Cybersecurity leaders have been struggling with talent shortages in essential cyber roles for years. As financial demands increase and responsibilities expand, these leaders are feeling the pressure to do more with fewer resources. In response, they are creating roles that combine multiple security functions to meet the growing needs of the industry.

A recent report has shed light on the trend of multifunctional security roles within organizations. The study, conducted by IANS and Artico Search, surveyed over 560 cybersecurity staff from various industries in the U.S. and Canada. Additionally, informal interviews with 100 CISOs were conducted to understand the challenges they face in recruiting and retaining employees.

The report revealed that 42% of survey respondents have responsibilities that cover multiple cybersecurity domains. For example, 74% of AppSec staff also contribute to product security, while 67% are involved in identity and access management (IAM). Similarly, within product security, 63% of staff also support IAM. However, roles in governance, risk, and compliance (GRC) have fewer connections with other functions, with only 37% also taking on A&E responsibilities and 25% engaged in AppSec work.

The findings of the study also highlighted the discrepancy between typical corporate bands and role categorizations and the actual talent market in the cybersecurity industry. Many cybersecurity professionals are wearing multiple hats within their organizations, with each role not only fulfilling its core tasks but also supporting at least two additional functions. This complexity in roles has led many companies to reevaluate their compensation packages to attract and retain top talent in the field.

According to Steve Martano, a partner in Artico Search’s cybersecurity practice and IANS Faculty member, experienced staff with over 12 years of relevant experience can earn up to 22% more than the baseline. Specialization in areas like AppSec, product security, or IAM, as well as holding a master’s degree or Ph.D., can command a premium of 21% in cash compensation. On the other hand, cybersecurity professionals with less than three years of experience may earn packages that are up to 40% below the baseline, and those without college credentials beyond an associate degree also tend to receive below-average compensation.

Gender diversity and the gender pay gap are also important considerations in the cybersecurity industry. The research data suggests that 20% of cybersecurity professionals identify as female, binary, or other, with GRC having the highest gender diversity at 40%, followed by IAM at 25%. However, A&E staff has the lowest representation of non-male individuals at 10%. The study also found a gender pay gap of about 7%, with a more significant gap among experienced staff, where males tend to earn more than females with the same level of experience.

In terms of retention rates, staff recognition and job perks play a significant role. Feeling valued and supported, as well as having opportunities for career advancement, are strongly associated with lower job change considerations among cybersecurity professionals.

Overall, the cybersecurity industry is evolving, and with it, the roles and responsibilities of cybersecurity professionals. Organizations need to adapt to the changing landscape by offering competitive compensation packages, promoting diversity and inclusion, and providing opportunities for professional growth to retain top talent in the field.

Source link