The cybersecurity industry no longer has an image problem, but many things are still stopping individuals from considering a career in cybersecurity: a high cost of entry (the need for more education /certification / technical knowledge / training), the inability to code and the perception of the field as too intimidating.
In addition to this, many don’t have a clear, realistic view of the profession and are confused by its breadth and sprawl.
Cybersecurity career: A look from the outside
(ISC)² has recently asked 2,500 people across the US and the UK who don’t currently work in cybersecurity roles and have never worked in the field about how they view cybersecurity workers, whether they would consider entering the field, and what’s stopping them from doing it.
The good news is that 71% of participants said that they view cybersecurity professionals as smart, technically skilled individuals, 51% view them as “good guys fighting cybercrime,” and 35% said cybersecurity professionals “keep us safe, like police and firefighters.”
The bad news is that even though most view cybersecurity as a good career path, they don’t think it’s the right path for them. In fact, only 8% of respondents have considered working in the field at some point.
“One of the most unexpected findings in the study is that respondents from the youngest generation of workers – Generation Z (Zoomers), which consist of those up to age 24 – have a less positive perception of cybersecurity professionals than any other generation surveyed. This issue in particular merits close attention by the cybersecurity industry at a time when employers are struggling to overcome the talent gap,” (ISC)² noted.
The analysts posited that Generation Z’s perceptions of the cybersecurity field are shaped negatively by social media exposure, as social media platforms “tend to focus on the negative – arguments and venting.”
The survey revealed that respondents view the profession as having a high cost of entry: 61% said they believe they would need more education or would need to earn a certification before getting a cybersecurity job, and 32% believe it would require too much technical knowledge or training.
37% of the female and 17% of the male respondents said that they found the profession intimidating, and a higher number of women are more discouraged than men by a perceived lack of diversity in the field (13% to 7%).
The respondents don’t have a clear idea about what they can expect from the field, and the school curriculum of 77% of the respondents never included cybersecurity.
“Even when cybersecurity education is available, it tends to come much later in the educational path when many students may have already determined another area of focus,” (ISC)² pointed out.
One of the biggest deterrents to entering the field is the distorted perception that, to work in it, you have to have highly specialized, technical skills.
“When survey participants were simply asked about the first thing that came to mind when they thought of the term cybersecurity, their responses included sentiments like, ‘smart computer skills that I don’t have’ and ‘I’m not qualified to apply for the jobs’,” the non-profit shared.
“In reality, many cybersecurity teams are searching for a wider pool of skillsets to complement their technical staff, including those individuals who possess legal, risk, compliance or communications knowledge, among other areas.”
Making cybersecurity more accessible
Correcting the perceptions about the cybersecurity field should be a broad goal for the industry. Emphasis should be placed on the many positive cybersecurity career attributes and a better educational foundation should be introduced.
“Co-develop cybersecurity programs with school districts and higher learning institutions to awaken earlier interest in the field. Creating a stronger pipeline of candidates who understand the realities and the benefits of a cybersecurity career will help to reduce the global talent gap,” (ISC)² advised to hiring managers and organizations.
More immediately, they should:
- Increase the focus on the non-technical aspects of certain positions in job descriptions, such in order to get a larger pool of candidates to consider
- Develop recruitment strategies that focus on outreach to individuals with complementary experience (e.g., in communications, law enforcement, data flow, process development and controls, regulatory compliance, etc.) and consider recruiting employees in different departments that are looking to enter the field.