Nearly All Cybersecurity Workers on the Job Hunt

Organizations already facing a tough time finding cybersecurity talent may find additional cybersecurity headwinds this year as the vast majority (84 percent) of cybersecurity workers say they are on the lookout for new job opportunities.

That surprisingly high number comes from a recent survey of the nonprofit membership association of certified cybersecurity professionals (ISC)². The survey, Hiring and Retaining Top Cybersecurity Talent, is based on a blind survey of cybersecurity professionals in the United States and Canada, the report reveals low numbers of highly engaged workers. Only 15 percent of respondents say they have no plans to switch jobs this year, while 14 percent plan to look for a new job and 70 percent are open to new opportunities.

Key findings from the study include:

When asked what’s most important for cybersecurity professionals’ personal fulfillment:

• 68 percent want to work where their “opinions are taken seriously”
• 62 percent want to work where they can “protect people and their data”
• 59 percent want to work for an employer “that adheres to a strong code of ethics”

When asked what’s most important for cybersecurity workers’ professional goals, respondents identify the following:

• 62 percent want to work for a company with “clearly defined ownership of cybersecurity responsibilities”
• 59 percent want an employer that “views cybersecurity more broadly than just technology”
• 59 percent want to work for an organization that “trains employees on cybersecurity”

When asked what best describes the value they bring to an employer:

• 81 percent say “developing cybersecurity strategy”
• 77 percent say “managing cybersecurity technologies”
• 69 percent say “educating users about cybersecurity best practices”
• 67 percent say “analyzing business processes for risk assessment”

When asked what skills they use most on a daily basis:

• 58 percent say network monitoring
• 53 percent say security analysis
• 53 percent say security administration
• 47 percent say intrusion detection

What is not surprising is what the survey found about why so many are on the move such as expectation gaps between cybersecurity workers and employers along with the demand for these skills and constant courting by recruiters. “The cybersecurity workforce gap is growing rapidly, and turnover within cybersecurity teams makes filling those roles even more challenging,” said Wesley Simpson COO at the (ISC)² in this news release.

So what could employers do to better woo cybersecurity professionals? According to the survey:

• Respondents said vague job descriptions (52 percent), job descriptions that inaccurately reflect responsibilities (44 percent) and job postings that ask for insufficient qualifications (42 percent) demonstrate an “organization’s lack of cybersecurity knowledge”

Cybersecurity workers believe their performance should be evaluated by:

• How quickly they respond to a breach or security incident (43 percent)
• Security program maturity (30 percent)
• How effectively they increase employee security awareness (30 percent)
• How effectively they handle remediation (28 percent)

Cybersecurity professionals are being aggressively targeted by recruiters with 13 percent saying they are contacted “many times a day”; 8 percent, once a day; 16 percent, a few  times a week; and 34 percent, a couple times a month

What do cybersecurity job-seekers want?

• 85 percent of cybersecurity workers would investigate a potential employer’s security capabilities before taking a job, and what they discover would influence their decision
• 52 percent are more likely to take job with an organization that takes security seriously
• 40 percent will work for a company that needs security improvements