Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

Hiring and Retaining Top Talent

(ISC)² recently published the report Hiring and Retaining Top Cybersecurity Talent: What Employers Need to Know About Cybersecurity Jobseekers.


Let us know your thoughts about what we learned from the security professionals we surveyed. It is currently the featured research report at


Some key findings from the study include:


  • When asked what’s most important for cybersecurity professionals’ personal fulfillment, salary (49%) is not the top priority 
    • 68% want to work where their “opinions are taken seriously”
    • 62% want to work where they can “protect people and their data”
    • 59% want to work for an employer “that adheres to a strong code of ethics”
  • When asked what’s most important for cybersecurity workers’ professional goals, respondents identify the following:
    • 62% want to work for a company with “clearly defined ownership of cybersecurity responsibilities”
    • 59% want an employer that “views cybersecurity more broadly than just technology”
    • 59% want to work for an organization that “trains employees on cybersecurity”
  • When asked what best describes the value they bring to an employer:
    • 81% say “developing cybersecurity strategy”
    • 77% say “managing cybersecurity technologies”
    • 69% say “educating users about cybersecurity best practices”
    • 67% say “analyzing business processes for risk assessment

Much more in the report.


Direct link to the PDF: 

13 Replies
Community Champion


Particularly moving is how proficient (effective)

> security people perceive themselves at 43

> percent while the highest rating was merely

> 51 percent. Doesn't say much for us a

> workers does it? 


I don't know about that.  Personally, I rate myself low even though my peers consider me better than that. 


I think for smart security professionals, our job, our experience, changes daily.  It's hard to keep up and stay relevant. 


I have a lab environment in my basement, I probably spend 5-10 hours a week there (in addition to office work) and I STILL feel like for every 1 item I learn there's 10 more things I need to improve on, or there's a new method/technique to learn, or there's more code to write, or an exploit changes.  Sigh.

I think it also depends what motivates you, whether you want to be an independent consultant, or whether you want to be part of a team or group of people or even join an organisation, with the right motivations for development as part of your career path.  I have been personally involved, in many security domains for nearly 40 years, and I am lucky enough to be in one of the top 3 Enterprise security organisations.  The global team is growing rapidly, motivation and drive to develop, collaborate and provide professional giveback internally as well as provide innovation and practical guidance is very infectious.  Even at my senior level, it fully motivates and fully engages me to do better, not only for clients and but for ones own self-development, and providing giveback via coaching and mentoring.  Its a team effort, it really depends on what you are passionate about, and you feel you can seriously contribute and find value in terms of your own growth and not just for the $$$ signs.  It is hard work, and as a previous contributor stated, if it really is worth it, then the journey is well worth it. If the journey, does not feel right, then normally you should go by your gut feel, and not ignore it  - alter course, and keep going.

Influencer II

See also.


Other posts:

This message may or may not be governed by the terms of or

The link is 404. 

Community Champion

@jantsch   I cannot do anything about the 404 links, but today CSO Australia created an article on what Cyber security skills are required for 2021, which you may find useful.