As the new year begins gaining steam, there is ostensibly a piece of good news on the cyber front. Major cyberattacks have been in a lull in recent months, and still are. This bad news is compounded by the harsh reality that there are not nearly enough cybersecurity pros to properly respond to all the threats.
Seasoned cyber pros typically earn $95,000 a year, often markedly more, and yet job openings can linger almost indefinitely. Between September 2017 and August 2018, U.S. employers posted nearly 314,000 jobs for cybersecurity pros. If they could be filled, that would boost the country’s current cyber workforce of 714,000 by more than 40 percent, according to the National Initiative for Cybersecurity Education.
In a recent study, (ISC)2 — the world’s largest nonprofit association of certified cybersecurity pros — said there is now a gap of almost 3 million cybersecurity jobs globally — substantially more than other experts said might be the case years into the future. Companies are trying to cope in part by relying more aggressively on artificial intelligence and machine learning, but this is still at a relatively nascent stage and can never do more than mitigate the problem.
Cybersecurity has long been a field that has embraced people with nontraditional backgrounds. Almost no cybersecurity pro over 30 today has a degree in cybersecurity and many don’t even have degrees in computer science. Professionals need some training to become familiar with select tools and technologies – usually at a community college or bootcamp — but even more they need curiosity, knowledge of the current threat landscape and a strong passion for learning and research. Particularly strong candidates have backgrounds as programmers, systems administrators and network engineers.
Another key finding from the study was that 43 percent of those polled said their organization provides inadequate security training resources, heightening the possibility of a breach. Universities suffer shortcomings, as well. Roughly 85 of them offer undergraduate and/or graduate degrees in cybersecurity. There is a big catch, however. Far more diversified computer science programs, which attract substantially more students, don’t mandate even one cybersecurity course.
Fortunately, positive developments are popping up on other fronts. Select states have begun taking steps to help organizations and individuals alleviate a talent shortage by building information-sharing hubs for local businesses, government and academia — all revolving around workforce development.
Much further along are cyber bootcamps and community college cybersecurity programs. The bootcamps accept non-programmers, train them in key skills and help them land jobs. Established bootcamps that have placed graduates in cyber jobs include SecureSet Academy in Denver, Open Cloud Academy in San Antonio and Evolve Security Academy in Chicago.
Technology companies still must work much harder to broaden their range of potential candidates, seeking smart, motivated and dedicated individuals who would be good teammates. They can learn on the job, without degrees or certificates, and eventually fit in well. You can quibble with how much time, energy and work this might take. It’s clear, however, that there is no truly viable alternative.