Addressing the cybersecurity skills gap: Where do we go from here?
There are an estimated 3.12 million cybersecurity jobs that need to be filled – more than double the current number of workers in this field. With this drastic gap, it is vital that businesses, students, and the industry make it a priority to work together to protect against cyberattacks.
Looking back to inform the future
The cybersecurity industry has always been at a disadvantage because security was not much of a consideration when information technology started being built. No one had any idea that there would one day be a lucrative market for company information stolen via the technology they were creating.
Cybersecurity was only included into company strategy once they realized their infrastructure, data, and brand were under attack. Suddenly, these businesses needed to train employees to defend their technology and data but were unsure how to do so accurately and efficiently – and all the while the bad guys were evolving their tactics.
New exploits are being created every single day, but the industry is not establishing new protection or training programs at the same rate. While there is a lot of attention on cybersecurity and most executives understand its importance, attacks continue to be successful and numerous. Unfortunately, there just aren’t enough people entering the cybersecurity industry to combat them.
Closing the gap starts in school
There are many high schools, universities, and colleges that offer high-quality cybersecurity education programs. Every cybersecurity student should do a rotation in a Security Operations Center (SOC) that provides them with hands-on training and puts them in real-time and real-life situations. Students should be given an opportunity to receive the needed screen time and specific experience before entering the workforce.
Screen time is critical. Many students graduate with ease, but most of their technical skills and knowledge are irrelevant as soon as it’s learned since threat actors are constantly changing their tactics and techniques. By having this hands-on training, new pros can build experience practically rather than only understanding the job theoretically.
Next steps for businesses and students
With such a limited supply of cybersecurity talent, employers must find ways to make themselves attractive to prospective employees and simultaneously cultivate the in-house talent.
Businesses need to:
- Connect with local universities – find opportunities to share feedback on cybersecurity programs or hold positions on school boards. There is an opportunity to be on the ground floor to help inform a school curriculum by showcasing your knowledge of what will make a difference in the fight against these threat actors
- Offer on-the-job training – this is vital for shaping successful employees and is invaluable for building needed skillsets. Evaluate and evolve the training consistently to ensure your business is providing the correct environment
- Have a practice lab – especially for entry-level employees, since a large portion of their education may have focused on defense and they are not as skilled in offensive cybersecurity. Having a lab where they can work on both breaking and fixing systems is important
- Prioritize curiosity – create an environment that encourages employee growth and overall curiosity. By spotlighting this appetite for knowledge, employees will feel empowered to continue expanding their understanding of the industry, which will aid in employee retention
While much of the responsibility falls on schools and businesses, students and entry-level workers themselves need to understand that they, too, can create a better environment that fosters continued learning and success.
Students need to:
- Find a mentor – For anyone who has been in the industry less than a few years it is important to have a mentor who can help you understand the space. Many entry-level workers may not have the soft skills to succeed. A mentor can act as a guide as they will provide “war stories” and advice for career growth
- Understand the job landscape – Know that there are a variety of specialized fields within the cybersecurity industry. You do not have to be boxed into one category – understand and explore your options
- Get involved with organizations – While in school and even after, being a part of relevant cybersecurity organizations allows you to grow your professional network, which can help establish and grow your career
- Keep learning about attacks – Never stop learning about new and different attacker tactics, techniques, and procedures. They are constantly changing and having this knowledge can put you a step ahead when you enter the job market.
The cybersecurity skills gap is big, but if businesses and students understand the current shortage and work together to build a foundation for the critically needed skills, then each side will be in a better position to successfully combat threat actors.