The cybersecurity recruitment landscape is changing rapidly, and the approaches and techniques that worked yesterday, most likely won’t apply tomorrow. This is according to a new report from the non-profit association of certified cybersecurity professionals, (ISC)2.
Polling more than 2,000 cybersecurity pros and jobseekers in the US and Canada for the report, the company found that organizations that exclusively seek highly experienced individuals, or those coming from an IT background, should reconsider their tactics, not just because of the scarcity of such talent, but also for pragmatic reasons. Cybersecurity is a wide industry, in which a one-size-fits-all approach simply won’t cut it.
Instead, businesses should focus on curating role-specific requirements; investing in their cybersecurity team’s training and professional development, as well as committing to upskilling and reskilling home-grown talent to help team members translate tangential skills into valuable risk management and security know-how.
Some businesses understand the change and are adapting, the report also found. While cybersecurity professionals tend to be highly educated, just 51 percent have degrees in computer and information services. Less than half (42 percent) of the respondents said a dedicated security education is critical for a role in cybersecurity.
Furthermore, half of those newer to the field (with less than three years of experience) come from an IT background, compared to 63 percent of those with between three and seven years of experience.