While the increased number of cyberattacks around the world is bad news for everyone, it does highlight a desperate need and demand for a knowledgeable and skilled cybersecurity workforce. In a nutshell, there has never been a better time to consider a career in the cybersecurity industry. As part of National Cybersecurity Awareness Month (NCSAM) and European Cybersecurity Month, ESET is shining a light on what the industry can do to encourage people from all walks of life to consider a career in the industry.
As more of our personal information is stored online, it becomes increasingly important to step up security. In general terms a cybersecurity professional’s role is to protect online data and processes from being compromised. Careers in the industry are both complex and diverse; whether that is working for a cybersecurity company or in-house at banks, retailers and government organizations. Responsibilities range from safeguarding an Organization’s files and network, to installing firewalls, creating security plans and monitoring activity, as well as identifying problems and solutions should a breach occur.
However, the industry is currently facing a major skills gap. Recent research has shown that 51% of IT and cybersecurity professionals across all industries in North America and Western Europe claim their Organization had a problematic shortage of cybersecurity skills. What is most alarming is the steady deterioration in amount of labor with the needed skills, with only 23% of industry professionals making these claims in 2014. The urgency to fill this gap appears to be overwhelming, with the eighth Global Information Security Workforce Study (GISWS) estimating that we will have 1.8 million unfilled cybersecurity jobs globally by 2022.
With cybersecurity careers proving to be a growing segment of the global workforce’s needs, a great opportunity lies ahead for students choosing their future career. Positively, there are a multitude of programs and events that now focus on encouraging young people to seek a career in the industry. For example, in the UK a new course has launched called The CyberFirst Adventurers, put together by GCHQ’s National Cyber Security Centre (NCSC). The hands-on day course teaches 11 to 14-year-olds about code cracking, web app development and digital forensics.
What’s more, there has been a particular focus on encouraging young women to consider the industry. ESET has begun its Women in Cyber Security Scholarship to encourage and empower women to pursue careers in the sector, with the first scholarship winner having been recently announced. We have also seen the Girl Scouts make cybersecurity part of their programs by introducing five badges that can be earned for cybersecurity topics like online privacy and safety; all part of their promise to foster scientific and computer know-how across the Scouts' age groups. And there are other organizations being created with this specific purpose in mind and more following suit; such as Cool Careers in Cybersecurity for Girls which helps educate and inspire young women through programs and conferences.
With the urgent need for skills, there are also opportunities for adults who are looking for a new career. The industry must now think about how to best encourage people to join the field on a more short-term scale. Recently, a company launched with the initiative of training ex-servicemen and women in cyberskills; TechVets is a non-profit that addresses the skills gap with schemes that provide free cybersecurity training to both departing members of the armed forces and veterans. And the desire for diversity doesn’t end with children, there are also many companies introducing initiatives to encourage women in cybersecurity, such as Deloitte’s Women in Cyber initiative which now extends to all EMEA regions.
Furthermore, and as discussed by ESET Security Researcher Lysa Myers, some people find that traditional four-year degrees are often mismatched to the specific needs of working in cybersecurity. Given how quickly security tech changes, job-related training is instrumental in order to prepare professionals for the future in the sector. Businesses therefore have an opportunity to devise trainings and upskill their staff to further fill the shortage. To accomplish this shift from knowledge-based learning to skills-based training, more organizations need to invest in their workforce. This type of training can be more expensive for organizations, but the outcome is exactly what companies are seeking—experienced cybersecurity pros.
Creating and maintaining a highly qualified workforce will require a rigorous and multifaceted approach. No single sector of society can respond adequately in isolation from others. Collaboration within and across different levels of government, and among government, educational institutions and businesses, is needed to strengthen career pathways for students and job seekers. Likewise, no single area of study should be used to supply cyber security workers; pulling from multiple areas will help to address the shortage of skilled professionals more urgently.