I've yet to come across a company that has all the cybersecurity talent it wants. If you work in technology, you've probably heard someone talk about the "pipeline problem." As you progress deeper into the more niche and technical roles in technology, like cybersecurity, the need for qualified candidates rises to seemingly unachievable counts.
As we move into the digital age, how do we develop the next generation of problem solvers whose responsibility will be to keep the world safe from cyber threats?
Many of the cybersecurity professionals I've met share a curiosity about how things work and a willingness to test limits. We were the ones who annoyed our parents and teachers with incessant questions: "Why?" and "How?" "Why does y=mx+b?" "How does a plant grow?" And "Don't touch that" inevitably turns into "I wonder what would happen if I touched that?" So, how do we create an environment that fosters this type of thinking to address cybersecurity's pipeline problem?
The answer involves taking a deeper look into our education system and the underlying messages it conveys to our students. Students currently are evaluated against how well they can follow instructions. The students who excel in the classroom are often the ones who are great at following directions, who are eager to please and do what they're told. I was one of those students and, though I've found my way to a rewarding role in cybersecurity, I see opportunities for improvement.
Imagine an education system where we encourage students to break things in a constructive fashion. Break to know why and how. An education system where we're less concerned about the end result than about the student's ability to think outside the box and come to conclusions based on the information they've been provided.
These are the types of students who would thrive in cybersecurity. As penetration testers, they'll be able to think up less-obvious attack chains that expose companies to just as much risk as the more obvious ones. As security operations center analysts, they'll develop more accurate ways for identifying attacker behavior and cut down the time to initial detection. They'll have spent their lives nourishing their own creative problem-solving process and will be well equipped to find answers to the harder questions.
I had a math teacher in grade school who graded students on their ability to follow directions. We were asked to show our work on our assignments and would lose points if we didn't use the methodology he taught to arrive at the right answer, limiting us to learning what was taught and not how things worked.
Life isn't one-size-fits-all. We should celebrate a child's creativity when they come to the right answer, whether or not it's the way we would have done it. This encourages students to continue nurturing their curiosity and develops better thinkers. This is what the cyber pipeline is missing. Thinkers, not "smart people."
How can we create more thinkers?
Straight A's don't translate into the ability to solve problems creatively. We should place less importance on doing things the taught way and focus instead on teaching students to find their own way. We must encourage students to ask why things work the way they do, to deepen their mastery of the fundamentals so they can take creative risks with their understanding. To challenge the way things are done and push them to find a better way to do it. Let's teach them how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers. We'll have taught them the importance of curiosity in life, and our pipeline will be full of candidates ready to protect the world against coming cyber threats.Stephanie Aceves is Senior Director, Threat Response SME Lead, at Tanium. Prior to Tanium, she was a part of EY's Cyber Threat Management, both on the Incident Response and Attack & Penetration teams. Before leaving EY to work for Tanium, Stephanie led red team (ethical ... View Full Bio