The growing cybersecurity talent gap is projected to reach a staggering 3.5 million-person shortfall by 2025.
I can scarcely think of a self-identifying thought leader in this industry that hasn’t proclaimed that this is a pressing issue. Yet, not much is being done about it. The tenured cybersecurity workforce seems to have little concern for cultivating the next generation to fill this chasm. Instead, this generation pulled the ladder up after gaining stature.
The subsequent generations inherited the issues that came from the attitude of “I got mine, you go figure it out for yourself.” This creates impossible standards for entry-level positions, exorbitant training costs, and a firmly held belief that the next generation should be put through the same cycle of unfair treatment that the previous ones had to endure.
But this doesn’t make the digital world more secure. Cybersecurity isn’t just about plugging holes in outdated software; it’s about building a robust defense system through humans. The field desperately needs more cybersecurity professionals. Gatekeeping will not solve this problem, nor will things get much better until that is resolved.
Dismantling Industry Gatekeeping
Chris Henderson
Cybersecurity can feel like an exclusive club. The gates of the cybersecurity industry are well-kept. That said, high standards are fine as long as they are not unrealistic for those who seek to break into the field.
We can bridge the divide by investing in education and training programs, making cybersecurity careers accessible to a more diverse talent pool, casting a wider net beyond technical skills, and fostering a culture of continuous learning within existing workforces. We need to lift the next generation.
Challenging Traditional Cybersecurity Practices
The industry needs professionals who can operate systems as well as analyze them deeply and understand how the fundamental components work together. This comprehensive knowledge empowers them to adapt to new threats and technologies.
This worldview can be taught, but the industry has failed the next generation by gatekeeping the training that could develop them into capable professionals.
Even in the cases where training is affordable, is may not be so across international borders where exchange rates may not favor other countries. How many people has the industry lost out on because of cost-prohibitive nature that was never made available to those without American money?
Fortunately, new organizations are emerging as disruptors in the training market, offering high-quality cyber training at significantly lower prices. This is a boon at home and for the international market.
Why Representation Matters
High costs are not the only challenge in the cybersecurity field. It also suffers from a lack of diversity in its talent pool.
Cybersecurity largely resembles the demographic composition of the broader technology industry. The stats are abysmal on representation across different ethnicities, cultures, socio-economic status, and gender identity.
If we ignore the lack of diversity and don’t factor it into the equation of our problems, we turn our backs on those who did not have advantages from the start.
Affordable, accessible training is only part of the solution here. Engaging with underrepresented communities to bring them into the fold is one way of shoring up our workforce. Supporting and sponsoring organizations that promote underrepresented groups — like Women in Cybersecurity and Black Girls Hack — ensures that people from all walks of life get the shot at developing into capable practitioners.
Technical diversity plays a role as well. We need to move beyond the narrow perception of cybersecurity as solely the domain of ethical hackers and penetration testers. Gatekeeping also extends to the fallacy that technical skills stop at the edge of the keyboard. Let’s evolve from that school of thought and make room for everyone.
Look for Advocates
To the newer generation and those trying to break into the field, it won’t be easy. For many of you, it won’t even be fair.
But don’t lose hope. We need you now more than ever. Seek out people with tenure in this industry who are willing to help. Follow your sparks of passion and curiosity, and never stop asking questions. Crash the gates.
To the prior generations, lead us, follow us, or get out of the way.
Chris Henderson runs threat operations and internal security at Huntress. He has been securing MSPs and their clients for more than 10 years through various roles in software quality assurance, business intelligence, and information security.
Image: iStock
