APAC Cybersecurity Hiring Managers Report

(ISC)² today published its APAC Cybersecurity Hiring Managers research report. Based on observations of 787 respondents across Singapore, Hong Kong, Japan and South Korea, the research findings underscore the importance of adopting a blended approach to searching and recruiting early career cybersecurity professionals, assessing candidates based on both technical and non-technical skills and attributes, as well as investing in career development amidst a cybersecurity workforce gap of 2.2 million in the region.

While most respondents in Singapore (58%) rely on standard job postings in their search for cybersecurity talent, organizations here have identified or recruited talent through apprenticeship/internship programs at organizations (48%) and staffing recruitment organizations (45%). At the regional level, companies have also diversified their recruitment practices when it comes to candidate sourcing, with hiring managers turning to existing employees from non-traditional IT departments such as Customer Service (43%) and Human Resources (38%) for entry- and junior-level staff.

“Our research findings point to the widening cybersecurity workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO, (ISC)². “With APAC registering the second highest year-on-year rise in shortage globally, organizations in the region need to be creative with their cybersecurity hiring. However, unlike conventional thinking, adopting an innovative approach doesn’t mean that organizations have to take on more hiring risks.”

Findings from the (ISC)² 2022 APAC Cybersecurity Hiring Managers research indicate that adopting a more collaborative hiring approach between HR and cybersecurity teams, identifying candidates with relevant attributes and skills, as well as investing in their professional development can enable organizations to build more resilient, sustainable cybersecurity teams.

Encouragingly, the vast majority of hiring managers surveyed (97%) indicated that their organizations provide some form of professional development for their entry- and junior-level staff. This ranges from certification training and courses to the sponsorship of certification exam fees as well as mentorship programs.

Other key report findings include:

Recruitment Channels & Strategies

• In Singapore, 48% of Singapore respondents said they use apprenticeship or internship programs at their organizations to identify or recruit candidates, surpassing the other markets surveyed.
• When hiring cybersecurity talent within the organization, unconventional departments APAC hiring managers have recruited from include customer service (43%), human resources (38%), communications (34%), finance (21%) and marketing (18%).
• HR departments are influencing two key areas when developing entry- and junior-level cybersecurity job descriptions – education requirements (43%) and nice-to-have technical skills (43%).

Key Attributes and Skills

• 62% of research participants would hire a candidate self-taught in IT/cybersecurity despite having no work experience, with those in Singapore and Hong Kong most likely to consider such candidates.
• Across the region, 64% of hiring managers ranked previous professional experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%).
• Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as the most highly rated technical and non-technical skills hiring managers expect from candidates.

Talent Development

• More than half (58%) of hiring managers surveyed observed that most entry-level cybersecurity practitioners are able to handle assignments independently within or under nine months.
• In-house training courses are considered the most effective method of talent development for entry- and junior-level practitioners (60%), followed by external training courses (57%), certifications (47%), conferences (35%), and mentoring (35%).
• In APAC, Singapore organizations are most likely to provide entry- and junior-level cybersecurity team members career development time during working hours, with 86% of respondents from the city-state confirming this (APAC: 80%).

Hiring managers also revealed their top five tasks for entry-level cybersecurity staff:

• Documenting Processes and Procedures
• Backup, Recovery and Business Continuity
• Scripting Languages
• User Awareness Training
• Physical Access Controls