In the world of cybersecurity, innovation often comes from unexpected sources. As organizations grapple with the need for more innovative and adaptable experts, a new breed of cybersecurity professional is emerging, individuals whose backgrounds are far from the traditional norms. From the technical prowess of former roadies and sound engineers to the artistic minds of gamers, it has become evident that the most valuable cybersecurity talent comes from unexpected places.
Finding Talent in Unconventional Backgrounds and Experiences
Within artistic types, including advanced gamers, we find problem solvers that are easily adaptable to today's challenges. Former roadies and sound engineers, with their unique perspectives and skill sets, are now paving their way to becoming invaluable contributors to the cybersecurity industry.
In the previous generation of cybersecurity professionals, who entered the industry eight to 10 years ago, talented roadies and sound engineers were well-represented. These individuals had learned the necessary skills to transform from analog to digital audio and to manage all the infrastructure required for studio and live stage events. Their experiences in dismantling and understanding complex systems translated well into the cybersecurity field. If you think creating a timely attack against a client is a pressure-filled challenge, try switching out a guitar at a major concert and making sure the musician can be heard in the farthest back rows night after night, among upward of 15,000 fans.
To discover talent in the current generation of candidates, networking within the gaming community has been fruitful, as well as engaging, with academic programs such as CyberPatriot at the high school level and the Collegiate Cyber Defense Competition at the college level. Taking a more unconventional approach, networking with content creators has also yielded positive results. Just as photographers and videographers develop trendsetting lighting techniques, security researchers are presented with products from which to break and extract information.
The Gaming Community as a Talent Pool
Individuals with artistic backgrounds often possess a mindset and skill sets that are valuable qualities in penetration testers. Their natural inclination to question and understand how things work enables them to gain unauthorized access by dismantling systems. Among the current generation, gamers demonstrate these qualities and are highly inquisitive.
Gamers, both in traditional and e-gaming realms, possess essential traits for excelling in security research. Their inquisitive mindset and attention to detail seamlessly translate to the challenges of cybersecurity, making these individuals valuable resources for organizations seeking skilled penetration testers and security researchers.
In the current landscape, staffing an organization with talent around the clock is a major challenge because security is a 7/24/365 job. While we can have traditional professionals for the 9-to-5 environment, we still require around-the-clock coverage. Many gamers adapt well to odd shift hours, and they tend to be selective and problem-solving oriented, drawing from the gamer culture. They enjoy puzzles and have an engineering or project-oriented mindset, often identifying themselves as "makers."
For offensive security penetration testers and security researchers, our priority is problem-solving abilities. We have observed that gamers, both in traditional and e-gaming realms, possess the necessary attention to detail and other skills to excel in security research.
Diversity in Talent
The cybersecurity talent pool is eclectic, attracting individuals with military and law enforcement backgrounds, as well as those who thrive in a traditional work environment and possess strong problem-solving skills. To foster innovation and capability in cybersecurity, we need to embrace diversity and explore unconventional recruitment channels.
Statistics show that there is a need for more attention to science, technology, engineering, and math (STEM)/science, technology, engineering, arts, and math (STEAM) school programs to encourage interest and inclusion in science and tech-related fields in general. Additionally, the prevailing culture in the US that requires candidates to have advanced degrees from college is not entirely accurate. Many collegiate programs are outdated and do not align with current employer job requirements. Therefore, individuals should consider their career goals carefully and decide whether pursuing management roles in the next five to 10 years is part of their plan. If so, employers are often willing to provide training and support for those aspirations.
Another fact is that the field of cybersecurity remains male-dominated, with women making up only about 25% of the industry. Efforts should be made to create opportunities and attract women to enter this field. In 2020, there were approximately 6.65 million male students enrolled in degree-granting postsecondary institutions as undergraduate students, while the number of female undergraduate students was 9.2 million.
Projections for 2030 suggest an increase to 7.39 million male students and 9.76 million female students. To encourage greater female representation in cybersecurity, employers should provide mentorship, support, and opportunities for women to pursue education and careers in this field.
By addressing these challenges and embracing unconventional backgrounds, the industry can work toward achieving a more balanced and diverse workforce.