Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified

  /     /     /  
Publicated : 22/11/2024   Category : security


Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified


ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for.



Sobering news on the cybersecurity hiring front: More than 20% of organizations get fewer than five applicants for an open security job and more than half of all positions (55%) take at least three months to fill with a qualified candidate.
Of those who do apply, fewer than 25% are actually qualified for the posted job, according to a new ISACA report released at last weeks RSA Conference in San Francisco.
It wont surprise anyone in IT management to learn that its extremely challenging to fill open jobs in information security. But the ISACAs report on the state of security hiring quantifies those challenges more starkly.
The source of the problem doesnt appear to be money, says Eddie Schwartz, an ISACA director and also EVP of cyber services at security vendor DarkMatter. We continue to see a lack of qualified candidates, even though companies are offering extremely competitive salaries, higher than other IT jobs, Schwartz says.
The report, generated from an email survey to ISACA members around the world, also honed in on an infosec applicants most important qualifications, which are apparently less about their training and more about the hands-on, practical experience they bring to the table.
What were going to see is a continued departure from a bunch of letters after peoples names and verifying that they have the skills needed, Schwartz says, referring to acronyms like
CISSP
, and others. So rather than just writing code and answering rudimentary security questions, infosec candidates can expect to be in dropped into live-fire scenarios that reflect their levels of experience.
If youre an apprentice, theyd be more rudimentary, but if youre an expert youre going to be asked to work in more advanced scenarios, Schwartz says.
In the last 20 years, many employers have taken the approach of bringing on a cybersecurity professional as a generalist, then encouraging him or her to add certifications and climb the ladder as their experience and knowledge grew, Schwartz says. Others tried to draw security talent from their organizations pool of software coders. But employers typically havent done enough shepherding of security talent, cultivating skills internally, and training people to replace their bosses, he adds.
More recently, the industry started in the direction of creating apprentices, journeymen, and masters of infosec. He points to ISACAs own CSX certification program as an example of that hierarchical progression.
But clearly, the security talent-nurturing equation needs a refresh.
ISACA and employers have work to do with educators and their computer engineering and IT management programs, Schwartz adds. And employers need to start embracing how Millennial and Gen Y professionals work and learn.
They prefer just-in-time training and ratings like the ones in gaming systems, Schwartz says. Theyre all about how they can continually gain knowledge and how they rank relative to their peers.
ISACA is starting to see corporations incentivize Millennials to take part in team-based training, for example, with one goal to improve their ratings, he adds.
Other 
key findings from ISACAs state of cyber security report
:
32% of respondents say it takes six months or more to fill their security positions.
Only 13% report receiving 20 or more applications for a security job.
13% of respondents cite referrals or personal endorsements as the most important attribute for candidates; 12%, certifications, followed by formal education (10%), and specific training (9%).
Related Content:
How Businesses, Employees Can Navigate The Security Hiring Process
You Cant Hire Your Way Out Of A Skills Shortage ... Yet
Kevin Durant Effect: What Skilled Cybersecurity Pros Want
Why Cybersecurity Certifications Matter -- Or Not
 

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified