Widely reported shortages of trained cybersecurity professionals are driving the industry to try to come up with some with creative recruiting and training solutions. But it's complicated.
At the very same time, automation is increasingly performing the tedious entry-level tasks that early-career threat hunters once built their chops working on, making it harder to gain early experience.
The result is demand for job openings requiring some previous cybersecurity experience over the past year grew 2.4 times faster than the rate of the rest of the economy, while only 65 cybersecurity professionals are in the workforce for every 100 available jobs, according to newly released research from CyberSeek and partners National Initiative for Cybersecurity Education at NIST, Lightcast, and ComTIA. Overall there were some 769,736 cybersecurity job openings listed over the 12-month period ending in September of this year.
"The CyberSeek data reaffirms the critical importance of feeder roles and thinking more creatively about on-ramps and career pathways," Ron Culler, vice president cyber learning officer, CompTIA said about the cybersecurity employee recruitment study findings. "We see this trend continuing and are committed to ensuring that cybersecurity professionals are prepared for the current and future challenges this will bring."
Besides staffing up the security operations, employers are increasingly searching for potential hires with cybersecurity skill sets across other specialized areas of business including auditor, software developer, cloud architect, and tech support engineer, CyberSeek found.
Cybersecurity Experience Expectations Unrealistic
In many cases, those demands for cybersecurity experience are unnecessary, Timothy Morris, chief security adviser with Tanium, tells Dark Reading.
"Degrees are not required for most cybersecurity jobs," Morris explains. "Provide on-the-job training with tuition assistance for degrees. Building great, world-class cybersecurity teams requires a skill diversity. I've had success with folks that have varied backgrounds (teachers, retailers, mechanics) seeking a new career."
Instead, Morris suggests employers search out job seekers with curiosity and a passion for solving problems.
Phil Neray, vice president of cyber-defense strategy at CardinalOps, agrees and suggests hiring managers looking for cybersecurity talent consider applicants with past job experience in crime and fraud investigations, history and foreign policy, data science, IT networking, and music.
"Hiring in a tough labor market requires a certain level of open-mindedness and intellectual humility on the part of the hiring manager," Neray tells Dark Reading. "There are lots of people with nontraditional backgrounds who can become excellent cybersecurity professionals because they exhibit key traits like a willingness to learn, an analytical 'hacker mindset' when discovering the unknown, creativity, and attention to detail."