Junior Cyber Roles: Demanding Expectations?
- Cybersecurity hiring managers need to reassess thier expectations for junior staff, according to ISC2, a cybersecurity training and certification organization.
- ISC2's recent hiring trends study indicates that many entry-level job descriptions demand experience and certifications unlikely for those just starting their careers.
- Dan Houser,formerly with ISC2 and now at Oracle,noted that demanding advanced certifications like CISSP,CISA,or CISM from early-stage hires has been a long-standing problem.
The cybersecurity field faces a critical challenge: unrealistic expectations hindering the acquisition of junior talent.An ISC2 study reveals that many job postings for cybersecurity roles demand experiance and certifications that are challenging for entry-level professionals to attain, hampering recruitment. The focus must shift towards on-the-job training, clear career paths, and valuing essential skills like teamwork and problem-solving. Diversifying recruitment efforts to include candidates from varied backgrounds is also key. News directory 3 knows the industry demands specialists over generalists. Will these shifts reshape how organizations approach hiring? Discover what’s next to secure the future with in-demand cybersecurity skills.
Cybersecurity Hiring Trends Reveal Unrealistic Expectations
Updated June 13, 2025
Cybersecurity hiring managers need to reassess thier expectations for junior staff, according to ISC2, a cybersecurity training and certification organization. Job advertisements often include requirements that are difficult for entry-level professionals to meet, hindering recruitment efforts and access to cybersecurity jobs.
ISC2’s recent hiring trends study indicates that many entry-level job descriptions demand experience and certifications unlikely for those just starting their careers. this creates a “catch-22” where employers struggle to find qualified candidates, while early-career talent is locked out of opportunities to gain experience.
Dan Houser,formerly with ISC2 and now at Oracle,noted that demanding advanced certifications like CISSP,CISA,or CISM from early-stage hires has been a long-standing problem. The report emphasizes that employers should clearly distinguish between “nice-to-have” and “must-have” qualifications to attract a wider pool of candidates.
“Hiring managers should consider reevaluating their job descriptions and othre hiring mechanisms to reflect the true nature of the role, making the distinction between ‘nice-to-have’ and ‘must-have’ qualifications clear,” the study stated.
The study also highlights that on-the-job training and employer support can effectively address skills gaps. employers should also value teamwork, problem-solving, and analytical thinking, which are highly sought-after skills in cybersecurity job descriptions.
While technical expertise remains crucial, especially in areas like cloud security and data security, employers are increasingly recognizing the value of diverse backgrounds. ISC2 found that about 25% of hiring managers successfully recruited cyber talent from educational programs outside of traditional STEM fields.
The research indicates that 90% of hiring managers prefer candidates with prior IT experience,and 89% favor those with entry-level certifications. However, internal candidates from departments like finance, communications, HR, customer service, and marketing can bring fresh perspectives and innovative ideas to cybersecurity teams.
For individuals considering a career change into cybersecurity, obtaining a Security+ certification is a recommended first step. This certification is highly valued by employers assessing entry-level and junior candidates, second only to the more advanced CASP+.
“This trend indicates the value that professionals from non-IT backgrounds can bring to the field, offering fresh perspectives, business acumen, technical and non-technical (soft) skills, and innovative thinking to the cybersecurity team,” the report stated.
The cybersecurity job market is evolving, with a growing demand for specialists in specific sub-fields. Recent layoffs and the increasing use of AI for basic security tasks have led employers to seek unique talent, particularly in oversight and governance.
What’s next
Organizations should consider option hiring strategies, such as internships, apprenticeships, and non-traditional educational backgrounds, to strengthen their talent pipelines and foster a new generation of cybersecurity professionals. Continuous learning and adaptation are essential for success in this rapidly evolving field.
