(ISC)² – THE world’s largest non-profit association of certified cyber security professionals – has just published the findings of research that has underpinned its 2022 Cyber Security Hiring Managers Guide*, the detailed document that sheds light on Best Practice when it comes to recruiting, hiring and on-boarding entry-level and junior-level cyber security practitioners.
Reflecting the opinions of no fewer than 1,250 cyber security hiring managers from the UK, the US, Canada and India, the research** highlights the need to build effective job descriptions and assign appropriate roles and responsibilities alongside the overriding importance of non-technical skills and investing in career development.
“With a global cyber security workforce gap of circa 2.7 million people, organisations must be creative with their cyber security hiring, but that doesn’t mean they have to take more hiring risks,” observed Clar Rosso, CEO at (ISC)².
Rosso continued: “Successful hiring managers have learned that recruiting entry-level and junior-level staff and investing in their professional development results in more resilient and sustainable cyber security teams. Hiring junior staff is not a ‘leap of faith’ when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cyber security career. Our latest research helps guide the way.”
Key report findings
Some of the key report findings include the following:
*42% of participants said that training costs less than £815.00 for entry-level hires (ie those with less than one year of experience) to handle assignments independently
*Nearly one third (ie 30%) of respondents observed that it takes less than £815.00 in training costs for junior-level practitioners (with one-to-three years’ worth of experience) to handle assignments independently
*37% of participants estimate that entry-level practitioners are considered to be ‘up to speed’ after six months or less in the role. 50% said it takes up to a year
*91% of hiring managers said that they afford entry-level and junior-level cyber security team members career development time during work hours
*Certifications are considered the most effective method of talent development for entry-level and junior-level practitioners (27%) followed by in-house training (20%), conferences (19%), external training (13%) and mentoring (11%)
*52% of participants work with recruitment organisations to find entry-level and junior-level staff. This approach is followed by looking to certification organisations (46%) and colleges and universities (46%), using standard job postings (45%), apprenticeships and internships (43%) along with leveraging Government workforce programmes (33%)
*18% of hiring managers are recruiting individuals from within their organisation working in different job functions, such as on the Help Desk (29%), in Human Resources (29%), customer services (22%) and communications (20%)
Top Five tasks
Hiring managers have also revealed their Top Five tasks for entry-level cyber security staff. These are:
*Alert and event monitoring
*Documenting processes and procedures
*Using scripting languages
*Developing and producing reports
When asked how entry-level and junior-level staffers help their organisation, participants noted that they bring new perspectives, ideas and creativity as well as critical skills in new technologies in addition to enthusiasm and a reinvigorating energy. One participant in the study explained: “They’re often well versed on the newest innovations, even more so than some of our established senior contributors, while at the same time lacking skills to support their curiosity. The situation creates excellent synergy.”
*Further information is available by downloading the 2022 Cyber Security Hiring Managers Guide and registering for the webinar entitled How to Hire and Develop Entry-Level and Junior-Level Cyber Security Practitioners. The latter runs on 23 June and includes a round table discussion involving (ISC)2 members sharing their experiences and Best Practice techniques for hiring entry-level and junior-level practitioners
**The results presented in the report are from a ‘blind’ online survey conducted by (ISC)² in December last year. The total respondent base included 1,250 cyber security hiring managers from the United States (500), Canada (150), the United Kingdom (200) and India (400). The margin of error for the global descriptive statistics in the research is +/- 2.8% at a 95% confidence level