Study Shows How Enterprise IT Leaders Clarify Cybersecurity Roles and Drive Hiring Success
Infosec, the leading cybersecurity education provider, today released findings from its 2021 Cybersecurity Role & Career Path Clarity Study. The study surveyed over 370 cybersecurity leaders in the U.S. and Canada about resources used to structure cybersecurity job descriptions and development plans. It then compared responses to training investments, organizations’ abilities to fill open cybersecurity roles and sentiments toward resources like the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity (NICE Framework) to provide insights on what drives cybersecurity talent management success.
The study found while resources used to guide job descriptions and employee development plans varied widely across all organization sizes and industries, adoption of tools like the NICE Framework had the largest influence on organizations’ abilities to fill open cybersecurity roles. Overall the study found:
- 81% of organizations reported they were at least considering aligning cybersecurity job descriptions to the NICE Framework
- That same cohort was 676% more likely to report very to extremely well-defined cybersecurity job roles and responsibilities
- And 57% more likely to report satisfaction with their ability to fill open cybersecurity roles than respondents at organizations with no intent to map job descriptions to NICE
“Last year, Infosec’s 2020 IT & Security Talent Pipeline Study revealed 73% of U.S.-based cybersecurity hiring managers face challenges filling open cybersecurity positions,” said Jack Koziol, Infosec CEO and founder. “We designed the 2021 Cybersecurity Role & Career Path Clarity Study to dig deeper into those challenges and see how job role clarity and investments in employee development impact how well organizations recruit and retain cybersecurity talent.”
Unsurprisingly, the study found organizations of all sizes struggle with cybersecurity job role and career path clarity. However, as organization size increases, role clarity improves — likely due to larger team sizes and fewer overlapping responsibilities. The study found organizations with more than 10,000 employees were:
- 35% more likely to report well-defined job descriptions
- 55% more likely to report having at least some clearly defined cybersecurity career paths
- 46% more likely to have mature employee development programs with required training
“We are pleased to learn that the community finds value in adopting the NICE Framework to improve the efficiency and effectiveness of cybersecurity talent management,” said Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). “Expanding use of the NICE Framework is a key goal in the new NICE Strategic Plan and encouraging the voluntary integration of the NICE Framework into existing education, training and workforce development efforts was highlighted in America’s Cybersecurity Workforce Executive Order.”
“Cybersecurity job role and career path clarity remains a serious challenge for most organizations,” said Koziol. “While larger organizations generally do better, plenty of opportunity for improvement exists to help practitioners better understand their job roles and career potential. If you’re struggling with this challenge now, our data shows mapping your existing cybersecurity job roles to the NICE Framework is a great place to start.”
Click here to download the full report.