(ISC)² : 84 per cent of cybersecurity workers open to new opportunities in 2018

The report reveals low numbers of highly engaged workers; only 15 per cent of respondents say they have no plans to switch jobs this year, while 14 per cent plan to look for a new job and 70 per cent are open to new opportunities.

Data suggests unmet expectations between organizations and their cybersecurity workforce — during the hiring process and time on the job — combined with high demand for security skills and frequent contacts from recruiters may be encouraging cybersecurity professionals to look for new opportunities.

Key findings

When asked what is most important for cybersecurity professionals’ personal fulfillment, 68 per cent of respondents wan to work where their “opinions are taken seriously”; 62 per cent want to work where they can “protect people and their data”; and 59 per cent want to work for an employer “that adheres to a strong code of ethics.”

The study also reports that, when asked what is most important for cybersecurity employees’ professional goals, the top priority (62 per cent) is working for a company with “clearly defined ownership of cybersecurity responsibilities.”

Additionally, 59 per cent want an employer that “views cybersecurity more broadly than just technology,” and 59 per cent want to work for an organization that “trains employees on cybersecurity.”  

When asked what best describes the value they bring to an employer, 81 per cent say “developing cybersecurity strategy”; 77 per cent say “managing cybersecurity technologies”; 69 per cent say “educating users about cybersecurity best practices”; and 67 per cent say “analyzing business processes for risk assessment.”

Finally, when asked what skills they use most on a daily basis, 58 per cent say network monitoring, 53 per cent say security analysis, 53 per cent say security administration and 47 per cent say intrusion detection.

What employers need to know

According to the report, employers often fail to impress cybersecurity jobseekers and staff.

Respondents said vague job descriptions (52 per cent), job descriptions that inaccurately reflect responsibilities (44 per cent) and job postings that ask for insufficient qualifications (42 per cent) demonstrate an “organization’s lack of cybersecurity knowledge.”

Cybersecurity professionals believe their performance should be evaluated by how quickly they respond to a breach or security incident (43 per cent); security program maturity (30 per cent); how effectively they increase employee security awareness (30 per cent); and how effectively they handle remediation (28 per cent).

Additionally, the cybersecurity workforce is being aggressively pursued by recruiters, with 13 per cent saying they are contacted “many times a day”; eight per cent, once a day; 16 per cent, a few times a week; and 34 per cent, a couple times a month.

Finally, 85 per cent of respondents say they would investigate a potential employer’s security capabilities before taking a job. What they discover would influence their decision, with 52 per cent more likely to take a job with an organization that takes security seriously and 40 per cent saying they will work for a company that needs security improvements.

The full “Hiring and Retaining Top Cybersecurity Talent” report can be downloaded here.