I seem to see a new article weekly raising the alarm about the number of unfilled cybersecurity jobs. A 2015 report from (ISC)2 projects the shortfall to rise to 1.5 million worldwide by 2020. A recent Harvard Business Review article highlighted the gap in the number of skilled cybersecurity professionals and offered some insight into how we can bridge that gap through educational programs and by hiring non-traditional employees. My aim with this post is to start a dialogue on creative ways to attract fresh minds and new faces to the field.
First of all, what traits are most desired in a security professional? I would submit that a strong sense of curiosity is important. Those creating hacks and spreading malware are certainly curious about how much trouble they can cause so it stands to reason that those tasked with detecting intrusions should also be curious. The next question is are people born curious or can it be learned? The authors of a 2015 Fast Company article suggest that we are all born curious but many lose their sense of curiosity, and it can be regained through discipline.
It is also important to have a keen sense of patterns. I believe that everyone seeks out patterns in order to make sense of chaos but some have an innate sense of irregularities that others cannot see. As pointed out in the Harvard Business Review article, machine learning is augmenting that pattern searching and discovery but it will still take human intelligence to find security anomalies.
In order to train and retain more cybersecurity professionals we are going to have to change our thinking on where they come from. They don’t necessarily all come with a four year computer science degree in their pocket. Some do have that credential to be sure and they excel in the field, but we are going to have to cast a wider net in order to fill the gap. When I think of the traits of curiosity and pattern recognition I think of trained musicians. Is it possible that someone could be a security expert during the day and a musician at night or vice versa? Do we need to look closer at how we match up hobbies and vocations? Can the lines be blurred between the two?
Harvard offers an eight week introductory online course in cybersecurity through HarvardX. This is one of several online courses that allow a prospective professional to test the waters. This is a great way to match up potential security enthusiasts with information on the field. A graduate of this course may decide to go on and take advanced courses either online or at a nearby college training center. This will hopefully lead to certifications and a job offer in the field. As employers facing a skills shortage, it is important to be flexible in who we seek and how we view their academic and professional background. Perhaps expanded internships are in order for the right candidate.
These ideas can apply to other fields facing employee shortages but I think it is important to stay flexible on who we view as potential hires. If we continue to look at a narrow pool of candidates this gap is only going to grow. Let me know your thoughts.
Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.