Introduction

    Research Objectives

    In order to assess the experiences, careers, and opinions of cybersecurity professionals, ESG and ISSA surveyed 389 ISSA members, comprising cybersecurity professionals representing organizations of all sizes, across a variety of industries and geographic locations. Eighty-two percent of survey respondents resided in North America, 8% came from Europe, 5% from Asia, 3% from Africa, and 2% from Central/South America (note: total exceeds 100% due to rounding).

    The survey and overall research project were designed to answer the following questions:

    Why did they become cybersecurity professionals?

    How are they developing and advancing their careers?

    Are they happy at their jobs and with their career choices?

    What are the primary pieces of advice cybersecurity professionals would give to those seeking jobs in the cybersecurity field?

    What is necessary for cybersecurity job satisfaction? Alternatively, what alienates cybersecurity professionals and causes them to look for other jobs?

    How important is continuous skills development in the minds of cybersecurity professionals?

    How do cybersecurity professionals develop their skills? What works, and what doesn’t work?

    Do the responsibilities and workload associated with cybersecurity jobs get in the way of skills development?

    Do the organizations cybersecurity professionals work at provide adequate training, skills development programs, or services for career advancement?

    Do organizations have CISOs or similar positions in place?

    Are CISOs active participants with executive management teams and the board of directors (or similar oversight group)? Is this level of engagement considered to be sufficient?

    How do cybersecurity professionals rate the performance of their CISO?

    Do cybersecurity professionals believe that their organization has been impacted by the global cybersecurity skills shortage? If so, in what way?

    In which areas do their organizations have the biggest cybersecurity skills deficits?

    Is the cybersecurity skills shortage improving, and are organizations doing enough to address it?

    Survey participants represented a wide range of industries including information technology, financial services, government, business services, and manufacturing. For more details, please see the Research Methodology and Respondent Demographics sections of this report.