Depending on the organization, entry- and junior-level cybersecurity professionals are assigned an assorted mix of tasks, according to new (ISC)² research. Junior-level employees typically are trusted to handle most tasks, the research shows.
The findings come from a survey of 1,250 cybersecurity hiring managers showing wide variation in the roles that less-experienced hires are expected to take on. The study shows some differentiation between the types of tasks assigned to entry-level as opposed to junior-level employees. It also reveals greater agreement among respondents about what tasks junior-level employees can handle. Differences within level of responsibility assignments varying by company size also surfaced.
Though somewhat surprising, the variation is not necessarily a bad thing. It suggests different companies are making task-assignment decisions based on their specific needs.
Keeping in mind there is wide variation, several tasks are deemed appropriate to entry-level professionals (up to one year of experience) by at least a quarter of the organizations represented in the survey. They include alert and event monitoring, documenting processes and procedures, using scripting language, incident response, user awareness training, and developing and producing reports. The limited level of agreement on these tasks means that differences from one company to another are far greater than anticipated.
At the junior level (one to three years of experience), the study reveals more commonalities, with higher numbers of respondents citing similar tasks. Nearly half of respondents say they have assigned the following responsibilities to junior-level cybersecurity team members: information assurance; backup, recovery and business continuity; intrusion detection; alert and event management; data analysis; encryption; and penetration testing.
It would be reasonable to expect that companies would stick to routine tasks for less-experienced employees. In fact, many tasks assigned to junior-level talent were at the experience level of a more senior, experienced practitioner. Presumably, organizations are trusting junior-level employees with these tasks because those employees have demonstrated the ability and skills to perform them. At the same time, these assignments free up senior staff to focus on advanced responsibilities such as software development, data security and risk assessment.
Differences by Company Size
The research revealed some differences in task assignments based on company size. For instance, respondents at organizations with 2,500 or more employees are more likely than their counterparts at small and midsize companies to assign cloud security responsibilities to more experienced cybersecurity team members. Interestingly, nearly one quarter (23%) of managers at midsize companies (500 to 2,499 employees), believe entry-level staff can handle cloud security.
The study revealed agreement between small businesses and enterprise companies that endpoint remediation is suited to more experienced professionals.
When it comes to forensics, however, managers at larger organizations prefer to assign the task to more experienced team members. Meanwhile, 38% of managers at small organizations (fewer than 100 employees) believe entry-level team members have the skills to handle forensics.
The findings show there is no standardized approach to task assignment for less-experienced employees. While it may help to establish some standards, the reality is that companies will keep making assignments based on their workload and employee capabilities. Obviously, certain tasks are more appropriate than others for entry- and junior-level practitioners, but successful cybersecurity team leaders can determine when their team members are ready to take on more complicated tasks.
The post Assigning Tasks to Less-Experienced Cybersecurity Hires Depends on Company Needs appeared first on Cybersecurity Insiders.
September 08, 2022 at 09:09PM
0 comments:
Post a Comment