Investing in junior and intermediate-level employees can strengthen cybersecurity teams, nonprofit professional organization ISC2 found in its survey of cybersecurity hiring trends.
In addition, despite global economic pressures, the industry is strong: 75% of hiring managers planned to hire more cybersecurity professionals during 2025, ISC2 found. Nearly 90% of the people surveyed had open positions at their organizations. The report found early-career roles are relatively quick to fill.
ISC2 surveyed 929 hiring managers across Canada, Germany, India, Japan, the UK, and the US in December 2024.
What skills are employers looking for?
The top five skills hiring managers prioritize for cybersecurity roles are:
- Teamwork
- Problem solving
- Analytical thinking
- Data security
- Cloud security
Certifications can also be appealing to employers. Of hiring managers, 89% said they would hire an entry- or junior-level candidate with an entry-level cybersecurity certification and no other experience. When asked to rank critical attributes, IT/cybersecurity certifications (47%) were prioritized even higher than IT experience (44%) and relevant education (43%).
The certifications most often required by security managers seeking entry- and junior-level employees are:
- CASP+ (CompTIA)
- Security+ (CompTIA)
- CC (ISC2)
- CySA+ (CompTIA)
- CISA (ISACA)
How could managers improve these job listings?
Despite the importance of entry- and junior-level jobs, there is some disconnect between the realistic skills at those levels and what skills employers want those applicants to have. For example, many job listings require the CISA (ISACA) certification, which requires five years of professional work in information systems auditing, control, assurance, or security.
Hiring managers can help bridge this gap by refining job descriptions, being clear about career development trajectories, and offering well-organized training and mentorships for newer employees.
How do managers find entry-level employees?
Of the hiring managers surveyed who recruit from education programs, a slight majority (55%) said they have chosen candidates from outside of computer science, IT, or cybersecurity programs.
The top sources for entry- and junior-level professionals are standard job listings and staffing firms. However, some sectors (education, healthcare, government, IT services, and telecommunications) often turn to internships as much or more than job listings and staffing firms. Energy and utilities roles are especially likely to be filled based on internships.
What professional development options are commonly offered?
Of the hiring managers surveyed, 91% said they provided professional development opportunities for entry- and junior-level team members during work hours. In order to support these team members, the managers said their organizations provide:
- Certification/training courses (65%)
- Training or courses for non-certification skills and knowledge (59%)
- Career pathing and advancement (57%)
- Mentorship programs, either formal or informal (50%)
If you’re interested in getting your start in this industry, check out TechRepublic Academy’s Comprehensive Beginner’s Guide to Cybersecurity Bundle.
