Sun. Jul 5th, 2020

Key Findings: (ISC)2 Work Study Report 2019

IT Technician Works on a Laptop in Big Data Center full of Rack Servers. He Runs Diagnostics and Maintenance, Sets up System.

A new report by (ISC)2 found that the U.S. cybersecurity workforce needs to add close to 500,000 workers, or a 62% increase, to fill the current shortages nationwide.


The 2019 Work Study Report, is based on data collected from an online survey in June and July of this year. The survey consisted of “3,237 individuals responsible for security/cybersecurity at work throughout North America, Europe, Latin America (LATAM) and Asia-Pacific (APAC).”


Through this analysis, (ISC)2 sought to understand cybersecurity needs and behaviors in the business sector.


Below, we’ve listed some key findings.


Key Findings

In general, IT professionals are “satisfied in their career and optimistic about their futures.” However, they have some concerns — the main one being the shortage of skilled cybersecurity professionals.


In fact, (ISC)2 says “the cybersecurity workforce gap has increased since last year, primarily due to a global surge in hiring demand.”

  • In the US, the cybersecurity workforce gap is nearly 500,000
  • 65% of organizations represented have a shortage of staff dedicated to cybersecurity
  • 51% of cybersecurity professionals say their organization is at moderate or extreme risk due to cybersecurity staff shortage


Other top job concerns include:


Source: (ISC)2 Work Study Report 2019



The report also listed strategies organizations can implement to grow a strong cybersecurity workforce.


Strategy #1

Address cybersecurity professionals most important needs.


For example, offer opportunities to nurture and develop the areas that are top of mind for cybersecurity professionals, such as:

  • Cloud computing security
  • Risk assessment, analysis and management
  • Governance, risk management and compliance (GRC)
  • Security and threat intelligence analysis


Strategy #2

Organizations need to be realistic about applicant qualifications.


In general, cyber professionals wear different hats, so 70% of qualified cybersecurity recruits will have a title that isn’t specific to security.


Additionally, when it comes to certifications (ISC)2 says:

“Many entry-level and even mid-level positions will be appealing to candidates without the years of experience required to earn many of today’s in-demand cybersecurity certifications. But as our study has revealed, these professionals will be driven to obtain those certifications during their career, which will provide you with even more confidence in your cybersecurity team.”


Strategy #3

Recruit new workers to join your organization.


(ISC)2 suggests doing this by “going after new workforce entrants such as recent college graduates who have degrees that are relevant to starting a cybersecurity career, including computer and information sciences and engineering.”


Strategy #4

Organizations should grow their cyber workforce from within — it’s a lot easier to develop an existing IT professional than it is to train a new hire.


“Start by identifying talented and motivated non-security-focused IT professionals and paying for cybersecurity trainings and/or certifications. IT generalists have a solid foundation to contribute to an organization’s cybersecurity practice.”


To read the full report, click here.