(ISC)² Research Finds Employer Hiring Practices Must Evolve to Overcome the Cybersecurity Workforce Gap

(ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – recently published findings from its 2022 Cybersecurity Hiring Managers research that shed light on best practices for recruiting, hiring and onboarding entry- and junior-level cybersecurity practitioners. The research, reflecting the opinions of 1,250 cybersecurity hiring managers from the U.S., Canada, U.K. and India, highlights the need to build effective job descriptions, assign appropriate roles and responsibilities, along with the importance of non-technical skills and investing in career development.

"With a global cybersecurity workforce gap of 2.7 million people, organizations must be creative with their cybersecurity hiring. But that doesn't mean they have to take more hiring risks," said Clar Rosso, CEO, (ISC)². "Successful hiring managers have learned recruiting entry- and junior-level staff and investing in their professional development results in more resilient, sustainable cybersecurity teams. Hiring junior staff is not a 'leap of faith' when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cybersecurity career. Our latest research helps guide the way."

Key report findings include:

  • 42% of participants said training costs less than $1,000 for entry-level hires (those with less than one year of experience) to handle assignments independently.
  • Nearly a third (30%) said it takes less than $1,000 in training cost for junior-level practitioners (one to three years of experience) to handle assignments independently.
  • 37% of participants estimate entry-level practitioners are considered "up to speed" after six months or less on the job. Half said it takes up to a year.
  • 91% of hiring managers said they give entry- and junior-level cybersecurity team members career development time during work hours.
  • Certifications are considered the most effective method of talent development for entry- and junior-level practitioners (27%), followed by in-house training (20%), conferences (19%), external training (13%), and mentoring (11%).
  • 52% of participants work with recruitment organizations to find entry- and junior-level staff. This approach is followed by looking to certification organizations (46%); colleges and universities (46%); using standard job postings (45%); apprenticeships and internships (43%); along with leveraging government workforce programs (33%).
  • 18% of hiring managers are recruiting individuals from within their organization working in different job functions, such as help desk (29%), HR (29%), customer service (22%) and communications (20%).

Hiring managers also revealed their top five tasks for entry-level cybersecurity staff:

  • Alert and Event Monitoring
  • Documenting Processes and Procedures
  • Using Scripting Languages
  • Incident Response
  • Developing and Producing Reports

When asked how entry- and junior-level staffers help their organization, participants said they bring new perspectives, ideas, creativity, critical skills in new technologies, enthusiasm and reinvigorating energy. One participated said, "They're often well versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy."

Featured

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.