Adopting a more collaborative hiring approach, assessing candidates skills and attributes, as well as investing in their career development, are some ways.
Cybersecurity has become an increasingly important issue for most, if not all, industries and organisations of all sizes. However, organisations in the APAC region are facing a common challenge: insufficient talent to join the ranks of their frontliners amidst a cybersecurity workforce gap of 2.2mn in the region.
This prompts hiring managers to turn their radar to fresh graduates and career switchers within organisations, as revealed the APAC Cybersecurity Hiring Managers research report by the nonprofit association of certified cybersecurity professionals (ISC)².
Where to find talent?
In general, hiring managers are increasingly sourcing for cybersecurity candidates from beyond the IT talent pool, both within and outside of their organisations.
While most respondents in Hong Kong (55%) rely on standard job postings in their search for entry- and junior-level cybersecurity talent, organisations have also diversified their recruitment practices when it comes to candidate sourcing, such as hiring directly from colleges and universities (45%), identifying or recruiting talents through staffing recruitment organisations (39%), and turning to existing employees from non-traditional IT departments in their organisations (39%).
When hiring cybersecurity talent within the organisation, Hong Kong hiring managers have recruited from unconventional departments, including customer service (54%), communications (49%), human resources (49%), finance (31%), and marketing (20%).
In Singapore, 48% of respondents said they use apprenticeship or internship programmes at their organisations to identify or recruit candidates, far surpassing the other markets surveyed.
Participants have also reported partnerships with educational programmes to recruit talent. Compared to Singapore and Japan where hiring departments are more likely to partner with computer science, IT and cybersecurity graduate degree programmes, Hong Kong organisations are noticeably more likely to partner with relevant associate degree programmes (69%). Singapore respondents were also most likely to partner with non-relevant associate degree programmes.
What attributes and skills to look for?
Overall, 64% of hiring managers ranked previous professional experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%).
Across the region, close to half of participants (49%) would consider a candidate with no work experience and education in fields that are not computer science, IT and cybersecurity. Singapore respondents are significantly more likely to consider candidates with education in a different field and no work experience.
Nearly two-thirds (62%) of APAC participants would hire a candidate self-taught in IT/cybersecurity despite having no work experience, with those in Hong Kong and Singapore most likely to consider such candidates.
Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as the most highly rated technical and non-technical skills hiring managers expect from candidates.
Hiring managers have also highlighted the importance of non-technical skills for well-rounded professionals, and the ability to work independently was cited more frequently by Hong Kong and Singapore respondents (both at 40%), though teamwork is still more important.
Personality-wise, Hong Kong hiring managers think it’s important for candidates to display problem solving (41%) and analytical thinking traits (41%). A similar pattern is observed in APAC, while the desire to learn (26%) and critical thinking (24%) was cited more frequently by Hong Kong respondents.
How to develop talent?
Encouragingly, the vast majority of hiring managers surveyed (97%) indicated their organisations provide some form of professional development for their entry- and junior-level staff. This ranges from certification training and courses to the sponsorship of certification exam fees as well as mentorship programmes.
In-house training courses are considered the most effective method of talent development for entry- and junior-level practitioners (60%), which is also ranked the highest by Hong Kong respondents.
Other training approaches cited are external training courses (57%), certifications (47%), conferences (35%), and mentoring (35%), in which Hong Kong and Japan ranked external training courses higher than Singapore and South Korea; conferences ranked higher among Korean respondents; and shadowing is more popular in Singapore and Japan.
In APAC, Hong Kong organisations are most likely to provide entry- and junior-level cybersecurity team members certification exam fees sponsorship (56%), as well as career development time during working hours (85%).
Hong Kong organisations are willing to invest more to sufficiently train both entry- and junior-level cybersecurity professionals to the point of competency without supervision, it is twice as likely to cost more than US$10,000 for entry-level, and 1.5 times more likely for junior level compared to other surveyed markets, while the APAC average is standing at US$1,000 to US$4,999.
More than half (58%) of hiring managers surveyed observed that most entry-level cybersecurity practitioners are able to handle assignments independently within or under nine months.
The research findings underscore that adopting a more collaborative hiring approach between HR and cybersecurity teams to searching and recruiting early career cybersecurity professionals, assessing candidates based on both technical and non-technical skills and attributes, as well as investing in their career development, can enable organisations to build more resilient, sustainable cybersecurity teams.
“Our research findings point to the widening cybersecurity workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO, (ISC)². “With APAC registering the second highest year-on-year rise in shortage globally, organisations in the region need to be creative with their cybersecurity hiring.”
(ISC)² conducted the survey in June 2022, to better understand how 787 hiring managers across Hong Kong, Singapore, Japan and South Korea recruit and support the career development of entry- and junior-level cybersecurity practitioners.