cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DMEdwards
Newcomer II

2021 Cybersecurity Workforce Study

I saw on Twitter that the 2021 Cybersecurity Workforce Study has been released:

https://www.isc2.org/Research/Workforce-Study

 

I'm curious about the methodology used for some parts of the study. In particular, I would like to understand the numbers behind the pie chart on page 10 that suggests that 70% of the entire cybersecurity workforce is some level of manager or executive. Does anyone know if the methodology is published anywhere?

8 Replies
Steve-Wilme
Advocate II

It's self reported, so I'd expect either some level of job title inflation and some spurious responses.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
jbuitron
Newcomer III

Hi DME,

We who have gone through a Ph.D. or Doctoral program know that an important part of the dissertation is introducing the 'how' for the process of gathering and evaluating the data for good results. Ever since ISC2 published the "Women In the Cybersecurity Workforce" study of 2017, I have wondered the same thing. What is the methodology (they usually reveal how many folks were surveyed), What was the survey (in a dissertation, you have to reveal what the survey questions are). I always think, please provide details as if you are operating as solid researchers, ISC2, please.

 

thanks for the query,

 

Dr. J. S. Buitron, DCS, MSIA, CISSP

Doctor of Computer Science\Cybersecurity

Masters in Information Assurance\Cybersecurity

Certified Information Systems Security Professional

 

Lead Cyber Engineer at L3Harris

AppDefects
Community Champion

Page 34 gives a hint as to the methodology "online survey" of 4,763 people, "sample size controlled" within each country.....hmmm, that is interesting.....

Jarred_LeFebvre
Community Manager

@DMEdwards 

 

Thank you for the question. The chart you cited is meant to represent study participants and not a projection for the entire field. Looking at that again, I understand how that’s not clear, and we will address the header on that graphic to clarify. The question to participants was “Which of the following most closely represents your position within your organization?” so respondents were able to self-identify their level within their organization. As you can imagine, we receive a diverse array of job titles among participants as many security functions are broadly dispersed throughout organizations of all sizes around the world, so we have used that question for high-level participant profiling. Team composition, position level and pathways into the profession are areas we will explore more in the 2022 study. Survey methodologies are available on pages 38-42.

 

@AppDefects 

 

Quick note on the “sample size controlled” statement. To ensure the survey isn’t dominated by responses from a single country or region, and that we can make informed projection for the workforce gap and workforce estimate, our sampling methodology includes minimum targets across 12+ countries.

 

Thank you again for the question and for everyone’s thoughts. Cybersecurity continues to be a very dynamic profession that is constantly maturing and evolving. This year, we are evaluating new approaches to help reveal new insights and refine our approach. If there are any areas of the field you feel need deeper dives, please share. Member input is always appreciated!

 

DMEdwards
Newcomer II

Hi Jarred,

Thank you for the explanation. Still, I don't see information on how the survey recipients were chosen. Those statistics make a lot more sense if, for example, the survey were sent only to current (ISC)² members, people who follow (ISC)² on Twitter, etc.. If that were the case, I could see how there would be a bias toward respondents being managers.

jbuitron
Newcomer III

Hi there,

I too feel dicey about the note "sample size controlled." It makes no sense. In getting trained to take my DCS (Doctorate in Computer Science), the lead Ph.D.s drilled it into us that the larger the sample size, more Validity can be achieved. Limiting the sample size can skew the results.  

 

I still lean more on the 2017 Frost & Sullivan Report on Women in Cybersecurity. The sample size was over 19,000 cyber professionals. 

 

That's my story and I am sticking to it.

 

thanks,

 

Dr. Jan S. Buitron, DCS, MSIA, CISSP

Doctor of Computer Science\Cybersecurity

Masters in Information Assurance\Cybersecurity

Certified Information Systems Security Professional

 

Lead Cyber Engineer at L3Harris

sayazop
Viewer II

The chart you cited is meant to represent study participants and not a projection for the entire field. Looking at that again, I understand how that’s not clear, and we will address the header on that graphic to clarify. techzpod download mobdro

jbuitron
Newcomer III

Hi DMEdwards,

 

I agree with your point that the study should have details about the survey respondents. A Ph.D. paper or Doctoral dissertation requires information about the interviewees\respondents. I put in information about MY interviewees in my dissertation!!

 

thank you and best regards,

 

Dr. Jan