Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Unveiling the 2024 SANS | GIAC Cyber Workforce Research Report: Building and Sustaining Mid-Level Cybersecurity Roles

Explore the key findings from the 2024 SANS | GIAC research report on cybersecurity workforce management.

Authored byGIAC Certifications
GIAC Certifications

The 2024 SANS | GIAC Cyber Workforce Research Report is a cornerstone document, illuminating the strategies and challenges involved in recruiting, hiring, and retaining mid-level cybersecurity professionals. This comprehensive study offers invaluable insights for Human Resource and Cybersecurity Managers aiming to construct high-performing cybersecurity teams.

Purpose of the Research 

As the industry continues to face an evolving threat landscape, the demand for skilled cybersecurity professionals continues to outpace supply. This research - a collaborative effort led by GIAC, involving SANS, the National Initiative for Cybersecurity Education (NICE), and the Society for Human Resource Management (SHRM) - employs a first-of-its-kind survey aimed at decoding the complexities of the cybersecurity job market, particularly focusing on five mid-level roles that are crucial for organizational security.   

Trends from the CyberSeek database, aligned with work role definitions from the NICE Framework, were used to identify the top five cyber work roles that are most in demand right now.  These roles are Forensics Analyst, System Information Security Analyst, Information Systems Security Manager, Security Architect, and Vulnerability Analyst.  

 

Key Takeaways 

  • High Effectiveness of Current Teams: The report reveals that a substantial percentage of cybersecurity teams are either meeting or exceeding their goals, highlighting the effectiveness of current training and recruitment strategies. However, there remains a notable portion of teams that are underperforming, which underscores the need for enhanced training and recruitment practices. 

  • Importance of Certification-Based Training: Employers show a strong preference for certification-based training over traditional educational degrees. This trend reinforces the value of practical, hands-on experience and the ability of certifications to verify the competencies of cybersecurity professionals. 

  • Challenges in Hiring and Retention: One of the report’s critical discussions revolves around the challenges faced by organizations in hiring and retaining talent. Issues such as salary competitiveness, the lack of defined career paths, and inadequate training opportunities are highlighted as significant hurdles. 

  • Strategic Use of the NICE Framework: The report advocates for broader adoption of the NICE Framework to standardize roles and improve communication between HR and cybersecurity departments, thereby enhancing recruitment efficiency and team effectiveness. 

 

Insights from Case Studies  

The report is enriched with case studies that provide real-world insights into successful strategies and challenges encountered by organizations in cybersecurity hiring and development. Key highlights from these case studies include: 

  • Blending Training Approach: The most successful cybersecurity teams are built through a blend of on-the-job and certification-based training, suggesting that a mixed approach to skill development is key to preparing mid-level professionals for complex cybersecurity roles. 

  • Innovative Recruitment Strategies: Organizations are adopting innovative recruitment practices to identify and attract top cybersecurity talent, emphasizing the importance of aligning job descriptions with actual job requirements. 

  • Training and Development: Continuous training and development play a critical role in retaining cybersecurity talent, particularly in providing opportunities for career advancement and skill enhancement. 

  • Management and Leadership Development: There is a clear need to develop cybersecurity professionals into management roles, stressing the importance of leadership training and mentorship to prepare candidates for higher-level responsibilities. 

Interesting Points 

In addition, the research uncovered a few points worth exploring further: 

  • Addressing the Skills vs. Headcount Gap: The study differentiates between the skills gap and the headcount gap, with insights suggesting that addressing the skills gap through targeted training can be more immediately beneficial than merely increasing headcount. 

  • Senior Management’s Role: There is a need for greater involvement and investment from senior management in cybersecurity hiring and skill development practices. This support is crucial not only for securing funding and resources but also for enhancing the strategic alignment of cybersecurity efforts within broader business objectives. 

Conclusion 

The 2024 SANS | GIAC Cyber Workforce Research Report serves as a vital resource for understanding the dynamics of the cybersecurity job market. It provides actionable insights for HR and cybersecurity managers to refine their strategies in hiring, training, and retaining cybersecurity talent. By addressing the outlined challenges and implementing the recommended strategies, organizations can enhance their cybersecurity defenses through a robust, skilled, and well-supported cybersecurity workforce. This report is not just a reflection of current practices but a roadmap to future resilience in the face of global cyber threats.  

Download the full report here.  

Meet the expert

Unveiling the 2024 SANS | GIAC Cyber Workforce Research Report: Building and Sustaining Mid-Level Cybersecurity Roles | SANS Institute