According to a study, organizations in the Asia-Pacific (APAC) region are relying on job postings, internships, and even applicants from other fields to fill the cybersecurity talent gap.
These were the main conclusions of the APAC Cybersecurity Hiring Manager Research report by the International Information System Security Certification Consortium, or (ISC)², which surveyed 787 respondents in Singapore, Hong Kong, Japan and South Korea.
More than half of respondents (58%) in Singapore rely on standard job postings in their search for cybersecurity talent, while just under half in the city-state have identified or recruited talent through apprenticeship and internship programs as well as recruitment agencies.
Regionally, companies have also diversified their recruiting practices for sourcing candidates, with hiring managers turning to existing employees in non-traditional IT departments such as customer service (43%) and human resources (38%). %) for entry-level and junior-level personnel.
“Our research findings point to a widening cybersecurity workforce gap, which has been fueled by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges.” , said Clar Rosso, CEO of (ISC)².
“With APAC seeing the second highest year-over-year increase in shortage globally, organizations in the region need to get creative with their cybersecurity recruitment. However, contrary to conventional thinking, taking an innovative approach doesn’t mean organizations need to take more risk when it comes to hiring.
The (ISC)² report noted that adopting a more collaborative approach to hiring between HR and cybersecurity teams, identifying candidates with relevant attributes and skills, and investing in their professional development, can help organizations build more resilient and sustainable cybersecurity teams.
When it comes to skills and experience, 62% of respondents would hire a self-taught IT or cybersecurity candidate despite having no work experience, with those in Singapore and Hong Kong most likely to consider such candidates .
Across the region, 64% of hiring managers ranked prior work experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%).
Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as technical skills and not techniques most appreciated by recruiters. wait for candidates.
The vast majority of hiring managers surveyed also indicated that their organizations provide some form of professional development for their entry-level and junior staff. This ranges from training and certification courses to sponsoring certification exam fees, as well as mentoring programs.
Internal training courses are considered the most effective method of developing talent for new and junior practitioners (60%), followed by external training courses (57%), certifications (47%), conferences (35 %) and mentoring (35%).
But retaining young talent is just as essential, especially in markets like Australia and New Zealand (ANZ). A separate study by Lacework in ANZ found that those with less than a year’s experience are more likely to leave (64%) than those with one to two years’ experience (44%).
The Net Promoter Score (NPS) – a measure of customer or employee loyalty – for cybersecurity was also very low at -9.4, putting the industry on par with or worse than the airline and insurance sectors.
Worryingly, for those who have been in the field for two years or less, the NPS was -32, showing that newcomers to the industry have a negative experience and are even less likely to recommend cybersecurity as a career.
“New talented people are leaving the cybersecurity industry too quickly. To retain crucial talent in a tight market, more needs to be done to reduce workload and stress for everyone in the industry, especially newcomers. This is especially true given the rapid pace of change in the industry and growing public pressure from recent high-profile security breaches,” said Richard Davies, Regional Director for ANZ at Lacework.