New report highlights the need for diversity in cyber security recruitment

People sitting in an open office setting
(Image credit: Microsoft)

Cyber security recruiters should think outside the box when looking for new talent, advises a study released today by cyber security association (ISC)².

(ISC)² interviewed 2,034 cyber security professionals and job seekers in the US and Canada to understand their backgrounds and interests for the 2021 Cybersecurity Career Pursuers Study .

Specific cyber security certifications might be less critical than cyber security job seekers think, it found. Only 51% of cyber security pros have degrees in computer and information services, and only 42% considered a dedicated security education to be critical for the job.

(ISC)² recommended that organizations take a balanced approach to IT talent, seeking diverse perspectives. That might mean looking outside IT for more policy- and governance-focused cyber security skills. This trend is already beginning, it said. Only half of the cyber security professionals with under three years of experience came from an IT background, compared to 63% of more experienced cyber security workers.

Companies are sourcing new cyber security talent from other areas, including the military and law enforcement, which made up 31% of cyber security professionals in the survey.

This ties in with recent moves by employers and nonprofits. AT&T teamed with nonprofit group NPower last year to train veterans in fighting online crime. UK-based TechVets also connects former military members with cyber security jobs.

One of (ISC)²'s recommendations was to build more diversity into cyber security teams by recruiting across race, gender, nationality, and age. However, inclusivity for women in cyber security could still use some improvement.

Two-thirds of respondents to the blind survey were male. It showed a larger proportion of women in less senior roles. Over two-thirds (37%) of female cyber security workers had under three years of experience compared to 28% who had been in the job for eight years or more. While this could mean companies were recruiting more women recently, it could also mean female cyber security workers weren’t finding enough opportunities for career progression, the report warned.

(ISC)² recommends a pragmatic approach to team building. Rather than cherry-picking seasoned professionals, recruiters should invest in training less experienced cyber security workers, ideally in skills that they’ve configured to their exact requirements. Job seekers and established professionals pointed to cloud security as the most significant skill to develop, according to the report.

Other advice for organizations trying to foster cyber security talent includes building mentoring programs to help cyber security staff develop and ensuring recognition and encouragement is an official part of the team-building process.

(ISC)² worked with research company Market Cube on the study, which had a 3.1% margin of error with a 95% confidence level.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.