How to Build a Skilled Workforce for Strong, Sustainable and Balanced Growth
Estimates vary widely, but approximate that hundreds of thousands of open cybersecurity roles exist with that number growing to millions of open roles within the next decade. This is juxtaposed with a very limited pool of cybersecurity professionals. US census data from 2019 indicates somewhere around eight hundred thousand cybersecurity professionals live in the US, with about four and a half million Americans employed as information technology professionals. To compare this to the total number of employed Americans, about 3% of the workforce is employed in the information technology industry, with a mere 0.5% employed in cybersecurity. For another comparison, this is less than the total number of Americans holding a Top Secret national security clearance. To say cybersecurity professionals are in high demand is an understatement.
Based only on stats, one may assume cybersecurity an undesirable or unattainable career path. Yet, pay for the industry is far higher than the average American salary and the vast majority of entry level skills can be developed by self-study with an average computer and internet access. Quality of life is relatively high and cybersecurity jobs exist in every state with a growing percentage of remote roles available to anyone with an internet connection. This begs the question: how can a talent shortage exist? One would think folks from all walks of life would be trying to break into this industry. The fact is they are, but the cybersecurity industry is by and large too immature to build an effective talent pipeline for entry level talent, and relies on poaching experienced talent from other companies due to operational and organizational immaturity.
“Quality of life is relatively high and cybersecurity jobs exist in every state with a growing percentage of remote roles available to anyone with an internet connection”
Cybersecurity has been an established practice for a few decades at best. Our industry is largely practiced in secret and the implementation of cybersecurity services are highly customized and specific to each company and industry. This isolated community of practice stunts the maturity of the industry. Cybersecurity programs are reliant on individual contributors capable of thinking creatively, working independently, and producing results with minimal on the job support. In this kind of environment, taking advantage of entry level candidates is nearly impossible. Entry level candidates require significant structure and support; in other words, clearly documented process, mentorship, on-the-job training, and coaching. Small to medium sized businesses are typically incapable of funding this amount of organizational rigor. The onus falls on Fortune 1000 organizations, cybersecurity vendors, and service providers to facilitate a pipeline for entry level talent. The solution to the talent shortage is equally simple and intricate: organizations with large cybersecurity teams must build their services with support for entry level hires in mind. Large organizations have the luxury of leveraging money and brand reputation to compete for talent. However, those of us in these positions must hold ourselves to a higher standard. Take the time to document robust processes, standards, and guidelines. Build cybersecurity teams and services with entry-level hiring in mind, carving out full-time roles that are simple and approachable for an intern, college grad, or talented, self-taught eighteen-year-old straight out of highschool. I would go so far as to say cybersecurity executives hold an obligation to this industry to do so. Before launching your next big initiative or tool deployment, consider the number of entry level employees you’ve hired in the last few years. If that number is low or non-existent, take a moment to evaluate how you can re-organize your service to allow someone to break into the industry. This not only benefits your employees and organization, but helps the maturity of our entire industry.