The cybersecurity talent shortage is a frequently talked about. Even with the attention, the future still holds more job openings than qualified employees available to fill them. According to (ISC)2, the talent shortage is expected to reach 1.8 million unfilled roles by 2020. This is fueled by recruiting requirements looking for years of experience combined, complex technical skills and a multitude of certifications. With limited educational opportunities and exposure to cybersecurity, the lack of qualified job candidates will persist.
What’s the solution?
In an effort to better understand the problem we returned to the survey responses of 524 technology-savvy millennials and post-millennials in the US, conducted by Enterprise Strategy Group (ESG), to see if there were potential answers to the security skills shortage. Respondents clearly identified some of the challenges the security industry will face and must conquer, if there is any hope of turning the tide.
Interestingly, the results suggest that not only are millennials and post-millennials the key to solving the current and pending skill shortage, but young females show tendencies that make them well suited to become part of the solution.
The millennial opportunity
Looking at the responses, we find that younger generations understand and acknowledge that technology and computing are likely to play a significant role in their future careers, with 68 percent of respondents classifying themselves as either technology innovators (27 percent) or early adopters of technology (41 percent). Fortunately, the generations that grew up with iPhones and iPads may have a leg up on the older generations in acclimating to tomorrow’s job-related technology demands.
However, only four males and none of the females report that they are currently working in cybersecurity. Only nine percent of males and seven percent of females said that they are interested in the field, citing a general lack of awareness (39 percent) or fear of technical expertise (15 percent) as barriers.
This data suggests that if we begin to introduce more classes and make the cybersecurity profession more appealing to these younger generations, we could potentially capture this untapped market of technology-savvy men and women to close the skills gap and turn the table on cybercriminals of the future.
The challenge: Cybersecurity remains an unknown
While large companies, analysts and experienced cybersecurity professionals are aware of the talent gap, one of the biggest hurdles is that the people with the most opportunity to fill those roles—millennials and post-millennials—may have the least exposure to the field as a potential career opportunity.
In the survey, we found that only 17 percent of respondents said that someone in their family has ever worked in the cybersecurity field, and the vast majority (69 percent) have never taken a class in school that focused on cybersecurity.
This general lack of awareness and a shortage of learning opportunities is directly feeding the pending and future talent shortage. As a result, only nine percent of respondents initially indicated that cybersecurity is a career they are interested in pursuing at some point in their lives.
Interestingly, when asked why cybersecurity was not a career they were considering, the vast majority did not reject future careers in cybersecurity outright. Rather, they cited perceptions of education, certification and technical prowess required as the primary barriers to entry.
Machine learning, AI, and… Girl power?
For anyone that spent time at RSA Conference this year, it’s clear that machine learning and artificial intelligence have become the go-to buzzwords in the cybersecurity community. Interestingly just outside the conference, another theme was getting a lot of attention—the lack of diversity in the field. This led us to examine perhaps the single greatest available resource for filling the talent gap: female cybersecurity professionals of the near future.
By parsing the respondents by gender, we found indications that female millennials may present the industry’s best chance to effectively overcome the security talent gap. Despite the challenges of bias, evolving attitudes, activities and aspirations indicate not only the potential for a new wave of professional infosec recruits, but also for more female talent in the industry.
For example, females surveyed reported that they game online as frequently as male counterparts and suggested that they were early adopters of technology at the same levels that males reported. They also showed quicker and higher rates of adoption of some of the latest technologies, including virtual reality (and more likely to have tried it earlier than their male counterparts.
This tech adoption and familiarity would also seem to indicate a growing interest in tech-related courses for study and career options among women surveyed. Women were only slightly less likely to consider information technology professions as a most desirable career compared to men. Among computing and IT-related fields, there were two careers named that held male and female interests nearly equally: video game development and cybersecurity. In fact, female respondents indicated that they are significantly more likely than their males to find careers in cybersecurity exciting (57 percent female vs. 40 percent male).
Making a change
Although not a certainty, the younger generation seems to hold the right pieces for solving the cybersecurity talent gap. But, unless the industry takes a proactive stance in creating awareness and providing early learning opportunities, we’ll find ourselves in more trouble years down the road.
We can make a difference now, by choosing to support educational initiatives that introduce cybersecurity at an earlier age and helping to develop and implement actual cybersecurity curriculum for high school students. In doing so, we may just be planting the seeds needed to encouraging young people to choose cybersecurity as a viable and rewarding career.