Infosec released findings from its 2021 Cybersecurity Role
& Career Path Clarity Study. The study surveyed over 370 cybersecurity leaders in the U.S.
and Canada about resources used to structure cybersecurity job descriptions and
development plans. It then compared responses to training investments,
organizations' abilities to fill open cybersecurity roles and sentiments toward
resources like the National Initiative for Cybersecurity Education (NICE)
Workforce Framework for Cybersecurity (NICE Framework) to provide insights on
what drives cybersecurity talent management success.
The study found while
resources used to guide job descriptions and employee development plans varied
widely across all organization sizes and industries, adoption of tools like the
NICE Framework had the largest influence on organizations' abilities to fill
open cybersecurity roles. Overall the study found:
- 81% of
organizations reported they were at least considering aligning
cybersecurity job descriptions to the NICE Framework
- That same cohort
was 676% more likely to report very to extremely well-defined
cybersecurity job roles and responsibilities
- And 57% more likely
to report satisfaction with their ability to fill open cybersecurity roles
than respondents at organizations with no intent to map job descriptions
to NICE
"Last year, Infosec's 2020 IT & Security
Talent Pipeline Study revealed 73% of U.S.-based cybersecurity hiring managers face
challenges filling open cybersecurity positions," said Jack Koziol, Infosec CEO
and founder. "We designed the 2021 Cybersecurity Role & Career Path Clarity
Study to dig deeper into those challenges and see how job role clarity and
investments in employee development impact how well organizations recruit and
retain cybersecurity talent."
Unsurprisingly, the study
found organizations of all sizes struggle with cybersecurity job role and
career path clarity. However, as organization size increases, role clarity
improves - likely due to larger team sizes and fewer overlapping
responsibilities. The study found organizations with more than 10,000 employees
were:
- 35% more likely to
report well-defined job descriptions
- 55% more likely to
report having at least some clearly defined cybersecurity career paths
- 46% more likely to
have mature employee development programs with required training
"We are pleased to learn
that the community finds value in adopting the NICE Framework to improve the
efficiency and effectiveness of cybersecurity talent management," said Rodney
Petersen, Director of the National Initiative for Cybersecurity Education
(NICE). "Expanding use of the NICE Framework is a key goal in the new NICE
Strategic Plan and encouraging the voluntary integration of the NICE Framework
into existing education, training and workforce development efforts was
highlighted in America's Cybersecurity Workforce Executive Order."
"Cybersecurity job role and
career path clarity remains a serious challenge for most organizations," said
Koziol. "While larger organizations generally do better, plenty of opportunity
for improvement exists to help practitioners better understand their job roles
and career potential. If you're struggling with this challenge now, our data
shows mapping your existing cybersecurity job roles to the NICE Framework is a
great place to start."
Click here to download the full report.