Organisations across the Asia-Pacific (APAC) region are relying on job postings, internships and even candidates from other fields to plug the cyber security talent gap, a study has found.
Those were the key findings of the APAC cybersecurity hiring managers research report by The International Information System Security Certification Consortium, or (ISC)², which polled 787 respondents across Singapore, Hong Kong, Japan and South Korea.
Over half of respondents (58%) in Singapore rely on standard job postings in their search for cyber security talent, while just under half in the city-state have identified or recruited talent through apprenticeship and internship programmes as well as recruitment agencies.
At the regional level, companies have also diversified their recruitment practices when it comes to candidate sourcing, with hiring managers turning to existing employees from non-traditional IT departments such as customer service (43%) and human resources (38%) for entry-level and junior-level staff.
“Our research findings point to the widening cyber security workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO of (ISC)².
“With APAC registering the second highest year-on-year rise in shortage globally, organisations in the region need to be creative with their cyber security hiring. However, unlike conventional thinking, adopting an innovative approach doesn’t mean organisations have to take on more hiring risks.”
The (ISC)² report noted that adopting a more collaborative hiring approach between HR and cyber security teams, identifying candidates with relevant attributes and skills, as well as investing in their professional development, can help organisations build more resilient and sustainable cyber security teams.
When it comes to skills and experience, 62% of respondents would hire a candidate self-taught in IT or cyber security despite having no work experience, with those in Singapore and Hong Kong most likely to consider such candidates.
Across the region, 64% of hiring managers ranked previous professional experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%).
Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as the most highly rated technical and non-technical skills hiring managers expect from candidates.
The vast majority of hiring managers surveyed also indicated that their organisations provide some form of professional development for their entry-level and junior-level staff. This ranges from certification training and courses to the sponsorship of certification exam fees, as well as mentorship programmes.
In-house training courses are considered the most effective method of talent development for entry-level and junior-level practitioners (60%), followed by external training courses (57%), certifications (47%), conferences (35%) and mentoring (35%).
But retaining young talent is just as critical, particularly in markets such as Australia and New Zealand (ANZ). A separate study by Lacework in ANZ found that those with less than a year of experience are more likely to leave (64%) than those with one to two years’ experience (44%).
The Net Promoter Score (NPS) – a measure of customer or employee loyalty – for cyber security was also very low at -9.4, putting the industry on par or worse than airline and insurance sectors.
Worryingly, for those in the field for two years or less, the NPS was -32, showing that those new to the industry are having a negative experience and are even less likely to recommend cyber security as a career.
“New, talented individuals are leaving the cyber security industry too fast. To retain crucial talent in a tight market, more needs to be done to reduce the workload and stress on all those in the industry, particularly newcomers. This is especially so given the rapid rate of change in the sector and mounting public pressure from recent high-profile security breaches,” said Richard Davies, area director for ANZ at Lacework.
Research shows organizations are still struggling to bring in IT talent. We identify the reasons why there’s a shortage and what …
The threat of a recession coupled with the ongoing need for transformation and growth means CIOs must make force multiplying …
The U.S. Senate, federal agencies and state governments have banned TikTok from government devices due to concerns about data …
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers …
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and…
Looking to advance your cybersecurity career? Here are the skills you’ll need to win that CISO job, land a gig as a threat hunter…
Arista’s new switches provide more options for enterprises and higher speeds for bandwidth-hungry hyperscalers. The latest …
Telecom operators have committed to sustainability plans to reduce carbon emissions and energy use. But they also face challenges…
Nmap might be more common for security tasks, but it’s also useful for network documentation and inventory. Follow these best …
Data lakes and data warehouses both store big data. When choosing a lake or warehouse, consider factors such as cost and what …
Classical and quantum computers have many differences in their compute capabilities and operational traits. Know their …
Colocation companies offer a wide range of facilities and services that can help organizations reduce or eliminate the costs …
Expect more organizations to optimize data usage to drive decision intelligence and operations in 2023, as the new year will be …
These 10 roles, with different responsibilities, are commonly a part of the data management teams that organizations rely on to …
These eight challenges complicate efforts to integrate data for operational and analytics uses. Here’s why, plus advice on how to…
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information