Canadian Security Magazine

News
(ISC)2 Offers New Approaches to Cybersecurity Hiring, Training and Team Building


(ISC)² released the findings of its 2021 Cybersecurity Career Pursuers Study, which provides insights on how to successfully staff up a balanced and diverse cybersecurity team with a broad range of skills. The research reflects the opinions of 2,034 cybersecurity professionals (professionals) and cybersecurity jobseekers (pursuers) throughout the U.S. and Canada.

Recruiters and hiring managers may need to adjust the tactics they use to proactively identify internal and external candidates, (ISC)2 analysis of the study suggests.

Professionals were asked about tasks performed early in their careers that were most beneficial to their long-term success, as well as how they gained confidence that cybersecurity was the right career choice. Pursers were asked similar questions, including what tasks they expect to be assigned upon entering the field, what challenges they anticipate and why they are confident cybersecurity is the right career for them.

“One of the biggest challenges we have in cybersecurity is an acute lack of market awareness about what cybersecurity jobs entail,” said Clar Rosso, CEO of (ISC)2 in a statement. “There are wide variations in the kinds of tasks entry-level and junior staff can expect. Many organizations still default to job descriptions that rely on cybersecurity ‘all stars’ who can do it all. The reality is that there are not enough of those individuals to go around, and the smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come.”

Advertisement

(ISC)2 recommends, based on the research, that with skilled cybersecurity talent increasingly scarce, organizations must adopt more pragmatic approaches to team building. Organizations are encouraged to take broader approaches: curate role-specific requirements; invest in their cybersecurity team’s training and professional development, as well as commit to upskilling and reskilling home-grown talent to help team members translate tangential skills into valuable risk management and security know-how.

Additional highlighted findings include:

  • While cybersecurity professionals tend to be highly educated, just 51% have degrees in computer and information services. Less than half (42%) of the professionals who responded said a dedicated security education is critical for a role in cybersecurity.
  • Half of those newer to the field (with less than three years of experience) came from an IT background, compared to 63% of those with between three and seven years of experience in the field.
  • By a wide margin, fewer professionals who are relatively new to the field (less than three years) consider IT experience to be critical (46%) than do their more senior colleagues (69%)
  • Military veterans and those with law enforcement experience make up 31% of the cybersecurity professional respondents, affirming these backgrounds as ripe areas for recruitment
  • Cloud security was rated by professionals as the most important technical skill new entrants to the field should learn, while problem solving was the top-rated “soft skill” they should have. Both of these areas were simultaneously the top-rated responses by career pursuers too.