A recent study shows no improvement in the global cyber skills shortage, with many organizations continuing to make basic mistakes in hiring cyber security employees.
In the fifth annual roundup of insights from cyber professionals by the Information Systems Security Association (ISSA) and industry analysts Enterprise Strategy Group (ESG), 95% of respondents said that skills shortages have not improved over recent years, while 44% say they have become even greater. If you want to break into cyber security, the majority of respondents recommend getting hold of a CISSP cert.
- Recruitment crisis: no end to skills shortages in sight
- Scale of the skills gap
- Hiring is difficult, and businesses are making mistakes
- Headhunting is common practice
- Technology categories where the skills shortage is greatest
- How hiring practices should change
- Advice for people who want to get into cyber
- What certification should I study for?
Recruitment crisis: no end to skills shortages in sight
The report, The Life and Times of Cybersecurity Professionals 2021 is based on a global survey of 489 cyber security professionals, focusing on their experience and insights on the impact of the recruitment crisis. View the report here.
As the report authors observe, the discussion surrounding cyber skills shortages has been going on for a decade. Data collected for the project suggest that there has been no significant progress towards a solution. If things are going to change, the researchers recommend that employers pay special attention to the following:
- Placing greater value on security, including the creation of a culture of security at all levels of the business.
- Offering stronger cyber career advancement and training opportunities.
- Including cyber as part of executive planning and strategy.
Scale of the skills gap
- 57% of organizations have been impacted by the global skills shortage this year.
- Half of respondents say the situation has not improved over the last few years.
- 44% say things have got worse, while just 5% say it has improved.
- Understaffing is taking a toll on existing cyber teams. The biggest reported negative effects are bigger workloads, staff burnout, attrition, and an inability to learn or use security technologies to their potential.
Hiring is difficult, and businesses are making mistakes
- Three quarters of respondents said it was either ‘extremely difficult’ or ‘somewhat difficult’ to recruit cyber professionals.
- It’s a seller’s market for skills, but companies do not always make it easy to attract talent. 38% of respondents say their organization does not offer competitive salaries. A quarter say that job postings are unrealistic (e.g. too much emphasis on years of prior experience and formal qualifications).
Headhunting is common practice
- Once you’re in a job, don’t be surprised to receive a steady stream of offers to move elsewhere.
- 70% get approached by recruitment agencies to consider new positions at least once per month. Nearly a quarter are solicited by recruiters a few times a week.
- 71% say that the volume of headhunting activity has increased over the last few years.
Technology categories where the skills shortage is greatest
The top five areas where skills shortages are most common are as follows:
- Cloud computing security (39% reported a shortfall)
- Security analysis & investigations (30%)
- Application security (30%)
- Risk and/or compliance administration (27%)
- Senior-level cybersecurity positions (23%)
How hiring practices should change
When asked their opinion on the steps employers should take to alleviate the skills gap, the most popular suggestions were for organizations to increase their training efforts, make salaries more market competitive and offer incentives, such as paying for certifications and enabling participation in industry events.
Advice for people who want to get into cyber
What are the three best things you could do if you want to start your career in the cyber security field? Respondents were asked for their insight on this. The three top recommendations were to get a basic cyber security certification (49%), join a professional industry body (42%), and find a mentor to help you develop skills and career plans (36%).
Interestingly, obtaining a college degree is not generally regarded as a top priority. Just 16% of the cyber professionals polled listed enrolling in a college-level computer science course as one of their recommendations.
Once you’re actually in a job, what’s the best way to become proficient at it? 52% of cyber pros said that hands-on experience is more important than certifications. 44% ranked the two equally.
What certification should I study for?
Cyber pros were asked to confirm which security certifications they currently hold. By some distance, the Certified Information Systems Security Professional (CISSP) accreditation was the most popular. 59% of respondents said they hold this qualification.
Again, when asked to name the most important certification to help you get a job, CISSP came top with 51% of the vote. The next most popular choice, Certified Information Security Manager (CISM) scored 13%.
CISSP remains a clear favorite certification of choice throughout the industry. For instance, a 90,000-member LinkedIn community of cyber security professionals were asked to rate their top certifications for 2021. Nearly three quarters (72%) identified CISSP as the certification with the greatest demand.
For everything you need to pass these top certificates, gain hands-on experience, plus mentorship you can join The StationX VIP Cyber Security Career Development Platform.