Fixing The Cyber Security Workforce Gap

Uploaded on 2022-06-16 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The international security certification organisation  (ISC)2 has published findings from its 2022 Cybersecurity Hiring Managers research report that looks at best practices for recruiting, hiring and onboarding entry, and junior-level, cyber security practitioners. 

The research, reflecting the opinions of 1,250 cybersecurity hiring managers from the UK, US, Canada and India, highlights the need to build effective job descriptions, assign appropriate roles and responsibilities, along with the importance of non-technical skills and investing in career development. 

“With a global cyber security workforce gap of 2.7 million people, organisations must be creative with their cybersecurity hiring. But that doesn’t mean they have to take more hiring risks,” said Clar Rosso, CEO, (ISC). “Successful hiring managers have learned recruiting entry- and junior-level staff and investing in their professional development results in more resilient, sustainable cyber security teams... Hiring junior staff is not a ‘leap of faith’ when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cybersecurity career. Our latest research helps guide the way.” 

Key Report Findings Include:

  • 42% of participants said training costs less than $1,000 for entry-level hires (those with less than one year of experience) to handle assignments independently.
  • Nearly a third (30%) said it takes less than $1,000 in training cost for junior-level practitioners (one to three years of experience) to handle assignments independently.
  • 37% of participants estimate entry-level practitioners are considered “up to speed” after six months or less on the job. Half said it takes up to a year. 
  • 91% of hiring managers said they give entry- and junior-level cybersecurity team members career development time during work hours.
  • Certifications are considered the most effective method of talent development for entry- and junior-level practitioners (27%), followed by in-house training (20%), conferences (19%), external training (13%), and mentoring (11%).
  • 52% of participants work with recruitment organisations to find entry- and junior-level staff. This approach is followed by looking to certification organisations (46%); colleges and universities (46%); using standard job postings (45%); apprenticeships and internships (43%); along with leveraging government workforce programs (33%).
  • 18% of hiring managers are recruiting individuals from within their organisation working in different job functions, such as help desk (29%), HR (29%), customer service (22%) and communications (20%). 

Hiring managers also revealed their top five tasks for entry-level cyber security staff:

  • Alert and Event Monitoring 
  • Documenting Processes and Procedures 
  • Using Scripting Languages 
  • Incident Response 
  • Developing and Producing Reports  

When asked how entry- and junior-level staffers help their organisation, participants said they bring new perspectives, ideas, creativity, critical skills in innovative technologies, enthusiasm, and reinvigorating energy. 

One participated said, “They’re often well versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy.”

To learn more, download the 2022 Cybersecurity Hiring Managers Guide and register for the Webinar : How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners on June 23 for a roundtable discussion of (ISC)2members sharing their experiences and best practices for hiring entry- and junior-level practitioners.

You Might Also Read: 

The Cyber Skills Shortage Is Not Getting Any Better:

 

« Cloud Computing & Security: What Enterprises Should Know
Ransom: Prepare For The Worst »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Yokogawa Electric

Yokogawa Electric

Yokogawa is an electrical engineering company providing measurement, control, and information technologies including industrial cyber security.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.