Infosec Institute Announcement

Study Shows How Enterprise IT Leaders Clarify Cybersecurity Roles and Drive Hiring Success 

MADISON, WI, March 24, 2021 —Infosec, the leading cybersecurity education provider, today released findings from its 2021 Cybersecurity Role & Career Path Clarity Study. The study surveyed over 370 cybersecurity leaders in the U.S. and Canada about resources used to structure cybersecurity job descriptions and development plans. It then compared responses to training investments, organizations’ abilities to fill open cybersecurity roles and sentiments toward resources like the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity (NICE Framework) to provide insights on what drives cybersecurity talent management success. 

The study found while resources used to guide job descriptions and employee development plans varied widely across all organization sizes and industries, adoption of tools like the NICE Framework had the largest influence on organizations’ abilities to fill open cybersecurity roles. Overall the study found: 

  • 81% of organizations reported they were at least considering aligning cybersecurity job descriptions to the NICE Framework
  • That same cohort was 676% more likely to report very to extremely well-defined cybersecurity job roles and responsibilities
  • And 57% more likely to report satisfaction with their ability to fill open cybersecurity roles than respondents at organizations with no intent to map job descriptions to NICE

“Last year, Infosec’s 2020 IT & Security Talent Pipeline Studyrevealed 73% of U.S.-based cybersecurity hiring managers face challenges filling open cybersecurity positions,” said Jack Koziol, Infosec CEO and founder. “We designed the 2021 Cybersecurity Role & Career Path Clarity Study to dig deeper into those challenges and see how job role clarity and investments in employee development impact how well organizations recruit and retain cybersecurity talent.”

Unsurprisingly, the study found organizations of all sizes struggle with cybersecurity job role and career path clarity. However, as organization size increases, role clarity improves — likely due to larger team sizes and fewer overlapping responsibilities. The study found organizations with more than 10,000 employees were:

  • 35% more likely to report well-defined job descriptions 
  • 55% more likely to report having at least some clearly defined cybersecurity career paths
  • 46% more likely to have mature employee development programs with required training

“We are pleased to learn that the community finds value in adopting the NICE Framework to improve the efficiency and effectiveness of cybersecurity talent management,” said Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). “Expanding use of the NICE Framework is a key goal in the new NICE Strategic Plan and encouraging the voluntary integration of the NICE Framework into existing education, training and workforce development efforts was highlighted in America’s Cybersecurity Workforce Executive Order.”

“Cybersecurity job role and career path clarity remains a serious challenge for most organizations,” said Koziol. “While larger organizations generally do better, plenty of opportunity for improvement exists to help practitioners better understand their job roles and career potential. If you’re struggling with this challenge now, our data shows mapping your existing cybersecurity job roles to the NICE Framework is a great place to start.”

Click here to download the full report

About the study 

The 2021 Cybersecurity Role & Career Path Clarity Study surveyed over 370 IT and security team managers from U.S. and Canada-based organizations with at least 1,000 employees. Data was collected in late 2020 and analyzed in early 2021. Infosec solicited responses from its own database, as well as the database of Osterman Research, a leading cybersecurity market research and consulting firm, to diversify survey results. Respondents were sourced from a variety of industries and company sizes to ensure a representative and robust data set, and received a nominal incentive for their participation. 

About Infosec

Infosec is the leading cybersecurity education company helping IT and security professionals advance their careers and empowering employees to be cyber-safe at work and home. Its mission is to equip individuals and organizations with the knowledge, skills and confidence to outsmart cybercrime. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness and phishing training. Learn more at infosecinstitute.com.

Media Relations Contact

Megan Sawle

VP Marketing, Infosec

This email address is being protected from spambots. You need JavaScript enabled to view it.

608.509.6297