(ISC)², a nonprofit association of certified cybersecurity professionals, released the findings of its 2020 Cybersecurity Perception Study, in which 2,500 survey respondents across the U.S. and the U.K. gave their opinions of the men and women working in the cybersecurity profession. The research indicates that attitudes toward cybersecurity roles are now overwhelmingly positive, although most people still don’t view the field as a career fit for themselves, even as nearly one-third (29%) of respondents say they are considering a career change.

The purpose of the study was to get a better understanding from those outside the cybersecurity profession about how they view it, and those who work in it. This provides better insight for the industry about some potential misperceptions that need to be addressed in order to recruit effectively and close the workforce gap that exists. 

As National Cybersecurity Awareness Month approaches in October, the findings indicate a shift in popular opinion about cybersecurity professionals, who have traditionally been viewed through a negative lens as roadblocks to business efficiency. In fact, 71% of the survey’s respondents, all of whom do not work in the industry, say they consider cybersecurity professionals to be smart and technically skilled, while 51% also described them as “the good guys fighting cybercrime.” 69% of respondents replied that cybersecurity seems like a good career path, just not one they see themselves pursuing.

The cybersecurity industry is made up of 2.8 million skilled professionals, but research indicates that there is a global shortage of more than 4 million, which requires a massive recruitment effort of new entrants to the field who may not have considered the career before. The Cybersecurity Perception Study reveals that the obstacles to attracting these additional workers may be two-fold.

First, 77% of respondents said cybersecurity was never offered as part of their formal educational curriculum at any point, making it difficult for most people to gain a solid understanding of what roles in the industry actually entail and how to pursue the career. The second factor that may be limiting interest is a pervasive belief that such roles would require very advanced skills development that would require time and resources to achieve.  

“What these results show us is that while it’s becoming even more highly-respected, the cybersecurity profession is still misunderstood by many, and that’s counterproductive to encouraging more people to pursue this rewarding career,” said Wesley Simpson, COO of (ISC)2. “The reality of the situation, and what we need to do a better job of publicizing, is that a truly effective cybersecurity workforce requires a broad range of professionals who bring different skill sets to their teams. While technical skills are vital for many roles, we also need individuals with varied backgrounds in areas including communications, risk management, legal, regulatory compliance, process development and more, to bring a well-rounded perspective to cyber defense.”

Additional highlighted findings include:

  • Conducted during a time of record unemployment amidst the COVID-19 pandemic, the study found that job stability is now the most valued characteristic in a career (61% of respondents), followed by ones that offer a “flexible work environment” (57%) and only then, “earning potential” (56%).
  • In the absence of formal cybersecurity education, perceptions about the industry and the professionals in it are formed primarily through portrayals in TV shows and movies (37% of respondents) or by news coverage of security incidents (31%).
  • 61% of respondents said they believe they would either need to go back to school (26%), earn a certification (22%) or teach themselves new skills (13%) in order to pursue a career in cybersecurity. 32% of respondents said they believe too much technical knowledge or training would be required. 
  • Generation Z (Zoomers) were the least likely demographic group to cast cybersecurity professionals in a positive light. Just 58% view cybersecurity professionals as smart and technically skilled, as opposed to 78% of Baby Boomers. And only 34% of Zoomers consider them the “good guys, fighting cybercrime,” as opposed to 60% of Boomers.

The study outlines recommendations for hiring managers and organizations, as well as the industry at large, to make cybersecurity more accessible and inviting to those considering a career change. To download a complimentary copy of the report, please visit: https://www.isc2.org/Research/Perception-Study.