Recruiting and retaining a cybersecurity team can often feel as challenging as the work your team does to keep your organization secure. We know there’s a 4 million person-wide workforce gap in cybersecurity, so how can you find the talent you need? Especially if you may not have the budget or infrastructure necessary to stand up a new team. We’re looking at you SMBs ...

ISC2 has found a growing trend of newcomers joining the cybersecurity profession at older ages than we have seen before, with 48% of new entrants joining at age 39 or older. This demonstrates the rise of career-changers entering the field. ISC2 has seen professionals find their way into cyber from the military, project management – even a former pharmacist has since become a CISSP . We’re also seeing the change in pathways to cyber. In 2023, our research found that 39% of professionals new to cyber (one year or less) came from a non-IT role. This is a drastic change from the majority (63%) of 10+ year tenured cyber pros who worked in IT before entering cybersecurity.

Look Within to Find Your Cyber Talent

Literally. Look within your existing team. Research shows that 56% of organizations are actively trying to recruit technical people from within their organization to move to cybersecurity. Recruiting from within also helps overcome some onboarding hurdles that can face a traditional new hire. You don’t have to teach a team member about your processes, company culture, or who in HR can help you with your health insurance. An internal hire already has a strong history and level of understanding of your business – so they can begin developing their cyber talent immediately.

When we asked cybersecurity professionals what they consider to be the most important qualifying characteristic for themselves on the job, problem-solving abilities (45%), curiosity/eagerness to learn (39%) and communication skills (38%) are on the rise. Assessments are key to identifying employees with these traits, and finding a role in cybersecurity that will fit their strengths.

Cybersecurity aptitude and talent assessments, ISC2 CyberGEN.IQ, powered by Haystack Solutions, are now available to enterprise clients and channel partners. These first-of-their-kind assessments take roughly 90 minutes to complete and can identify what employment opportunities would be the right fit to maximize the candidate's potential.

Powered by Haystack Solutions, CyberGEN.IQ assessment results can reveal natural aptitudes within the four quadrants of cybersecurity, as mapped to the NICE framework. While a foundational understanding of cybersecurity, supported by the Certified in Cybersecurity training, is helpful, it is not a requirement. The virtual assessments require no prior technical cybersecurity knowledge, because they tap into the cognitive abilities of each person and map them with the critical thinking aligned to each cyber role. All that is needed is an interest in entering the cybersecurity workforce and the CyberGEN.IQ assessments will hone in on the role most likely to yield success for that person. This allows any individual, from any background, to reach their full cybersecurity potential. For employers, this will help you identify talents that can be nurtured into a vital addition or promotion within your team.

Maximize Training ROI

Laptop showing words "skill" "training" "knowledge" and "ability"Until now, development of internal candidates for cyber positions can require substantial time and training investment, before knowing whether the candidate can do the job. CyberGEN.IQ provides higher confidence that every training dollar spent will provide direct cyber benefit to the company, because you’ll know in advance how the candidates’ potential in cybersecurity aligns with the job requirements. Customers using CyberGEN.IQ have observed an increase in training success rates, going from 65% completion to 93% immediately after implementation.

Amplify the Talent in Your Team

Not only can assessment results help you identify the cyber potential already in your organization, saving you on recruiting and hiring costs, but they can also provide guidance on how to maximize each person’s potential. Based on the results, individuals can find out what sort of role they would be best suited for, as well as how to grow their skills to fulfil the expectations and responsibilities of that role.

On the employer side, you’ll have access to a dashboard showing your team’s CyberGEN.IQ assessment results, as well as their progress as you invest in their growth. In the 2023 Cybersecurity Workforce Study, we found that organizations investing in training today are only half as likely to have critical skills gaps as those that aren’t investing and have no plans to. In previous research, ISC2 discovered that 91% of organizations offer professional development during business hours. Time after time, both hiring managers and those they hire tell us – on-going professional development and training is key to stability and job satisfaction.


The best way to build and retain your cybersecurity team is to recruit from within and invest in their development. With CyberGEN.IQ cybersecurity aptitude assessments providing never-before available insights, teams can confidently chart a path that develops internal talent into cyber leaders capable of securing your organization’s critical assets. Interested in having your team take these assessments? Reach out to our Enterprise Solutions team at!