The (ISC)² APAC Cybersecurity Hiring Managers Research reveals cybersecurity opportunities for fresh graduates and career switchers within organizations in Hong Kong.
(ISC)² – the nonprofit association of certified cybersecurity professionals – recently published its APAC Cybersecurity Hiring Managers research report. Based on observations of 787 respondents across Hong Kong, Singapore, Japan and South Korea, the
research findings underscore the importance of adopting a blended approach to searching and recruiting early career cybersecurity professionals, assessing candidates based on both technical and non-technical skills and attributes, as well as investing in career development amidst a cybersecurity workforce gap of 2.2 million in the region.
While most respondents in Hong Kong (55%) rely on standard job postings in their search for cybersecurity talent, organizations here have diversified their recruitment practices when it comes to candidate sourcing, such as identifying or recruiting talents through staffing recruitment organizations (39%), and turning to existing employees from non-traditional IT departments such as Customer Service (54%), Human Resources (49%) and Communications (49%) for entry- and junior-level staff. On the other
hand, Hong Kong organizations see IT (36%) and cybersecurity certifications (33%) as the top two important attributes for them.
“Our research findings point to the widening cybersecurity workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO, (ISC)². “With APAC registering the second highest year-on-year rise in shortage globally, organizations in the region need to be creative with their cybersecurity hiring. However, unlike conventional thinking, adopting an innovative approach doesn’t mean that organizations have to take
on more hiring risks.”
Findings from the (ISC)² 2022 APAC Cybersecurity Hiring Managers research indicate that adopting a more collaborative hiring approach between HR and cybersecurity teams, identifying candidates with relevant attributes and skills, as well as investing in their professional development can enable organizations to build more resilient, sustainable cybersecurity teams. Encouragingly, the vast majority of hiring managers surveyed (97%) indicated that their organizations provide some form of professional development for their entry- and junior-level staff. This ranges from certification training and courses to the sponsorship of certification exam fees as well as mentorship programs.
Recruitment Channels & Strategies
- Hong Kong respondents showed a higher preference for hiring directly from colleges and universities (45%) as well as recruiting from other departments in their organizations (39%), surpassing the other markets surveyed.
- When hiring cybersecurity talent within the organization, Hong Kong hiring managers have recruited from unconventional departments, including customer service (54%), communications (49%), human resources (49%), finance (31%) and marketing (20%).
- Compared to Singapore and Japan where hiring departments are more likely to partner with computer science, IT and cybersecurity graduate degree programs, Hong Kong organizations are noticeably more likely to partner with relevant associate degree programs (69%).
- HR departments are influencing two key areas when developing entry- and junior-level cybersecurity job descriptions – education requirements (43%) and nice-to-have technical skills 43%).
Key Attributes and Skills
62% of APAC participants would hire a candidate self-taught in IT/cybersecurity despite having no work experience, with those in Hong Kong and Singapore most likely to consider such candidates.
Across the region, 64% of hiring managers ranked previous professional experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%).
Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as the most highly rated technical and non-technical skills hiring managers expect from candidates.
Hiring managers have also highlighted the importance of non-technical skills for well-rounded professionals, and the ability to work independently was cited more frequently by Hong Kong and Singapore respondents (both at 40%), though teamwork is still more important.
Personality-wise, Hong Kong hiring managers think it’s important for candidates to display problem solving (41%) and analytical thinking traits (41%). A similar pattern is observed in APAC, while the desire to learn (26%) and critical thinking (24%) was cited more frequently by Hong Kong respondents.
Talent Development
- In-house training courses are considered the most effective method of talent development for entry- and junior-level practitioners (60%), which is also ranked the highest by Hong Kong respondents. Other training approaches cited are external training courses (57%), certifications 47%), conferences (35%), and mentoring (35%).
- In APAC, Hong Kong organizations are most likely to provide entry- and junior-level cybersecurity team members certification exam fees sponsorship (56%), as well as career development time during working hours (85%).
- Hong Kong organizations are willing to invest more to sufficiently train both entry- and junior-level cybersecurity professionals to the point of competency without supervision, it is twice as likely to cost more than U.S. $10,000 for entry-level, and 1.5 times more likely for junior level compared to other surveyed markets, while the APAC average is standing at U.S. $1,000 - $4,999.
- More than half (58%) of hiring managers surveyed observed that most entry-level cybersecurity practitioners are able to handle assignments independently within or under nine months.
Hong Kong hiring managers top five tasks for entry-level cybersecurity staff
- Documenting Processes and Procedures
- Backup, Recovery and Business Continuity
- Scripting Languages
- Forensics
- User Awareness Training
Ian Thomas
