HR broadens headhunting approach amid worsening workforce gap

Nearly three in every five (58%) cybersecurity hiring managers in Singapore rely on standard job postings in their search for cybersecurity talent, but they have identified or recruited talent through apprenticeship/internship programs at organisations (48%) and staffing recruitment organisations (45%). 

These are findings from (ISC)²’s Asia-Pacific Cybersecurity Hiring Managers research report, which is based on a survey conducted last June of 787 respondents across Singapore, Hong Kong, Japan and South Korea.

The research findings highlight the importance of adopting a blended approach to searching and recruiting early career cybersecurity professionals, assessing candidates based on both technical and non-technical skills and attributes, as well as investing in career development amidst a cybersecurity workforce gap of 2.2 million in the region.

At the regional level, companies have also diversified their recruitment practices when it comes to candidate sourcing, with hiring managers turning to existing employees from non-traditional IT departments such as Customer Service (43%) and Human Resources (38%) for entry- and junior-level staff.

“Our research findings point to the widening cybersecurity workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO of (ISC)². 

Rosso said that with APAC registering the second highest year-on-year rise in shortage globally, organisations in the region need to be creative with their cybersecurity hiring. 

“However, unlike conventional thinking, adopting an innovative approach doesn’t mean that organisations have to take on more hiring risks,” added Rosso.

Survey findings also indicate that adopting a more collaborative hiring approach between HR and cybersecurity teams, identifying candidates with relevant attributes and skills, as well as investing in their professional development can enable organisations to build more resilient, sustainable cybersecurity teams.

Still, the vast majority (97%) of hiring managers surveyed said that their organisations provide some form of professional development for their entry- and junior-level staff. 

This ranges from certification training and courses to the sponsorship of certification exam fees as well as mentorship programs.

In Singapore, 48% of Singapore respondents said they use apprenticeship or internship programs at their organisations to identify or recruit candidates, surpassing the other markets surveyed.

When hiring cybersecurity talent within the organisation, unconventional departments that respondents have recruited from include customer service (43%), human resources (38%), communications (34%), finance (21%) and marketing (18%).

HR departments are influencing two key areas when developing entry- and junior-level cybersecurity job descriptions — education requirements (43%) and nice-to-have technical skills (43%).

Among respondents, 62% of research participants would hire a candidate self-taught in IT/cybersecurity despite having no work experience, with those in Singapore and Hong Kong most likely to consider such candidates.

Data security (34%) and security administration (32%), as well as the ability to work effectively in a team (48%) and independently (33%), emerged as the most highly rated technical and non-technical skills hiring managers expect from candidates.

More than half (58%) of hiring managers surveyed observed that most entry-level cybersecurity practitioners are able to handle assignments independently within or under nine months.

Organisations in Singapore are most likely to provide entry- and junior-level cybersecurity team members career development time during working hours, with 86% of respondents from the city-state confirming this (greater than 80% across the four countries).