Are You Hiring Enough Entry-Level Security Pros?

  /     /     /  
Publicated : 23/11/2024   Category : security


Are You Hiring Enough Entry-Level Security Pros?


New (ISC)² survey shows employment levels for entry-level cyber pros lag behind every other experience level.



Even as the global cybersecurity skills gap continues to widen, many organizations still cling to the idea that if they hold out long enough, they will be able to find rock-star veterans to fill out their security team rosters. A new survey shows that cybersecurity hiring managers are less likely to take a chance on promising entry-level candidates than they are to hire veteran staffers or those with at least a year of experience.
This hesitance of many organizations to train up newbies into the industry highlights a huge opportunity that many hiring managers have in improving the
state of their cybersecurity workforce
, according to the (ISC)² Cybersecurity Hiring Managers Guide. Based on a survey of 1,200 cybersecurity hiring managers from the US, UK, Canada, and India,
the report
details hiring practices around the globe.
The study shows us that, with the exception of the smallest organizations, employment levels for entry-level cybersecurity professionals trail far behind every other experience level, says Tara Wisniewski, executive vice president of advocacy, global markets, and member engagements for (ISC)². Its also a particularly notable challenge in the US and UK, compared to Canada and India where entry-level employment levels are higher overall.
In the US, for example, just 26% of security teams are composed of entry-level employees, compared with 38% who have four or more years of experience and 36% with one to three years of experience. The proportion of entry-level candidates may actually even be lower than that, considering that the survey methodology included only those managers who have hired entry-level or junior-level candidates sometime in the last two years. With those managers who only hire experienced candidates self-selecting out, the real numbers are likely even more stark than the report illustrates.
Regardless, the lag in entry-level employment rates occurs despite the fact that it takes a relatively short amount of time for these new practitioners to get up to speed on their job duties. Approximately 65% of hiring managers say it takes nine months or less to train entry-level staff. While these candidates improve their skills or knowledge, theyre typically tasked with the repeatable security scut work that plagues security teams on the daily. 
The top two tasks delegated to entry-level workers are alert and event monitoring and documenting processes and procedures, which were respectively named by 35% of hiring managers. In open-ended comments within the survey, managers said that entry-level team members often bring fresh ideas and perspectives to the table and they often are willing to go the extra mile to get ahead not only in their job but in the cybersecurity profession.
One of the likely reasons why hiring managers struggle to keep their cybersecurity roster freshened up with greater proportions of newcomers to the field is that they arent necessarily looking in the right places to find them.
Organizations rely heavily on external factors and resources to find staff, including looking for certifications and looking within the memberships of certification organizations to find candidates, says Wisniewski, who notes that more than half of respondents rely on external recruitment professionals to fill these roles.
She believes that one of the highest-value things that cybersecurity managers can start doing to attract entry-level and junior-level practitioners is to search for talent beyond the world of cybersecurity and even IT. The survey shows that just 18% of study participants have hired individuals from within the organization who were working in different job functions.
Transferrable skills and eager-to-learn people can be found in sales, marketing, engineering, legal, the military, hospitality, and more, she says. Its also about ensuring that roles, organizations, and the cybersecurity sector at large are more inclusive and accessible for all.
Wherever the candidates are found, the investment to get them to the point where they can meaningfully contribute to the team is likely less expensive than some managers might expect. Over eight in 10 respondents said the costs are less than $5,000, and 42% said it costs less than $1,000 for newcomers to start handling assignments.
Even with more significant investments in professional development, Wisniewski says that hiring managers shouldnt hold off in hiring and training entry-level staff in fear that their training dollars will walk out the door. She believes that these practitioners are crucial for the sustainability of an organizations cybersecurity workforce.
Hiring junior staff is not a risk or a compromise. If anything, it is a proactive move to improve cybersecurity resilience, she says. You would not hold off investing in critical infrastructure today just because theres a chance the vendor might change strategy tomorrow. The same applies with investing in your people.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Are You Hiring Enough Entry-Level Security Pros?