We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, the ISC2 released the 2022 Cybersecurity Hiring Managers report, an independent study of 1,250 hiring managers at organizations across the U.S., Canada, United Kingdom and India, looking to examine best practices for recruiting, hiring and onboarding entry and junior-level cybersecurity practitioners.
One of the most interesting findings from the report was that it doesn’t take long to get entry-and junior-level staff developed, with 37% of hiring managers saying entry- and junior-level hires are ready to handle assignments independently within six months or less on the job.
This suggests that the cyberskills gap could be mitigated not just by headhunting industry specialists, but by building a recruitment process that onboards and developers junior cybersecurity talent, to provide them with access to the tools and knowledge they need to enhance their career.
Bridging the cyberskills gap
The report comes as cybersecurity professionals are demanding greater career development potential in their roles, with Pluralsight data showing that 48% of tech workers have considered getting a new job because they believe they did not receive enough upskilling opportunities.
For security teams, combining existing hiring practices alongside talent-development initiatives could hold the key to addressing the cyberskills gap and the Great Resignation among senior researchers.
It seems many organizations are starting to realize this, with researchers anticipating the global IT training market will increase from $68 billion in 2020 to $97.6 billion by 2026 as more organizations implement elearning solutions to teach employees new skills.
“Cybersecurity is a high-demand, high-profile profession with acute staffing shortages. Hiring junior staff is not a risk or a compromise; if anything it is a proactive move to improve cybersecurity resilience today and in the future,” said ISC2 EVP advocacy, global markets and member engagement researcher, Tara Wisniewski.
“This is especially so when hiring managers are equipped with the knowledge and awareness to identify candidates with the attributes and skills needed for a successful cybersecurity career, along with the resources and willingness to invest in them and develop them,” Wisniewski said.
Wisniewski argues that filling the cyberskills gap is about broadening the talent pool, through looking beyond the IT and cybersecurity industry and then investing in those diverse candidates not only through training, but also through mentoring and knowledge sharing so they can help find an “attainable career pathway.”
Other findings: what tasks hiring managers can expect junior professionals to complete
Another key finding from the research was the key tasks and responsibilities that entry-level candidates can be expected to conduct in their positions.
The top tasks for entry-level candidates included alert and event monitoring (35%), documenting processes and procedures (35%), using scripting languages (29%), incident response (28%), and reporting, developing and producing reports (26%).
It’s worth noting that many of these tasks, such as alert monitoring and documenting processes, are tasks that can reduce the administrative burdens on more senior security analysts, so they can focus on more rewarding or impactful work.
The research also highlighted that hiring managers generally looked for SC2 Certified Information Systems Security Professional (CISSP) followed by the ISACA Certified Information Security Manager (CISM) certifications to identify promising entry- and junior-level candidates.
The most in-demand technical skills from these candidates were data security, cloud security, secure software development, data analysis and security administration.