasons Why Women Should Consider A Career In Cyber Security:

« Instagram, TikTok & Twitter Shutdown Stolen Accounts
5G Will Disrupt Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.