With a severe cybersecurity skills gap at 2.7 million globally and a gap in the US of over 400,000, hiring managers are looking for entry-level and junior candidates to fill. filled with vacancies, according to a New report of the global cybersecurity professional organization (ISC).
As another measure, 91% of hiring managers are asking for professional development during working hours.
Previous research (ISC) ² recommended that organizations look outside of the traditional pool of cybersecurity candidates to build resilient teams at all levels. Finding and nurturing new entrants into the field requires a shift in recruitment tactics and investments in training so new hires can learn and grow, the organization says.
Tara Wisniewski, executive vice president (ISC) ² for advocacy, global markets, and member engagement also encounters various obstacles.
One of the biggest challenges “is that hiring managers rely on unrealistic job descriptions and hiring practices – too much emphasis on experience, even for entry-level roles that don’t work.” previous experience is not possible,” Wisniewski said. “This ‘chicken and egg’ scenario has plagued the cybersecurity field for some time, especially at the bottom of the career ladder.”
UNDERSTAND: Hiring Toolkit: Data Scientist (TechRepublic Premium)
This leads to an aging and less diverse average workforce in cyberspace, and to fewer new people being recruited to impart knowledge and best practices, she said. said more.
However, the challenges of recruiting younger and first-time professionals are only part of the problem.
“For example, it is difficult to draw experienced people away from other cybersecurity employers due to the high levels of job satisfaction we see in this field,” says Wisniewski. “This often leads to financial rewards and the ability to provide them to tailor companies’ ability to successfully meet the expectations of their experienced staff.”
What can a hiring manager do to fill these roles
Working with recruitment and staffing companies is the first step cited by 52% of study participants to hiring prospective team members. This is followed by certification bodies (46%) along with colleges and universities (46%).
Respondents also relied on standard job postings (45%), apprenticeships and internships within their organizations (43%), and partnerships with government workforce programs ( 33%).
Hiring managers also need to be open-minded to new and junior trainees, says Wisniewski.
“Hiring at this level should be seen as an investment in the future, not as a quick fix,” she said. “Energy, new perspectives, and a willingness to learn and be molded by the organization are invaluable assets that companies need more of. Hiring managers also need to work closely with HR to rethink and be more realistic about job descriptions and minimum requirements.”
Hiring managers should look beyond the traditional pool of IT and cybersecurity talent. Attracting young professionals for their first jobs is important, according to Wisniewski, but tapping into the broader skills market to attract career changers is equally valuable. The military and those working in a variety of non-technical roles are equally well-suited to transferring themselves and their skills into the cybersecurity field.
“Ultimately, hiring managers need to invest in the people and create long-term career paths for the people they hire, rather than relying solely on the experienced elements of the workforce. cybersecurity,” Wisniewski said.
Few managers hire from within
A less frequently used option (18%) is to hire individuals within the organization. Research shows that 46% of organizations with less than 100 people and 34% of organizations with more than 5,000 people said they recruit junior and junior staff from other internal departments.
Entry-level and grassroots cybersecurity talent can be found in IT (89%), tech support/help (29%), human resources (29%), service customers (22%) and communication (20%).
The study notes that crafting an entry-level job description requires a team effort, and says that “the solution is more collaborative between hiring managers and HR.”
Top tasks for senior and junior staff
Research shows that the top five tasks for entry-level employees are:
- Alerts and event monitoring (35%)
- Documenting processes and procedures (35%)
- Use scripting languages (29%)
- Incident response (28%)
- Build and generate reports (26%)
The top five duties for junior employees are:
- Information security (authentication, privacy)
- Backup, Restore and Business Continuity
- Intrusion detection
- Penetration test
Top traits to look for in entry-level and junior team members
According to (ISC) ‘s report, there are a number of characteristics in three categories – technical skills, non-technical skills and personal characteristics – that hiring managers should consider in entry candidates.
UNDERSTAND: The COVID-19 gender gap: Why women quit and how to get them back to work (free PDF) (TechRepublic)
The top five technical skills are data security, cloud security, secure software development, data analytics, and security governance.
The top five non-technical skills are teamwork, ability to work independently, project management experience, customer service experience, and presentation skills.
The top five personality attributes are problem solving, creativity, analytical thinking, inquisitiveness, and critical thinking.
(ISC) ² has addressed skills shortages and gaps with initiatives including the development of entry-level cybersecurity certifications.
“By equipping the next generation of cybersecurity professionals with a foundational qualification, hiring managers will have the recognized and real capacity to draw on other experience,” says Wisniewski.
(ISC)² says it polled 1,250 hiring managers at small, medium and large organizations in the US, Canada, UK and India about their activities and interests.