Blog

Many Cybersecurity Jobseekers Lack a Full Understanding of the Role They Seek

May 20, 2021

Many Cybersecurity Jobseekers Lack a Full Understanding of the Role They Seek People looking to get into the cybersecurity field generally demonstrate a solid understanding of the threats facing organizations, according to new research from (ISC)². Yet, they don’t necessarily have the correct expectations of what they will be doing should they land a cybersecurity job.

In a profession that covers a wide spectrum of tasks and responsibilities, including security operations, risk assessment and user training, coming up with a clear definition of the role is difficult for outsiders, the study suggests. Nevertheless, job pursuers are aware of the various threats cybersecurity teams have to address, including malware, ransomware and phishing.

The Cybersecurity Career Pursuers Study , which polled both current cybersecurity professionals and jobseekers, indicates that jobseekers need a clearer idea of what the job entails. And that’s something the organizations doing the hiring – and the cybersecurity industry as a whole – need to address.

This lack of clarity, however, doesn’t stop pursuers from trying to enter the field. In answers to the study’s open-ended questions, pursuers demonstrated an acceptance of this reality. They also expect on-the-job-training, which possibly explains why they’re unfazed by the challenge that awaits them.

They do have some concerns about what they view as barriers to the job – keeping up with cyber threats and a lack of coding skills that some see as a potential pitfall. Still, they demonstrated a willingness to “put in the time and work to grow and be successful.”

The Need to Define Roles

Pursuers express a healthy level of confidence in their ability to take on the profession’s challenges, but their poor understanding of the job cannot be ignored. It suggests organizations should get better at defining roles in job descriptions and during early contact with jobseekers.

This need is reinforced by responses from current professionals about their own cybersecurity career journeys. Many indicated they were thrown into the “deep end” with little training or guidance, a practice that can certainly discourage people from staying in the profession.

It’s apparent from current professionals’ responses that the cybersecurity field lacks standard, consistent pathways for people who are joining the profession. There is a wide range of tasks and responsibilities that professionals are thrown into, and some are too advanced for inexperienced cybersecurity professionals.

But the study also points to positive aspects of the early years. Some respondents cited the benefits of being paired with a mentor who showed them the ropes while others talked about participating in a big project that “helped demonstrate their skills to others and bolstered their self-confidence.”

One respondent summarized the early years on the job thus: “Everything was a challenge the first few years, and there was a huge learning curve. Perseverance was the key.”

Certification Realism

Current professionals also addressed the need for certifications. The prevailing perspective is that while they are important, they are not critical for the early years on the job. This is a salient point that can help organizations set expectations about their recruitment efforts and come up with more realistic job requirements and descriptions. It also can help create a better understanding among pursuers about what the role entails, so they can better prepare for what awaits them once they join the field.