CIISec and ISC2 publish guide on recruitment best practices

Attracting, recruiting and retaining a more diverse workforce will be critical for navigating the ever-evolving cyber threat landscape.

  • Wednesday, 19th June 2024 Posted 1 year ago in by Phil Alsop

The Chartered Institute of Information Security (CIISec) and ISC2 have published a joint guide, “Recruitment and Retention in Cybersecurity", designed to help organisations attract, recruit and retain a diverse array of cybersecurity talent. Research from ISC2 shows that whilst the global cybersecurity workforce grew in 2023 to a record high of 5.5 million people, the demand for skills is still outpacing growth. Globally, the cyber skills gap grew by 12.6% last year, with 4 million additional workers needed to fill the void, making recruitment more important than ever.

The detailed guide written by CIISec and ISC2 experts urges the industry to increase diversity in the hiring process. Advice to organisations ranges from how to identify and support new recruits, to retaining skilled employees – all from a broad array of backgrounds. Key points from the guide include:

Look beyond traditional job portals, advertising roles in unconventional venues such as military bases or university campuses, as well as approaching young talent directly on social media, tech communities or even in gaming arcades.

Hire based on transferable and non-technical skills, for example a finance professional’s risk management capabilities would be invaluable to the cybersecurity industry and shouldn’t be discounted. Likewise, many non-technical skills such as critical thinking and problem-solving are needed in cybersecurity.

Provide a comprehensive onboarding process, including a buddy system to help identify challenges and problems as well as areas of support.

Continuous training and mentoring to ensure new hires and existing staff are kept up to date with the latest trends, tools, and best practices of the fast-moving security industry, supporting career development and retention.

Provide a supportive environment to prevent burnout, with CIISec data showing that just 14% of cybersecurity professionals have a fully defined career path, it’s vital to give employees the right support to succeed.

Be prepared to offer salary increases, particularly early on, as new graduates often cycle through roles early in their careers to maximise earnings. Organisations must incentivise talent to stay by paying the going rate.

The guide also includes a thorough recruitment ‘basics’ checklist, which outlines the importance of challenging and meaningful work, culture and understanding employees, among others.

“Despite more people working in the cybersecurity industry than ever before, we’re not doing enough to retain them,” says Amanda Finch, CEO of CIISec. “The industry desperately needs guidance on how to improve hiring practices or we’ll lose out to other sectors, which we can’t afford. But retaining talent is just as important as attracting it, and organisations have to do more to support staff at all levels, equipping them to succeed.”

“The cybersecurity industry needs to recognise the need for greater diversity in teams urgently,” says Clar Rosso, CEO at ISC2. “We must shift our mentality and understand that the right people do not need to come from a traditional cyber background. By welcoming inclusivity and removing barriers to the profession, the cybersecurity industry will find new ways to solve challenges, and have a larger pool of talent to hire from.”

School is back in session

Posted 4 hours ago by Phil Alsop
Schneider Electric launches Chapter 3 of Sustainability School .
Fivetran accelerates global financial services provider’s move to the cloud; transforms reporting and revenue operations.

Freshworks launches Freshservice Journeys

Posted 4 hours ago by Phil Alsop
Freshservice Journeys is a AI-powered capability that simplifies complex workflows spanning HR, IT, facilities, and more, to help organizations...
Proof of concept tests ‘customer-defined routing’ for businesses to choose their own packet network path in near-real time.

HPE and Commvault strengthen strategic partnership

Posted 10 hours ago by Phil Alsop
Commvault Cloud and HPE’s storage and data protection portfolio provide comprehensive enterprise-grade protection against cyber threats and data...

HPE unveils new AI factory solutions built with NVIDIA

Posted 10 hours ago by Phil Alsop
HPE drives AI innovation with modular AI factory solutions powered by NVIDIA Blackwell, fueled by HPE Alletra Storage MP, and optimized to deploy and...

Jitterbit launches new Partner Program

Posted 10 hours ago by Phil Alsop
Global program, new partner training incentivize technology partners to capitalize on soaring AI market, business transformation.

Mitel launches enhanced Global Partner Experience

Posted 11 hours ago by Phil Alsop
New partner program and experience streamlines tools, resources, and incentives by aligning partner success with Mitel’s strategy to lead in hybrid...