It is estimated that there are over 700K more cyber jobs than there are professionals to fill them. In fact, the cyber workforce challenge is so severe that the US Executive Branch recently released a 60-page strategy aimed at Unleashing America’s Cyber Talent which introduces a layered approach to closing this gap and demonstrates the complexity of the cyber workforce issue that we are facing.
Cyber professionals are constantly pressured to deliver secure solutions and adjust to a continuously shifting threat landscape. This encourages us to seek out other experienced professionals to fill our open opportunities leaving little time for us to refresh our own skills and even less time to train entry-level employees. However, such challenges resign these potentially new candidates to question, ‘How does one get an entry-level job when experience is a qualifying factor?’
Recently, I attended a career fair where I met hundreds of young professionals with a cross-section of experience and cultural backgrounds looking to start their professional careers. Attendees ranged from college juniors to recent graduates. Some had degrees in cyber and technology while others had degrees in science or engineering. During our conversation, I was reminded of the recruitment roadblocks preventing young talent from entering this space.
How can one start a career in cybersecurity?
I have participated in panel discussions where I cover the cyber threat landscape, the job opportunities presented in cybersecurity, and the need to develop the talent to address the cyber workforce gap. However, when addressing students, educators, and counselors, I continue to hear about the barriers to entry into this field. While these challenges appear to be happening across all gender, race, and cultural backgrounds, there is a disproportional impact on minorities in the workplace. According to the Aspen Digital Tech Policy report, only 9% of cybersecurity experts are Black/Afro-American. About 8% are Asian and 4% are Hispanic. Women represent only 24% of cyber professionals.
So, how can we fix this? How are students supposed to start careers in cyber when so many roles require multiple years of experience? What is needed to further support and integrate more diversity into the cyber workforce?
As we can determine from the Unleashing Americas Cyber Talent national strategy, this is a nuanced challenge facing our industry. However, I believe there are things we can do to break down some barriers and create opportunities for young, diverse, cyber professionals.
A wise man once said, ‘The answer to all your questions is money.’ Whether we are opening up more positions for entry-level roles, cross-training existing employees, or providing innovative ways to develop cyber skills, we need to think creatively about how we can develop, incentivize, and fund these initiatives.
Such challenges resign these potentially new candidates to question, 'How does one get an entry-level job when experience is a qualifying factor?'
Remove Certifications and Years of Experience Requirements from Entry-Level Positions
Many cyber certifications (e.g., CISSP, CISM) require the certificate holder to have minimum levels of job experience. This requirement can discourage underrepresented groups who may not have the resources to gain these certifications from applying to these roles. For those of us who have been in this field for a while, we created the ‘experience certification barrier’ to limit the ‘paper experience’ challenges that plagued us in the aughts. We, as cyber professionals, should understand that certifications do not equal quality talent. Certifications should be used to certify a skill honed over years of effort and one cannot do that if they are not presented with an opportunity to prove themselves.
High-performing cyber security professionals often possess critical thinking skills, relentless pursuit to find the root cause of an issue, a pinch of skepticism, and high energy. These skills should be the most valued in selecting entry-level cyber professionals.
Create an Inclusive Environment
Companies often measure the number of diverse talent they hire into their organizations. However, few companies measure their ability to retain diverse talent. This limited view is counterproductive to inclusion initiatives. Organizations must listen to the voices of their underrepresented groups and take action to foster inclusive practices that retain these employees.
While I’m certain there are several more actions to break barriers for underrepresented groups in the cyber workforce, I am eager to hear your opinions or experiences when attempting to get a start in this highly sought-after career path. Please share your experience with hiring cyber talent, advancing diversity in cybersecurity, or building skills necessary to reduce the deficit.
< Return to Life at DTCC