Learn about the emerging multifunctional security roles in cybersecurity and the challenges faced in recruiting and retaining talent.
The Evolving Landscape of Cybersecurity Roles and Talent
( Credit to: Helpnetsecurity )
In recent years, the cybersecurity industry has been grappling with a shortage of talent in crucial cyber roles. As organizations face increasing financial demands and expanding responsibilities, cybersecurity leaders are under pressure to accomplish more with limited resources. This has led to the emergence of multifunctional security roles that encompass multiple security functions.
( Credit to: Helpnetsecurity )
According to a study conducted by IANS and Artico Search, 42% of cybersecurity staff have responsibilities that span multiple cybersecurity domains. The report highlights three common functional combinations within these roles: architecture and engineering (A&E), application security (AppSec), and product security. For instance, 74% of AppSec staff also contribute to product security, and 67% are involved in identity and access management (IAM). Similarly, within product security, 63% of staff also support IAM. However, governance, risk, and compliance (GRC) roles exhibit lighter ties with other functions.
Misalignment of Corporate Bands and Role Categorizations
The study reveals that typical corporate bands and role categorizations often do not align with the infosec talent market. Many cybersecurity professionals find themselves wearing multiple hats within their organizations. This discrepancy poses challenges for companies in terms of compensation and talent retention. Cybersecurity requires specialized compensation packages to compete for talent effectively and minimize attrition.
Factors Affecting Compensation
The report highlights that experience, specialization, and advanced degrees play a significant role in determining compensation levels. Professionals with at least 12 years of relevant experience earn up to 22% above the baseline. Expertise in AppSec, product security, or IAM, as well as possessing a master's degree or Ph.D., commands a premium of 21% for cash compensation. On the other hand, those with fewer than three years of relevant experience earn packages up to 40% below the baseline. Additionally, cybersecurity professionals without college credentials beyond an associate degree tend to receive below-average compensation.
Gender Diversity and Pay Gap
Gender diversity within cybersecurity roles varies across domains, with GRC having the highest representation of non-male professionals at 40%. IAM follows with 25%, while A&E staff has the lowest representation at 10%. The study also indicates a gender pay gap of approximately 7%, with a more significant gap observed among professionals with 12-plus years of experience. Among those with up to three years of experience, there is a 3% pay gap in favor of gender-diverse professionals.
Retention Factors
The report highlights that staff recognition, feeling valued and supported, and opportunities for career advancement are closely linked to job retention rates. Organizations that prioritize these factors are more likely to retain their cybersecurity talent.
Conclusion
The cybersecurity industry continues to face talent shortages, prompting the evolution of multifunctional security roles. As the responsibilities of cybersecurity professionals expand, organizations must adapt their compensation packages and recognize the diverse skill sets and expertise required. Bridging the gender pay gap and fostering gender diversity in cybersecurity roles are also critical steps toward creating a more inclusive and resilient industry. By recognizing and addressing these challenges, organizations can attract and retain top cybersecurity talent in an increasingly complex digital landscape.
