COO at Orpheus Cyber, Cyber Security Awards and American Cyber Awards Judge, Industry Speaker.
getty
Two years ago, I wrote about how individuals could jump-start their career in cybersecurity, an industry notorious for its skills gap. Back then, according to Cybersecurity Ventures, there would 3.5 million unfilled cybersecurity roles by 2021. Now that we're here, that number came pretty close, with (ISC)2 claiming 3.1 million unfilled roles last year.
Despite these numbers found in credible research, I hear all the time about individuals who are struggling to break into the industry. There are people with training and passion for the industry who can’t find jobs. And many in the industry doubt there is a skills gap at all, instead of blaming organizations who have unrealistic expectations for their unfilled vacancies. So what is the truth? And what can we do about it?
I spent over 10 years leading a cybersecurity recruitment business across the U.S. and Europe and have seen that a skills gap absolutely exists. Sometimes, but not as often as social media would suggest, this is a result of unrealistic job requirements. Organizations with mature cybersecurity programs do not make these mistakes and the skills gap cannot be pinned entirely on organizations with unrealistic hiring expectations. These companies have strong training and recruitment programs that allow them to hire great people.
Companies that do post unrealistic roles often have a low budget for cyber, and a current team that is small or non-existent. They may not be able to pay market-leading salaries, and their HR teams won’t have a lot of experience recruiting in the industry.
These companies can make some quick changes to help improve their circumstances:
1. Make it clear what areas of the job description you can flex on, broadening the range of people who can apply.
2. Consider investing in training so you can develop someone into an open role. This can also help with retention and save you from having a vacancy open for months.
3. Utilize the great networks that exist in cybersecurity. The community wants to help each other find great roles and prospects often pass them on to each other.
Individuals who are looking to enter the industry may be finding it difficult, especially at the moment. It is worth keeping in mind that the first job is hard to get, but subsequent ones will be easier. Pivoting into a new role might also be a challenge and it is hard to move across disciplines. There are three key things to keep in mind:
1. Network, network, network. If you only do one thing, do this. Plenty of jobs in cybersecurity don’t get advertised. There are lots of reasons why, but having someone recommend you for a role is never a bad thing. Cybersecurity really is a community and the majority of people want to help each other. In-person events are easier, but even making connections over social media has huge value for your career.
2. Most cybersecurity jobs are not entry-level. Right or wrong, you will need to have some understanding of how IT works. Taking a role in a different area of IT to get that experience is going to help you move into cyber. It’s also going to help you be successful in cyber. This is also a consideration for those looking for a move to a different role. You might need to get some extra experience or qualifications to be able to move.
3. Consider what qualifications are worth investing in. Some are worth the cost, but plenty are expensive and don’t provide the return in job prospects you would hope for. Be selective according to your circumstances. What you can do instead is use the free resources the industry offers. Take part in capture the flag events, go to conferences, listen to podcasts, watch live streams, start a blog, start your own lab (OK, that one might not be totally free). All of these things increase your knowledge, demonstrate your interest in the industry and allow you to make new connections.
The industry does need to make it easier for people to enter or pivot their career into cyber. There are lots of good companies and organizations working on initiatives for this. We won’t fill the skills gap without attracting more people, and a skills gap isn’t always good news. While it does mean unemployment is low and salaries are high, unfilled vacancies put existing teams under pressure. Cybersecurity is an already stressful job and organizations need to consider their employees' well-being. Solving this problem may improve that as well as your hiring issues.
Forbes Human Resources Council is an invitation-only organization for HR executives across all industries. Do I qualify?
