As the cyber threat landscape grows exponentially, there’s still a significant shortage of skilled cybersecurity professionals—3.12 million professionals, according to (ISC)2’s 2020 Cybersecurity Workforce Study. At the same time, there’s a huge number of job-seekers, especially those who may be looking for something new after a pandemic-induced layoff, as well as those just entering the workforce after graduating college.
Unfortunately, the reality is that too many people have felt disenfranchised when it comes to getting tech jobs. There are a number of perpetuating myths about cybersecurity careers that are preventing many people from even considering them, but cybersecurity holds opportunities for almost everyone. It’s truly a field open to almost all. The trick is knowing how to get started.
Understanding – and Dismantling – the Barriers to Entry
Most job-seekers look for roles they think they reasonably have a shot at: ones they are fully qualified for, whether that qualification comes from education or past experience. Cybersecurity-related jobs are no exception, as it is often assumed that one must have a strong background in IT even to be considered a prospective candidate. While this can be true within some roles and organizations, it is certainly not the case across the entire industry. In today’s world, nothing about cybersecurity is cut and dry, including the pathway to becoming a professional in this industry.
Gallup conducted research demonstrating that more diverse teams perform at a higher level than their homogenous counterparts. Diversity across educational and professional backgrounds can bring a variety of viewpoints and opinions to the table that can help teams solve the complex puzzles cybercriminals construct. As with anything, having a fresh set of eyes on a problem can be critical to finding a solution.
More Than Hacking and Programming
While there are obviously plenty of jobs in the cybersecurity industry that do require extensive hacking or programming skills, those are not the only roles available. A key problem in cybersecurity hiring centers on the sets of skills and attributes hiring managers believe are mandatory in a “qualified” individual. All too often, these wish lists grow beyond what any individual could have possibly attained over the course of a 5-, 7-, or even 10-year career in the industry. Worse, hiring according to a set list of qualifications tends to rule out some of the most talented and capable recent graduates—those who are eager to learn and most excited about the profession.
As organizations rethink the way they hire and begin to prioritize soft skills over “X years of experience,” they will end up with employees who are happier at their jobs and fit in better with the rest of the team. Interviewing for, say, analytic sharpness, level of comfort with abstract ideas, communication skills and leadership ability, mathematical and modeling skills, independence and autonomy, and other such “soft” skills is likely to reveal much more about a candidate’s chances for long-term success than their resume alone.
Taking a Different View
Until now, it would have been easier for IT recruiters to quickly dismiss candidates who did not fit the traditional mold of a cybersecurity professional. But considering how quickly the field is changing, this can no longer be the case. By widening their searches, organizations can expand their talent pools and play an active role in bridging the skills gap. In addition, organizations need to focus on nurturing the cybersecurity professionals already within their ranks to expand their skillset and continue growing beyond their current roles, as well as prospect non-traditional employees who can make the switch into a career in cybersecurity.
Both of these options necessitate continuous learning and professional growth. Once a person has been hired, there’s still work to do. Individuals can continue to grow their technical and non-technical skillsets within their organizations through training and certification programs. The dynamic nature of this industry means that there are always new things to learn to keep networks secure.
Even those who have been in the industry for decades can benefit from educating themselves about the latest best practices and network security concepts. By embracing opportunities for training, candidates who may have traditionally been passed over for certain roles—or may not have even thought to apply for these roles—can continue to grow and demonstrate their value to their organizations.
A New World of Possibilities
One of the biggest misconceptions keeping many people, especially women and early-in-career starters, from even considering a career in cyber is that you must have a lot of or very specific experience first. But there are cybersecurity careers that don’t require multiple years of computer science, and innate skills can sometimes be at least as valuable as “relevant experience.” As organizations reconsider their hiring practices, as well as nurturing talent already on their payrolls, they will help to narrow the cyberskills talent gap while offering new career opportunities to a more diverse group of candidates.
Sandra Wheatley is senior vice president, threat intelligence, marketing and influencer communications at Fortinet.