Study offers insights into how hiring managers recruit, onboard and develop entry- and junior-level cybersecurity practitioners, and provides solutions for organizations to overcome the widening cybersecurity workforce gap

Alexandria, VA, November 21, 2022 – ISC2 – the world's largest nonprofit association of certified cybersecurity professionals – today published findings from the Asia-Pacific edition of its 2022 Cybersecurity Hiring Managers Guide that sheds light on best practices for recruiting, hiring, and onboarding entry- and junior-level cybersecurity practitioners. The research, reflecting the opinions of 787 cybersecurity hiring managers from Hong Kong, Japan, Singapore, and South Korea, highlights the need to build effective job descriptions and seek talent beyond the IT talent pool and the importance of non-technical skills and investing in career development.

“With a global cybersecurity workforce gap of 3.4 million people, organizations must be creative with their cybersecurity hiring. But that doesn’t mean they have to take more hiring risks,” said Clar Rosso, CEO, ISC2. “Successful hiring managers have learned recruiting entry- and junior-level staff and investing in their professional development results in more resilient, sustainable cybersecurity teams. Hiring junior staff is not a ‘leap of faith’ when hiring managers are equipped with the knowledge to identify candidates with the attributes and skills needed for a successful cybersecurity career. Our latest research helps guide the way.”

Key report findings include:

  • Most participants (79%) have hired an entry- or junior-level cybersecurity professional in the past two years
  • 53% of respondents rely on standard job postings to begin this journey, while partnering with staffing and recruitment firms is much lower (39% of respondents)
  • 49% of participants would consider a candidate with no work experience and education in fields that are not computer science, IT and cybersecurity
  • 62% would hire a candidate self-taught in IT/cybersecurity despite having no work experience, while 64% would hire someone with previous work experience but not in IT or cybersecurity
  • 64% of hiring managers ranked previous professional experience as one of the most important attributes, followed by technical skills (56%) and certifications (51%)
  • 32% of hiring managers said cybersecurity certifications are the most important attribute for entry- or junior-level candidates, tied with previous IT experience. IT certifications are also seen as highly important by 28% of respondents
  • A vast majority of hiring managers surveyed (97%) said they provide some form of professional development for their entry and junior-level staff
  • 80% of respondents reported that they allow entry- or junior-level employees to engage in professional development activities during work hours

Hiring managers also revealed their top five technical concepts with which entry-level and junior cybersecurity staff should be familiar:

  • Data security
  • Security administration
  • Risk assessment/management
  • Back up, recovery, business continuity
  • Compliance and security standards

When asked how entry- and junior-level staffers help their organization, participants said they bring new perspectives, ideas, creativity, critical skills in new technologies, enthusiasm, and reinvigorating energy. One participant said, “They’re often well versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy.”

To learn more, download the 2022 Cybersecurity Hiring Managers Guide — Asia Pacific Edition.  

About the ISC2 Cybersecurity Hiring Managers Guide — Asia-Pacific Edition

The results presented in this report are from an online survey conducted by ISC2 in June 2022. The total respondent base included 787 cybersecurity hiring managers from Hong Kong, Japan, Singapore, and South Korea. The margin of error for the global descriptive statistics in this research is +/- 3.5% at a 95% confidence level.

About ISC2
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates, and members, nearly 280,000 strong, is made up of certified cyber, information, software, and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation –The Center for Cyber Safety and Education™. For more information on ISC2, visit, follow us on Twitter, or connect with us on Facebook and LinkedIn.


© 2022 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, and CBK are registered marks, and CC is a service mark of ISC2, Inc.


Media Contact:

Amanda Steinman
Senior PR Manager