New report highlights the need for diversity in cyber security recruitment
Only half of cyber security pros had dedicated security education
Cyber security recruiters should think outside the box when looking for new talent, advises a study released today by cyber security association (ISC)².
Specific cyber security certifications might be less critical than cyber security job seekers think, it found. Only 51% of cyber security pros have degrees in computer and information services, and only 42% considered a dedicated security education to be critical for the job.
(ISC)² recommended that organizations take a balanced approach to IT talent, seeking diverse perspectives. That might mean looking outside IT for more policy- and governance-focused cyber security skills. This trend is already beginning, it said. Only half of the cyber security professionals with under three years of experience came from an IT background, compared to 63% of more experienced cyber security workers.
Companies are sourcing new cyber security talent from other areas, including the military and law enforcement, which made up 31% of cyber security professionals in the survey.
This ties in with recent moves by employers and nonprofits. AT&T teamed with nonprofit group NPower last year to train veterans in fighting online crime. UK-based TechVets also connects former military members with cyber security jobs.
One of (ISC)²'s recommendations was to build more diversity into cyber security teams by recruiting across race, gender, nationality, and age. However, inclusivity for women in cyber security could still use some improvement.
Two-thirds of respondents to the blind survey were male. It showed a larger proportion of women in less senior roles. Over two-thirds (37%) of female cyber security workers had under three years of experience compared to 28% who had been in the job for eight years or more. While this could mean companies were recruiting more women recently, it could also mean female cyber security workers weren’t finding enough opportunities for career progression, the report warned.
(ISC)² recommends a pragmatic approach to team building. Rather than cherry-picking seasoned professionals, recruiters should invest in training less experienced cyber security workers, ideally in skills that they’ve configured to their exact requirements. Job seekers and established professionals pointed to cloud security as the most significant skill to develop, according to the report.
Other advice for organizations trying to foster cyber security talent includes building mentoring programs to help cyber security staff develop and ensuring recognition and encouragement is an official part of the team-building process.
(ISC)² worked with research company Market Cube on the study, which had a 3.1% margin of error with a 95% confidence level.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download