A career in cybersecurity guarantees many things: Job stability, competitive compensation and room for growth, just to name a few. Cybersecurity professionals are drawn to the fact that they are part of something bigger, working to stop adversaries and protecting the good guys. Along with the pride that comes with a career in cybersecurity is the opportunity to learn about new technologies and solutions every day.
For these reasons, bright people have been flocking to cybersecurity for quite some time. But make no mistake, our industry isn’t immune to the perils of today’s unsteady job market and what’s been dubbed the Great Resignation.
Yes, the cybersecurity industry has experienced exceptional growth over the last two decades, but as with anything, rapid growth brings its own unique set of challenges. At the forefront of these growing pains is what is commonly referred to as the cybersecurity skills gap. As more vendors and solutions providers emerge, more job openings are left unfilled. Not only is there a fight for bright and savvy talent, but there has been a persistent lack of diversity in the talent pool. Without diversity as a core value in cybersecurity, many vendors won’t move the needle on their most important business objectives.
We Need People to Fight Cybercrime
The war for talent is especially concerning to cybersecurity professionals when we consider the number of understaffed security teams. These overburdened analysts don’t have the resources they need to combat the onslaught of increasingly sophisticated attacks we’ve seen in the last several months, like Log4j, Spring4Shell, Kaseya, SolarWinds and Colonial Pipeline, among others.
Not only have we seen a rise in the sheer number of threats, but the complexity of such attacks is increasing at an alarming rate. As the general public embraces a more intricate digital life, the way the security industry approaches protecting its assets is shifting.
For one, in the last decade, the challenge has shifted from protecting the perimeter to protecting identities and the resources they access. A dynamic digital environment with more devices, applications and endpoints means a dissolving perimeter that can be exploited more easily when protected by traditional solutions.
We are seeing more attacks originating from the use of legitimate credentials to breach an organization. In fact, 79% of organizations reported a breach in the last two years that could be traced back to a compromised identity.
If organizations are lacking a healthy, diverse team of security analysts, they risk falling behind in what can look like a choppy game of whack-a-mole. Without talent that can think critically and stay on their toes, organizations simply can’t compete with their adversaries.
Becoming Part of the Talent Solution
Recruiting the right cybersecurity talent while running a never-ending race against cybercriminals can feel like a ceaseless task, but we mustn’t get discouraged.
At a fundamental level, we can look at the other side of the coin and realize the opportunities that lie in front of us from a hiring perspective. We can take advantage of the fact that a lot of passionate people are out there seeking new, fulfilling career opportunities. Cybersecurity leaders can build and foster diverse cultures that are rooted in respect and strong core values that combat Great Resignation trends.
Additionally, fostering the next generation of cybersecurity talent will require a coordinated, industry-wide effort to educate and make cybersecurity careers accessible for everyone—at every age, race, gender, socioeconomic background and/or experience level. Organizations can help fund and support the next generation of security and identity professionals and contribute to a real, tangible solution. For starters, the IDSA is launching a crowdfunded scholarship for Identity Management Day this year that will be equally distributed among three nonprofits in this focus area.
Organizations should be reaching out and talking to students from all backgrounds at an early age about the benefits of a career in tech. Considering that 80% of students will have made up their mind about their perceived ability in math and science by 8th grade, it’s important to reach out to students when they’re young and get them excited about opportunities in the field.
Companies should also be expanding recruitment efforts to include candidates with less conventional educations—like those with GEDs or two-year college degrees—as they are equally qualified but often disadvantaged due to external circumstances. Organizations like Per Scholas and Fullstack Academy are advancing economic equality by providing skills training, professional development and career advancement opportunities for individuals that are traditionally underrepresented in the technology industry. Per Scholas, for example, is a national nonprofit that provides tuition-free technology training and professional development to unemployed or underemployed adults pursuing careers in technology. Fullstack Academy is an immersive software engineering coding bootcamp based in New York City that offers accessible on-campus and online training in web development and cybersecurity.
Getting to a solution calls on each of us to take real, actionable steps that eradicate bias and reach people that are motivated team players unafraid of a challenge (and, of course, want to stop the bad guys). That will require us to think creatively, make bold decisions and break conventional ways of thinking about recruiting and retaining people we trust.