Organizations looking to build cybersecurity teams by attempting to recruit “all stars” need to reevaluate their strategy and adjust expectations. With the current cybersecurity workforce gap estimated at 3.1 million worldwide, it is too daunting – or for many, nearly impossible – to find candidates with all the skills and experience that organizations often seek.

The (ISC)² Cybersecurity Career Pursuers Study delivers guidance on how to find strong candidates despite the scarcity of available talent. The report suggests organizations take a pragmatic approach to recruitment by zeroing in on qualities such as analytical thinking, problem solving and creativity, which foreshadow success in cybersecurity roles, as opposed to overly focusing on technical prowess and experience.

By polling 2,034 current cybersecurity professionals and cybersecurity jobseekers (pursuers), the study homed in on the priorities and qualities valued by current professionals in the industry and matched them against pursuer perspectives. There is strong agreement on what makes a cybersecurity professional successful, but the study also found that entrants in the field “are unsure what to expect from their first cybersecurity job and may be wary of technical obstacles.”

Organizations can start correcting this perspective by listening to their current cybersecurity professionals, who know what the job entails and what to look for in recruits. Those professionals also can fill a mentorship role to new hires.

IT Experience

One of the study’s key findings it that IT traditionally has provided the primary pathway to cybersecurity careers: 55% of cybersecurity professionals transitioned to their current jobs from IT. However, that pattern is showing signs of changing. Half of the respondents who are newer to the field (with experience of less than three years) came from IT, compared to 63% of those who have three to seven years of experience in cybersecurity.

It would stand to reason then that IT experience is less important to those who are newer to the field, and the findings support that. By a wide margin, fewer professionals with less than three years on the job consider IT experience to be critical (46%) than their longer-tenured peers (69%).

Another noteworthy finding concerns gender. Men traditionally have dominated the cybersecurity field, but findings show that women start pursuing IT careers at a younger age than men. Among pursuers with less than three years of experience in IT, 26% of women are interested in cybersecurity jobs compared to 18% of men. The trend holds for respondents with three to six years of experience, when 40% of women and 32% of men are pursuing cybersecurity jobs.

While this portends gender diversification in the field, the study also found that the percentage of women working in cybersecurity roles declines as tenure increases – an indication that more women may be joining the workforce in recent years or that women may not be getting enough advancement opportunities.

The Value of Education

One of the persistent debates in the cybersecurity field over the years has revolved around education. How much education does a good candidate need, and should a college degree be required?

Regardless of what side you’re on, the study reveals that cybersecurity professionals tend to be highly educated. The largest group of respondents (73%) comprises people with a bachelor’s (40%) or master’s degree (33%). Another 8% have a doctorate. Still, only 51% of professionals have degrees in computer and information services, and less than half (42%) said a dedicated security education is critical for a role in cybersecurity.

The study also suggests that more entrants to the field are coming from law enforcement and the military than in the past. People with experience in the military and law enforcement make up a third of professionals in the study. In addition, military and law enforcement affiliations were much higher for those with less than three years of cybersecurity experience.

Recommendations

The Pursuers study acknowledges there is no short-term solution for the cybersecurity workforce gap but points out that a readjustment in recruitment strategies can help companies build strong cybersecurity teams. Included in the report are actionable strategies for hiring managers to review when building their teams. Learn about those strategies here .