Essential Practical Skills for Securing Your Initial Cybersecurity Position

Security hiring managers are currently placing a significant emphasis on hands-on experience when making hiring decisions for entry-level positions. While educational qualifications, such as degrees in computer science, are still relevant, they have become only one of several potential pathways into entry-level cybersecurity roles.

Findings from a recent report indicate that 90% of hiring managers would consider candidates with prior IT work experience, irrespective of formal educational credentials. Additionally, 89% would evaluate candidates with entry-level cybersecurity certifications alone, without the necessity of a related degree.

Despite this shift, 81% of security managers would still favor candidates possessing educational backgrounds in IT, cybersecurity, or computer science. Approximately a quarter of recruiters from educational programs reported sourcing candidates from disciplines outside traditional computer science, IT, or cybersecurity fields. Furthermore, around half identified internships and apprenticeships as effective avenues for uncovering early-career talent.

In their assessment, cybersecurity hiring managers are increasingly acknowledging the importance of non-technical skills as well. Among the top five most valued skills are teamwork, problem-solving, and analytical thinking. Jon France, a Chief Information Security Officer, noted that the landscape is widening for potential entry into the cybersecurity sector, suggesting that employers are beginning to recognize the value of entry-level certifications where previously a degree was a prerequisite.

The current hiring climate for cybersecurity jobs remains competitive, largely due to broader economic and geopolitical factors rather than hiring practices themselves.

Professional Development of Entry-Level Staff

The research also reveals promising insights regarding the training of entry-level and junior cybersecurity employees, which is often both fast and cost-effective. A majority of hiring managers (56%) indicated that it typically takes four to nine months to train entry-level cybersecurity team members to operate independently. About half of respondents reported investment costs between $1,000 and $4,999 to ensure that these employees can manage their responsibilities effectively.

Moreover, 91% of hiring managers reported offering professional development opportunities during work hours for these team members. France emphasizes that organizations need to commit to the training and development of entry and junior staff from the outset, suggesting the trade-off that comes with hiring at the entry level.

The research further explored the specific tasks that entry-level and junior cybersecurity professionals typically undertake.

For entry-level staff, the primary tasks included:
– Documentation of processes (43%)
– Alert and event management (35%)
– Reporting (32%)
– Physical access controls (30%)
– User awareness training (29%)

For junior-level staff, the leading tasks comprised:
– Backup, recovery, and business continuity (53%)
– Intrusion detection (53%)
– Alert and event management (51%)
– Familiarity with relevant frameworks (50%)
– Penetration testing (50%)

France noted that many of these tasks focus on information discernment, providing valuable opportunities for professionals to gain experience in more technical areas.

The study surveyed a total of 929 cybersecurity hiring managers across Canada, Germany, India, Japan, the UK, and the US.