Much has been written about the growing talent gap in cybersecurity. Why is there so much need for additional and more qualified talent in such a lucrative and rewarding career field? What can be done to fill this gap?
In a recent revelation, new data from the International Information System Security Certification Consortium (ISC2) has shed light on the exciting developments in the cybersecurity realm. Picture this: In 2022, a staggering 700,000 cybersecurity professionals stormed the labor force, igniting a 25% surge from the previous year’s payroll numbers. But hold on tight because the adventure doesn’t end there.
To meet the ever-growing security requirements and staffing needs, the field yearns for an audacious growth spurt of 89% globally. Yes, you heard it right! The demand for cybersecurity talent is soaring sky-high, craving bright and innovative minds like never before.
What is the reason for the cybersecurity talent gap?
Amidst the quest to bridge the cybersecurity talent gap, examining the tumultuous happenings within the marketplace is crucial. Why does this considerable gap persist? Is it due to a demand that surpasses the supply of passionate individuals seeking to embark on a cybersecurity journey? Or could it be attributed to inadequate training for the available talent? Perhaps companies are yet to comprehend their cybersecurity needs fully.
In the intriguing landscape of information security, recent events illuminate the urgency of our current predicament. March 2023 witnessed three significant data breaches reverberating through the industry, impacting notable entities like Latitude Financial, Go Anywhere, and AT&T. Among these incidents, Latitude Financial fell victim to the most significant data breach of that month, sending shockwaves through the cybersecurity realm.
With over 14 million compromised records, the breach at Latitude Financial proved to be a significant blow. Cybercriminals infiltrated their systems, gaining access to a wide range of sensitive data. Shockingly, nearly 8 million driver’s licenses, 53,000 passport numbers, dozens of monthly financial statements, and an additional 6 million records dating back to “at least 2005” were exposed. The source of this attack remains elusive, compelling investigators to delve into the depths of this enigma.
Another Part of the Problem: Recruiters’ Traditional Approach.
Over the past year, we’ve been monitoring job postings on the web or social media, especially those looking to hire for entry-level positions, such as cybersecurity analysts. Many of them, though not all, have requirements far beyond the possibilities of someone just starting their career. Among the most common job requirements are candidates with a bachelor’s degree, several years of experience, and knowledge of advanced cyber skills. In practice, however, a cybersecurity analyst or Jr. Engineer should have skills and knowledge of operating systems, hacking processes, computer scripts, diverse systems, and network administration.
Most industries have figured out the background requirements for their entry-level jobs. Most career paths have entry-level requirements of one or two years of experience that can be traded for specific educational accomplishments. But in cybersecurity, we know many wondering why there truly is no such thing as an entry-level job. Perhaps we need to rethink this model.
Here is a typical job posting for an entry-level cyber analyst.
How does someone get experience with policies, penetration testing, vulnerability scans, etc., in a corporate environment if that experience is necessary to get your foot in the door in the first place?
Additionally, cybersecurity has witnessed a remarkable shift in recent years, challenging traditional notions and paving the way for a more inclusive and diverse workforce. For example, while a bachelor’s degree can certainly provide a strong foundation for a cybersecurity career, it is no longer considered an absolute requirement to enter the field. Here’s why:
- Evolving Skillset: Cybersecurity is a dynamic and ever-evolving field that demands diverse skills. While formal education can provide valuable knowledge, the industry recognizes the importance of practical, hands-on experience and specialized certifications. Employers now emphasize an individual’s skills, aptitude, and ability to address cybersecurity challenges.
- Rapidly Changing Landscape: The cybersecurity landscape continuously evolves, with new technologies, threats, and techniques emerging rapidly. The industry needs an adaptable, agile workforce. As a result, many employers are open to considering candidates who have gained relevant skills through alternative paths such as self-study, online courses, boot camps, or practical experience in related fields.
- Skill-Based Roles: The cybersecurity field comprises various specialized roles with unique skill requirements. Some positions may require expertise in areas like network security, penetration testing, incident response, or security analysis. Acquiring specific skills and certifications relevant to the desired role could be more valuable than a generalized bachelor’s degree.
- Diversity and Inclusion: Recognizing that talent can come from various backgrounds, the cybersecurity industry actively strives to promote diversity and inclusion. By removing strict degree requirements, organizations can tap into a more diverse pool of talent, including individuals who may have acquired relevant skills through non-traditional paths or have transferable expertise from other disciplines.
- Continuous Learning Culture: Cybersecurity professionals must possess a lifelong learning mindset to keep pace with the rapidly evolving threats and technologies. This emphasis on constant learning means that individuals can continually develop their skills and knowledge, regardless of their initial educational background.
While a bachelor’s degree can still be beneficial and advantageous for specific career paths within cybersecurity, it is no longer an insurmountable barrier to entry. The industry values practical skills, relevant certifications, passion, and a commitment to ongoing learning. By embracing diverse pathways, we can foster a vibrant and inclusive cybersecurity workforce that effectively tackles the challenges of our digital era.
As an industry, we need to understand better what skills are required and how to hire for those skill needs. Like other sectors, we need to train from the ground up and prepare our employees for more complicated job functions later in their careers. Suppose we don’t give cyber professionals time to grow into their jobs. In that case, we will continue to be staffed with individuals unprepared for pending attacks and simply insufficient people in the cybersecurity workforce.
There is little doubt that we must collectively dig deeper into organizational and industry needs and better understand what skills a person has to have to succeed in an entry-level job. Then those jobs follow as their skills and experience expand. Is it possible that job postings like the above should be different?
As cybersecurity practitioners and trainers, we need to help create more realistic expectations and more effective training programs and better understand cyber threats and how we combat them. We need to know what our needs are so that we can close the talent gap in a faster and more effective way. We believe diversity is key.
Diversity: Key to Close the Cybersecurity Talent Gap.
As cybersecurity practitioners and trainers, we have a vital role in bridging the cybersecurity talent gap and fostering a more inclusive workforce. To accomplish this, embracing the importance of diversity in cybersecurity is crucial. Here’s how diversity can help close the talent gap:
- Diverse Perspectives and Problem-Solving: Diversity brings together individuals with unique backgrounds, experiences, and perspectives. We gain access to a broader range of ideas and problem-solving approaches by fostering diversity within the cybersecurity field. Diverse teams can offer fresh insights and innovative solutions to combat cyber threats, leading to more effective cybersecurity practices.
- Enhanced Creativity and Innovation: Different perspectives encourage out-of-the-box thinking, enabling cybersecurity professionals to devise novel strategies and defenses. By promoting diversity, we unlock a wealth of untapped potential, fueling innovation within the field.
- Expanded Talent Pool: Embracing diversity allows us to tap into a wider talent pool. By removing barriers and biases, we attract individuals from diverse backgrounds, cultures, and skill sets. This expands the pool of potential cybersecurity professionals, helping to address the talent shortage and close the gap more efficiently.
- Representation and Inclusivity: Building a diverse cybersecurity workforce allows underrepresented groups, such as women, racial and ethnic minorities, and individuals from marginalized communities, to contribute their unique skills and perspectives. This promotes equality and ensures that cybersecurity initiatives consider the needs and concerns of diverse user populations.
- Cultural Competence and Global Reach: Cybersecurity is a global concern, and having a diverse workforce enables organizations to understand better and address the unique challenges faced by different regions and cultures. By embracing diversity, we foster cultural competence and establish connections with diverse communities, enhancing our ability to protect digital infrastructures worldwide.
By recognizing the importance of diversity and actively promoting it within the cybersecurity field, we can attract a broader range of talent, foster innovation, and create a more inclusive and resilient cybersecurity ecosystem. Let us champion diversity as a key driver in closing the talent gap and fortifying our defenses against evolving cyber threats.
In conclusion, the time has come for introspection and action. We cannot afford to persist with that traditional recruiting model as cybersecurity demands continue to outpace our existing talent pool. The path ahead may be uncertain, but we are determined to contribute to the solution. It’s time to confront the challenges head-on and embrace a new approach. Together, we will seek innovative strategies and reshape the landscape of cybersecurity talent to meet the ever-growing demands.
Webinar “The Cybersecurity Talent Gap: Opportunities & Obstacles for Service Providers.”
We’re thrilled to partner with Media Sonar Technologies to discuss the opportunities and challenges that lie ahead for Service Providers in the cybersecurity landscape.
Discover how Managed Service Providers (MSPs) can leverage the talent gap to their advantage and strengthen their cybersecurity posture. Mark your calendar and secure your spot now.