New study highlights how cybersecurity hiring managers find talent, prioritize skills and train entry- and junior-level cyber professionals.

Alexandria, Va., June 11, 2025 ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today published its 2025 Cybersecurity Hiring Trends Report. Based on insights from 929 hiring managers across organizations of all sizes in Canada, Germany, India, Japan, the U.K. and the U.S., the report provides guidance for reassessing recruitment, hiring and retention strategies to better attract entry- and junior-level talent and build more resilient cybersecurity teams.

“Entry- and junior-level roles are critical for the future of the cybersecurity profession,” said ISC2 Chief Qualifications Officer Casey Marks. “Investment in people and career-long learning will always be essential components of resilient cybersecurity teams. This year’s Hiring Trends Report reveals how cybersecurity hiring managers recognize the importance of providing opportunities to the next generation of cybersecurity professionals and our research can help others managing cyber teams create a roadmap for hiring and developing entry- and junior-level team members.”

The 2025 Cybersecurity Hiring Trends Report found when evaluating candidates, managers prioritize those with hands-on IT experience or cybersecurity certifications over those with education in IT, cybersecurity and computer science that lack professional experience. According to the research, 90% of respondents would consider candidates with prior IT work experience only and 89% would consider those with only entry-level cybersecurity certifications. In contrast, only 81% would consider candidates who only have an education in IT, cybersecurity or computer science.

Investing in Early Career Talent

The majority of hiring managers surveyed (56%) said that training entry-level cybersecurity team members to handle tasks independently typically takes 4–9 months, while 45% said the same for junior-level practitioners. Moreover, hiring managers reported spending between U.S. $1,000 and $4,999 to train entry- (45%) and junior-level (38%) team members to handle tasks independently.

Most hiring managers surveyed also recognize the importance of supporting the long-term growth of entry- and junior-level employees. In fact, 91% of hiring managers reported providing professional development opportunities for these team members during work hours.

Skill Expectations

Hiring managers also reported specific expectations around the tasks typically assigned and handled proficiently by entry- and junior-level cybersecurity talent.

Top tasks for entry-level professionals include:

  • Documentation (Processes, Procedures) (43%)
  • Alert and Event Management (35%)
  • Reporting (Developing, Producing) (32%)
  • Physical Access Controls (30%)
  • User Awareness Training (29%)

Top tasks for junior-level professionals include:

  • Backup, Recovery and Business Continuity (53%)
  • Intrusion Detection (53%)
  • Alert and Event Management (51%)
  • Relevant Frameworks (50%)
  • Penetration Testing (50%)

Additional key findings include:

  • Expanding the talent pool: Nearly 25% of hiring managers who recruit from education programs (55% of participants) said they have sourced candidates from programs outside of computer science, IT or cybersecurity.
  • Leveraging internships and apprenticeships: 55% (internships) and 46% (apprenticeships) of respondents believe these are effective methods for identifying early-career talent. Sectors such as education, healthcare, government and more are adopting these methods.
  • Emphasizing non-technical skills: Three of the top five skills that hiring managers prioritize – when asked to rank both technical and non-technical – are related to non-technical abilities, such as teamwork, problem-solving and analytical thinking.
  • Collaborating with HR: Attracting top talent depends on strong job descriptions, screening applications and assessing potential candidates. Hiring managers set most job requirements – skills, education, certification, experience and clearances – while HR defines non-technical skills. However, screening applicants is a shared responsibility.
  • Evaluating candidates: 84% of hiring managers use skills-based assessments and/or tests for entry- and junior-level cybersecurity applicants and 54% say they have passed on candidates due to their social media activity.

To learn more about the recommendations hiring managers can take around recruitment, hiring and retention efforts of entry- and junior-level cybersecurity professionals, explore ISC2’s 2025 Cybersecurity Hiring Trends Report.

About the ISC2 Cybersecurity Hiring Trends Methodology

ISC2 surveyed a total of 929 cybersecurity hiring managers from Canada (158), Germany (155), India (152), Japan (154), the U.K. (155) and the U.S. (155) in December of 2024. Respondents were surveyed in their native or local languages. To be eligible to participate, managers had to have entry- or junior-level cybersecurity professionals on their teams. Most (94%) had hired entry- and junior-level professionals in the past two years. The margin of error for the global descriptive statistics in this research is +/- 3% at a 95% confidence level.

About ISC2

ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 265,000 certified members, and associates, are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, the Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more, get involved or become an ISC2 Candidate to build your cyber career at ISC2.org. Connect with us on X, Facebook and LinkedIn

© 2025 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP, CC, and CBK are registered marks of ISC2, Inc. 

Media Contact: 
Amanda Steinman 
Senior Corporate Communications Manager 
ISC2 
asteinman@isc2.org