Journal of Information Systems Education


While demand for cybersecurity professionals is high, the field is currently facing a workforce shortage and a skills gap. Thus, an examination of current cybersecurity position hiring requirements may be advantageous for helping to close the skills gap. This work examines the education, professional experience, industry certification, security clearance, and programming skill requirements of 935 cybersecurity positions categorized by sub-field. The nine sub-fields are: architecture, auditing, education, GRC (governance, risk, and compliance), management, operations, penetration testing, software security, and threat intelligence / research. Prior work experience and higher education degrees in technical fields were found to be frequently required across all sub-fields. Over 48% of positions listed an industry cybersecurity certification, while 19% of positions required a security clearance. In addition, 25% of positions listed knowledge of a programming language as a requirement for employment. There were notable differences in certain position requirements between sub-fields. On average, management positions required three years of additional work experience than positions in the auditing, operations, and penetration testing sub-fields. Security clearance requirements were relatively similar across all other sub-fields, with the GRC sub-field having the highest percentage of positions requiring a security clearance. Programming skills were desired most prevalently in positions within the architecture, software security, and penetration testing sub-fields. Demand for industry certifications varied by sub-field, although the Certified Information Systems Security Professional (CISSP) certification was the most frequently desired certification. Cybersecurity education programs should consider the diverse nature of the cybersecurity field and develop pathways to prepare future cybersecurity professionals for success in any sub-field.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.