New report highlights the need for diversity in cyber security recruitment

Only half of cyber security pros had dedicated security education

Cyber security recruiters should think outside the box when looking for new talent, advises a study released today by cyber security association (ISC)².

(ISC)² interviewed 2,034 cyber security professionals and job seekers in the US and Canada to understand their backgrounds and interests for the 2021 Cybersecurity Career Pursuers Study .

Specific cyber security certifications might be less critical than cyber security job seekers think, it found. Only 51% of cyber security pros have degrees in computer and information services, and only 42% considered a dedicated security education to be critical for the job.

(ISC)² recommended that organizations take a balanced approach to IT talent, seeking diverse perspectives. That might mean looking outside IT for more policy- and governance-focused cyber security skills. This trend is already beginning, it said. Only half of the cyber security professionals with under three years of experience came from an IT background, compared to 63% of more experienced cyber security workers. 

Companies are sourcing new cyber security talent from other areas, including the military and law enforcement, which made up 31% of cyber security professionals in the survey.

This ties in with recent moves by employers and nonprofits. AT&T teamed with nonprofit group NPower last year to train veterans in fighting online crime. UK-based TechVets also connects former military members with cyber security jobs.

One of (ISC)²'s recommendations was to build more diversity into cyber security teams by recruiting across race, gender, nationality, and age. However, inclusivity for women in cyber security could still use some improvement.

Two-thirds of respondents to the blind survey were male. It showed a larger proportion of women in less senior roles. Over two-thirds (37%) of female cyber security workers had under three years of experience compared to 28% who had been in the job for eight years or more. While this could mean companies were recruiting more women recently, it could also mean female cyber security workers weren’t finding enough opportunities for career progression, the report warned.

(ISC)² recommends a pragmatic approach to team building. Rather than cherry-picking seasoned professionals, recruiters should invest in training less experienced cyber security workers, ideally in skills that they’ve configured to their exact requirements. Job seekers and established professionals pointed to cloud security as the most significant skill to develop, according to the report.

Other advice for organizations trying to foster cyber security talent includes building mentoring programs to help cyber security staff develop and ensuring recognition and encouragement is an official part of the team-building process.

(ISC)² worked with research company Market Cube on the study, which had a 3.1% margin of error with a 95% confidence level.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021
Microsoft brings passwordless security to consumer accounts
Microsoft Windows

Microsoft brings passwordless security to consumer accounts

16 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021