Who will protect us from cybercriminals?
The number of open cybersecurity jobs is projected to grow tenfold over the next three years, and the industry can’t keep up when training new workers. The cybersecurity skills gap is real, and it’s putting everyone’s information at risk.
(page 1 of 2)
We often hear about the skills gaps and body gaps a number of industries — perhaps most notably manufacturing and the trades — are currently experiencing. However, there’s another industry currently experiencing a skills gap that projects to widen exponentially over the next several years, which could drastically impact just about every business.
That sector? Cybersecurity.
According to CyberSeek, there are more than 300,000 current cybersecurity job openings nationwide, and Wisconsin and the Greater Madison area are not immune to this talent gap, notes Jack Koziol, CEO and founder of InfoSec Institute, a Madison-based firm that offers information security training.
“The same data shows more than 2,800-plus open cybersecurity positions in Wisconsin alone and 780-plus openings right in our Greater Madison backyard,” says Koziol.
The growth in information security professions will remain exceptionally strong as the skills gap continues to widen over the next three years. A recent report from Cybersecurity Ventures predicts a staggering 3.5 million open cybersecurity positions by 2021.
“I see the growing career potential in this field manifesting itself in Wisconsin and Madison, too,” Koziol says. “Luckily, for those exploring information security careers, the demand for qualified professionals will command higher than average salaries — often double the national average for other industries. This skills gap is a great opportunity career-wise, but it’s also poses a huge security risk that everyone should be concerned about.”
So, why aren’t young people scrambling to fill these open positions in a growing, lucraive field? There are a few reasons, according to Koziol.
“Simply put, it’s a lack of awareness keeping many young professionals and millenials from exploring cybersecurity as a career path,” Koziol explains. “This starts as early as middle and high school. Although we’ve seen a strong recent push in STEM coursework and career education at this level, much of the technology focus in STEM still centers on more traditional IT or development paths. Cybersecurity as a distinct technology career choice does not receive the same level of lip service.”
The same holds true at the post-secondary level, Koziol notes. Here, however, he sees awareness as more of a perception issue. That is, a misperception of the type of skills needed to enter the field. “Many young adults believe a degree or background in computer science or information systems is requisite to a cybersecurity career. While technical aptitude is valuable, many cybersecurity skills can be learned on the job or through apprenticeship or mentoring programs. In fact, cybersecurity acumen comes from a healthy balance of technical and soft skills.
“Similarly, the cybersecurity field is best served by a diverse workforce bringing different backgrounds and experiences to the table,” Koziol adds. “Breaking gender, racial, and age misperceptions of the cybersecurity profession is key to attracting new talent.”
Fortunately, several organizations and institutions are striving to address both the awareness and perception challenges. One of these organizations is NICE, the National Initiative for Cybersecurity Education, which hosts the annual National Cybersecurity Career Awareness Week every November. Efforts like that are just the beginning though.
The skills gap is a combination of several factors, says Koziol. There’s a significant population of cyber professionals who will retire in the next decade, but the gap extends well beyond simply filling the void left by retirees.
“The rate at which cyber threats are proliferating and evolving requires the entire workforce to continually evolve and augment their skills,” states Koziol. “Ongoing training and additional resources are required to keep pace with today’s and tomorrow’s threats. Numerous colleges and universities offer degree and certification programs to prepare young people with the necessary practical skills. However, the expectation of lifelong learning, continued skill-development, and post-college certification opportunities must also be set to ensure long-term workforce retention.”
Koziol says the first step in encouraging young adults to enter the field is to start building awareness in middle and high school. This can be done through existing STEM coursework, after-school programs, or dual-enrollment opportunities with colleges and universities. Awareness building and perception changing is also needed among college graduates. Interestingly, according to (ISC)2, 87% of cybersecurity professionals started in another non-IT career, making it lucrative for someone interested in making a change.
Along the same lines, building awareness and changing recruitment initiatives among underrepresented groups like women, people of color, and veterans will open untapped pools of future cybersecurity professionals, says Koziol. “The stigma that security practitioners are white men in hoodies is real, and it’s perpetuated by the media. Statistics vary by reports, but about 75% of cybersecurity workforce are Caucasian, and just 11% of security practitioners are women. Educational institutions, hiring companies, and leading cybersecurity organizations all play a role in changing this disparity.”