The cybersecurity industry, in some ways, finds itself in full-on crisis mode.
It has several problems on its hands that will become more intense – and potentially intractable — during the next several years.
One massive problem: There are far more cybersecurity job openings than there are “qualified” people to fill them. And these numbers will probably grow rapidly over the next several years.
Check out these arresting numbers. According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from 1 million positions in 2014. The United States has a total cybersecurity workforce of 715,000 employees with 314,000 unfilled positions, according to CyberSeek.
Number of cybercriminals and crimes increasing
The problems don’t end there. The number of people committing cybercrimes grows constantly. The different ways they commit crimes continue to proliferate.
Companies and employers struggle to figure out how to cope with these problems, especially how to stay ahead of cybercriminals running at high speeds day and night across the world.
As tough a situation as this is, companies and individuals can take action to overcome these hurdles, and it starts within the hiring arena.
The rest of this blog provides insights and recommendations for how employees and employers can take steps to accelerate and simplify the hiring of qualified cybersecurity professionals.
Recommendations for Career Professionals
Focus on the right certifications
Professionals don’t know what types of education they should pursue to learn the skills needed to land a corporate or government cybersecurity position.
You may want to assess the time and money needed to get a bachelor’s or master’s degree in cybersecurity, which could cost anywhere from $25,000 – 50,000+ to obtain.
Few such programs are even offered. And those that are probably won’t arm you with the skills needed in a private or public sector cybersecurity role.
A better investment could be in specific cybersecurity programs that give you the skills you need for these positions. The Certified Information Systems Security Professional, an information security certification, is on every job description. But but it has several requirements attached and focuses on professionals seeking roles in management.
A few good certification programs to consider, which are reasonably priced in the $300-$700 range each, include:
- Cisco Certified Network Associate (CCNA) Security – this teaches you about network security infrastructure, threats and vulnerabilities, and threat mitigation;
- CompTIA Security – a broad cybersecurity training program; imparts core knowledge that provides a springboard to intermediate-level cybersecurity jobs;
- Systems Security Certified Professional (SSCP) – a solid “next step” after the Sec+ covering hands-on network security, systems administration, and security engineering; and
- Computer Hacking Forensic Investigator (CHFI) – teaches techniques to detect “hack attacks,” the proper way to obtain evidence, and preventing future attacks through analysis
Focus on specific skills, especially web applications and cloud
If you want to increase your chances of finding a cybersecurity job, go learn about cloud technologies and web application security. Candidates who know security and have a strong knowledge of web app vulnerabilities will typically have a leg up as these types of attacks are the leading culprit behind data breaches.
As for the cloud, so many companies are moving into it without a ton of expertise behind their decision making.
Other key skills to develop include writing software code and possessing deep technical expertise in a specific area of cybersecurity such as incident handling and response.
Three of the most sought-after roles include “eyes on the screen” SOC Analysts, Penetration Testers (systems/networks and web app), and Digital Forensics professionals who can analyze information across many types of devices.
Recommendations for Employers
Don’t pay a higher salary but not train
We often see roles that have been open for six-to-twelve months as companies target their unicorn. In that amount of time, many companies could have found someone for half the salary and invested in them to get specific skills, training, and certifications curtailed to their environment.
Those employees would likely be more inclined to be loyal to the employer if offered this opportunity and investment in their professional development.
Providing this training to a candidate could turn out to be smarter than paying them a higher salary but not offering the training.
Allocate training time for employees
The demand is high and the amount of work needing to get done piles up. Security employees become so busy that they have little time to sharpen their skills, pursue certifications, or stay abreast of the latest market trends outside of work.
As tough of a balancing act as it may be, employers must build in time for employees to stay current and take relevant and timely cybersecurity training. Creating this flexibility absolutely pays off more times than not.
Hire from more diverse backgrounds
This can mean several things. Teams with people from various walks of life, prior professions, education and trainings, and skillsets often thrive as they blend various perspectives and areas of expertise.
The field evolves so fast. Technologies are becoming more cutting-edge. Attack methods are growing in creativity every day. Having a dynamic set of minds on a team can improve the chances of uncovering out-of-the-ordinary tactics and techniques while also exposing each team members to a broader set of capabilities.
Companies that recognize they may not find the “perfect candidate” but are smart enough to recognize talent and upside will flourish. Good enough needs to be good enough.
Invest in middle schools and high schools
We have heard of some companies and universities spending time educating middle and high schoolers on the importance of cybersecurity, as well as some of the career options they will have when entering the workforce. This is fantastic as many of the jobs are quite appealing to today’s youth. They can begin developing their skills now.
Companies should offer cybersecurity training courses and classes to these students to get them more engaged and knowledgeable. This will also help close the cybersecurity skills gap in the coming years.