If we want more people highly skilled in cybersecurity, we need to make the profession more appealing.
A business cannot be successful unless it is secure. But it is becoming increasingly difficult for an organization to ensure cybersecurity in a world of rapidly evolving digital disruptions. As cybercriminals become more aggressive and stronger in their behavior and capabilities, it is leaving businesses scrambling to keep up, looking for ways to not only resolve security breaches, but prevent them from happening in the first place.
With the Internet of Things quickly becoming a staple in nearly every day-to-day operation among companies, an increasing number of organizations are looking for IT professionals to join their teams.
Unfortunately, many aren’t able to find these recruits because there are more cybersecurity openings in the workforce than there is available talent to fill them. According to US News, the number of unfilled IT security jobs in America exceeds 200,000 and is expected to increase over time.
Considering that the amount of cyber threats plaguing both businesses and individuals is only going to continue to grow and intensify in danger, something needs to be done immediately. It’s safe to assume that there wouldn’t be as big a talent gap if more people were interested in the field – which, research has shown – only a small fraction of people are. The issue goes back to the basic education level. FWC recently reported that just 16 percent of high school students in the U.S. are interested in following a career in science, technology, engineering or math. Part of the issue is that educators are not doing everything they could be to build awareness and let students know the options that are available to them. We need to reimagine the cybersecurity profession if we want to attract a bigger, more diverse range of people.
Giving cybersecurity a makeover
To make it so more people pursue careers in information security, industry leaders must redefine the role of a cybersecurity professional in a way that is more accurate, engaging and appealing to a wider audience. The first step in doing so is establishing what issues exist with the current image of an IT worker and acknowledge how they may be limiting the field. For example, we need to move away from the assumption that all tech pros are white males. The industry has been – and still is – largely dominated by this demographic, but it is time to change that to make it more diverse.
“It’s time to redefine the role of a cybersecurity pro to one that is more honest and accurate.”
Unless people see their own race, gender and backgrounds being represented in a particular field, they probably won’t be too encouraged to enter it. However, seeing others who look like them holding leadership roles in cybersecurity can be a motivator and driving force for them to follow the same path.
Another preconceived notion that we need to start shattering is the idea the only people who can be cybersecurity professionals are those who are expertly skilled in computer programming and software engineering. According to US News, this topic was discussed during a panel event at the organization’s STEM Solutions Conference.
“I think people think about a guy who eats corn chips, drinks Mountain Dew, wears a black shirt and doesn’t talk to anybody,” explained U.S. Navy Director of Cybersecurity Troy Johnson.
Moving toward a merger of skills
While the cybersecurity industry could certainly benefit from more diversity, it would also be helpful if more people understood that technical skills are not the only ones need. The roles in information security available today cover a wide range of fields and subject matter and areas of specialty. The world of business and IT are continuously blending and, with it, the experience and skills needed to succeed with an information security strategy. “Computer programming and software engineering are not the only type of specialties needed in the cybersecurity field.”
For example, in an article for CSO Online, Kacy Zurkus recently pointed out that, as companies are increasingly not only encouraged but required to meet certain cybersecurity standards and protect digital assets, it is going to lead to more cyber lawyers and insurers being high in demand. The technical, hard skills needed to write code, software programs and IT infrastructures are not the only components involved in cybersecurity – and therefore these are not the only occupations that will be involved in the success of such efforts.
Of course, a certain level of IT skills will be required in the majority of functions for these roles. However, there are also other qualities that businesses will begin taking into account, such as communication, problem-solving and teamwork. It will be crucial to have a team of cybersecurity experts who are not only able to uncover, understand and implement the best-in-class solutions, but who are also able to clearly communicate and explain why a each is being used – especially to non-technical and C-suite-level employees.
Extending cybersecurity careers through education
If we want more people to be attracted to the cybersecurity field and fill the accumulating vacant roles in the U.S. workforce, it would be extremely helpful if it was more widely understood that they don’t need to be discouraged by positions that they just assume are too far beyond their level of expertise, experience or skill set. And this is where educators play a pivotal role.
At The National Cybersecurity Institute, we want to help people build their information security knowledge. We offer a wide range of preparation courses and training that allow them to get their cyber security certifications, including the (ISC)2 Certified Information Systems Security Professional (CISSP).