Sergey Nivens - Fotolia

Salary is not top way to attract cybersec pros, report reveals

Salary is not the highest priority for cyber security professionals, a report on hiring and retaining top cyber security talent shows

Most cyber security professionals who are open to new opportunities or planning a job search in 2018 are most likely to be attracted to jobs where their opinions are taken seriously, a study has revealed.

According to a poll of 250 cyber security professionals in the US and Canada, 14% plan to look for a new job, 70% are open to new opportunities, and only 15% said they have no plans to switch jobs this year.

This market volatility is being driven by the fact that many cyber security professionals’ expectations are not being met by their employers and the high demand for security skills, according to the Hiring and retaining top cyber security talent report based on the survey commissioned by cyber security certification body (ISC)².

However, the survey reveals that most cyber security professionals are looking for a job where their opinions are valued (68%), and they can protect people and their data (62%).

Working for an employer who adheres to a strong code of ethics is the next most important element to providing cyber security professionals personal fulfilment, cited by 62% of respondents, while salary was cited as a top priority by only 49%.

When asked what is most important for cyber security workers’ professional goals, 62% of respondents said they want to work for a company that “clearly defines ownership of cyber security responsibilities”,  59% want an employer that “views cyber security more broadly than just technology”, and 59% want to work for an organisation that “trains employees on cyber security”.

When asked what best describes the value they bring to an employer, 81% said “developing cyber security strategy”, 77% said “managing cyber security technologies”, 69% said “educating users about cyber security best practices” and 67% said “analysing business processes for risk assessment”.

When asked what skills they use most on a daily basis, 58% said network monitoring, 53% said security analysis, 53% said security administration, and 47% said intrusion detection.

“The cyber security workforce gap is growing rapidly, and turnover in cyber security teams makes filling those roles even more challenging,” said (ISC)² chief operating officer Wesley Simpson.

“It is more critical than ever for organisations to ensure their recruitment and employment retention strategies are aligned with what cyber security professionals want most from an employer.

“Our study sheds light on what motivates cyber security jobseekers and what’s most important to them for professional and personal fulfilment. Armed with this insight, employers can do a much better job appealing to top cyber security professionals, and retaining their talent and expertise for the long term.”

Read more about information security skills

  • Cyber security skills shortage can be addressed, says (ISC)2.
  • Cyber security skills a priority for UK government.
  • An anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
  • Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.

The report identifies how employers often fail to impress cyber security jobseekers and staff, as well as how aggressively their cyber security workforce is being pursued by recruiters.

Respondents said vague job descriptions (52%), job descriptions that inaccurately reflect responsibilities (44%) and job postings that ask for insufficient qualifications (42%) demonstrate an “organisation’s lack of cyber security knowledge”.

Cyber security workers believe their performance should be evaluated by how quickly they respond to a breach or security incident (43%), security program maturity (30%), how effectively they increase employee security awareness (30%), and how effectively they handle remediation (28%).

Cyber security professionals are being aggressively targeted by recruiters, the report said, with 13% saying they are contacted “many times a day”, 8% saying “once a day”, 16% saying “a few times a week” and 34% saying “a couple times a month”.

The survey shows that 85% of cyber security workers would investigate a potential employer’s security capabilities before taking a job, and what they discover would influence their decision, while 52% are more likely to take job with an organisation that takes security seriously, and 40% will work for a company that needs security improvements.

The report offers additional insights into the cyber security workforce, as well as advice on how employers can better appeal to cyber security professionals in the face of a global shortage of people with cyber security skills.

By 2022, there will be 1.8 million unfilled cyber security jobs, according to the latest (ISC)2 global information security workforce study. In Europe, the shortfall is projected to be around 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.

Read more on Hackers and cybercrime prevention

Data Center
Data Management