THE cybersecurity skills gap continues to put a strain on IT and security teams across the globe. While the gap has decreased from 4 million to 3.1 million since last year, the 2020 (ISC)² Cybersecurity Workforce Study found that more than half (56 percent) of IT and security professionals feel that cybersecurity staff shortages are putting their organizations at risk. There are several reasons why this gap exists, including the difficulty to attract diverse talent into the field of cybersecurity.
In North America, women make up only 14 percent of the cybersecurity workforce, the highest regional concentration in the world. Black and Hispanic individuals only make up 9 percent and 7 percent of STEM workers, respectively. There is room for growth in the cybersecurity field to attract individuals who do not have the traditional IT backgrounds and traditional career pathway that an organization typically looks for.
The road to cybersecurity can be winding
When searching for jobs, most individuals seek roles they feel they are fully qualified for, whether that qualification comes from education or past experience. Cybersecurity-related jobs are no exception, as it is often assumed that one must have a strong background in IT even to be considered a prospective candidate. While this can be true within some roles and organizations, it is certainly not the case across the entire industry. With the cybersecurity skills gap continually looming, many organizations are inundated with unfilled positions — presenting an excellent opportunity for women and minorities to enter the field.
In today’s world, nothing about cybersecurity is cut and dry, including the pathway to becoming a professional in this industry. Whether an individual studied computer science or social sciences, women and minorities can bring immense value to security teams by offering differing perspectives and backgrounds. Research has shown that more heterogeneous teams are higher performing than their homogenous counterparts. Diversity spanning different educational and professional backgrounds can bring forth differing opinions that can help teams piece together complex puzzles constructed by cybercriminals.
As with anything, having a fresh set of eyes on a problem can be critical to finding a solution. Organizations must expand their talent searches to consider not only individuals with the traditional IT background but also individuals who are willing to learn and grow.
Helping non-traditional candidates expand their skill sets
In the past, IT recruiters may have instantly disregarded candidates who did not fit the traditional mold of a cybersecurity professional. Considering how quickly this field is changing, this can no longer be the case. By widening their searches, organizations can expand their talent pools and play an active role in bridging the skills gap.
To help individuals reach their full potential, organizations must provide appropriate resources and candidates must be willing to take advantage of this opportunity.
In addition to universities that offer cybersecurity curriculums, there are also several community organizations that recognize the value of diversity in the industry, providing access to content and programs designed to address the talent shortage. ICMCP and WiCyS, for example, partner with private organizations to create access to different types of training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity. The overall goal for these community organizations is to not only help individuals kickstart their careers, but also advance into leadership roles. Through this prioritization of public and private partnerships, community organizations such as these can help drive the representation of women and minorities within cybersecurity.
Once an individual has been hired, there is still work to do. Individuals can continue to grow their technical and non-technical skill sets within their organizations through training and certification programs, like those offered by Fortinet and Security Innovation. The dynamic nature of this industry means that there are always new things to learn in order to keep networks secure. Even those who have been in the industry for decades can benefit from educating themselves about the latest best practices and network security concepts. By embracing opportunities for training, women and minorities who may have traditionally been passed over for certain roles — or may not have even thought to apply for these roles — can continue to grow and demonstrate their value to organizations.
Diversity is the key to bridging the cybersecurity skills gap
The cybersecurity skills gap may be shrinking, but it is not expected to go away anytime soon. To address this issue in full, the industry must work to reach communities that fall outside of the typical stereotype of a cybersecurity professional, including women and minorities. This starts with partnering with community organizations that create access to resources that support diverse candidates as they enter into the field of cybersecurity. From there, organizations must continue promoting opportunities for growth through training and certification programs that help their employees not only get up to speed but also evolve in their roles. While there is still plenty of work to be done in regard to helping women and minorities feel supported in the cybersecurity industry, it appears that we are on the pathway to change.