June 26, 2024 at 08:57AM
The joint study by ISC2 and CIISec offers guidance for CISOs on recruiting and retaining security talent amidst a severe skills shortage. The report challenges the notion of solely seeking technical qualifications, encouraging a focus on aptitude, diversity, and soft skills. It also emphasizes methods to maintain team cohesion and prioritize mental well-being, making it a valuable resource for CISOs.
The meeting notes highlight key findings from a joint study by ISC2 and the Chartered Institute of Information Security (CIISec) on recruiting and retaining security talent in the face of severe skills shortage. The report presents several important takeaways:
1. The profession requires approximately 4 million additional people globally, emphasizing the challenge of finding and retaining skilled security professionals.
2. Contrary to popular belief, the report suggests that technical qualifications or experience may not be necessary for filling all security team vacancies. Instead, it emphasizes a candidate’s aptitude to learn, as technical skills can be taught on the job.
3. The report challenges the prevailing attitude that evidence of technical expertise is essential for team recruitment, pointing out potential unconscious biases in hiring practices that may limit diversity and restrict talent pool availability.
4. It advises recruiting from unconventional sources, such as retired military personnel, and targeting early-career professionals to build a diverse team with multiple skills beyond technical expertise.
5. To retain the team, the report recommends ensuring competitive compensation, frequent pay increases, interesting tasks, recognition for successes, ample training, and a clear career path, as well as providing personal mentoring and promoting work-life balance.
6. Finally, the report emphasizes the pivotal role of the CISO in both recruiting and retaining an effective security team and suggests that leadership skills are crucial for the CISO’s effectiveness in this regard.
Overall, the report provides a comprehensive resource for CISOs, consolidating valuable insights and recommendations for overcoming cybersecurity recruiting challenges and retaining top security talent.