Skip to main content

Report: Cybersecurity recruitment, training misses the mark

Cybersecurity - Hacking - Hacktivism
Image Credit: Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


As the massive shortage of security talent and skills continues, sub-par recruitment processes and outdated training for cybersecurity professionals are exacerbating the problem, according to a new survey. If hiring and training processes are adjusted, however, retention of workers and the availability of crucial cyber skills can both be improved, said Adi Dar, founder and CEO of security skills development platform provider Cyberbit, which conducted the survey.

In the U.S. alone, job tracker Cyber Seek estimates that there are currently about 460,000 openings in cybersecurity — and these positions take an average of 21% longer to fill than other IT roles.

The SOC Skills Survey from Cyberbit gathered responses from 100 cybersecurity professionals, in 17 countries, from organizations with a security operations center (SOC) team larger than five and an IT budget of more than $20 million.

Training shortcomings

The survey found that on-the-job training is the main technique used to get SOC team members up to speed, with 41% of respondents saying that was how they were taught. The main training technique for 26% of respondents was courses, while simulation-based training — such as cyber labs, cyber ranges, or red vs. blue training — is used by just 22%, according to the survey.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

In the high-stakes realm of cybersecurity, “on-the-job training is really not the way to go,” Dar said. “On-the-job training means that the first time you see ransomware is when it hits you.” The Ra’anana, Israel-based company offers a cyber range that simulates attacks and cyber labs tools that help develop hands-on security skills.

Many cybersecurity professionals also reported that they don’t feel prepared for key aspects of incident response. In the area of intrusion detection, only 45% of respondents said they felt their team was adequately skilled, while in network monitoring, only 42% reported feeling their team was prepared.

Recruitment woes

Recruitment of security professionals is another weak spot, according to the survey. Just 33% of respondent reported that human resources recruiters for their company usually or always understand the requirements for working on a cybersecurity team. Additionally, 70% of respondents said that cybersecurity candidates are being assessed in the same way as other workers — through interviews — rather than using available tools to assess their practical skills.

“HR is following the traditional way of hiring,” Dar said. “But what the industry needs is to hire people based on their hands-on experience. You need to assess people based on their capabilities.”

Taking these issues together, many hires of cybersecurity workers end up being mis-hires, leading to low retainment and more open jobs, he said.

Ultimately, Dar said, “we must change the balance between the continuous investment in technologies and tools and the almost non-existent budgets that are invested in the cyber teams.”

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.