Salary takes a back seat to other considerations that cybersecurity professionals regard as key for their sense of personal fulfillment at work, a report called ‘Hiring and Retaining Top Cybersecurity Talent’ has shown.
A total of 68% of security professionals care about working “where their opinions are taken seriously”, while 62% of respondents “want to work where they can protect people and their data”, reads the report. It was drafted by the information security certification organization (ISC)² and is underpinned by a survey of 250 cybersecurity professionals in the United States and Canada.
These figures are understandable, however. If the voice of security professionals falls on deaf ears with management, which then blames them when a breach occurs, “they are justified in feeling judged for the wrong reasons,” according to the study.
Further in the list of top considerations is the employer’s “adherence to a strong code of ethics” (59%), and only then comes salary (49%). This may come with a caveat, however. “Thanks to high demand for talent, candidates likely view an attractive pay package as a given,” said the certification organization.
Either way, the insight into the priorities of security practitioners may come in handy to employers, particularly when coupled with another finding gleaned from the survey – the majority of cybersecurity practitioners wouldn’t mind switching jobs.
Only 15% of respondents said that they have no plans to leave their current job in 2018. By contrast, 70% are open to new job offers and another 14% even plan to look actively for a new job.
The data suggests “unmet expectations between organizations and their cybersecurity workforce”, said (ISC)², adding that high demand for talent, coupled with frequent wooing from recruiters (see above figure), may be encouraging many IT security workers to consider new opportunities.
“Our study sheds light on what motivates cybersecurity jobseekers and what’s most important to them for professional and personal fulfillment. Armed with this insight, employers can do a much better job appealing to top cybersecurity professionals, and retaining their talent and expertise for the long term,” said (ISC)² COO Wesley Simpson.
The report also sheds light on how not to go about attracting new hires. Vague and inaccurate job descriptions along with job postings that include insufficient qualifications were found to top the list of turnoffs for many jobseekers, since they are seen as evidence of an employer’s lack of cybersecurity knowledge.
The findings come against the backdrop of a long-known dearth of qualified people needed to fill open positions in IT security. According to the recent Global Information Security Workforce Study (GISWS), the cybersecurity workforce gap is on track to widening to 1.8 million by 2022.
Author Tomáš Foltýn, ESET