With so many cybersecurity openings, some are making it seem simple to get into the cybersecurity field. Despite the supply and demand gap that is projected to continue to widen, false marketing will not fix the issue.
“What we’re doing is lying to people getting out of the military to say that if you get, say, a Security+ certification, then you’ll be a security expert,” Alan Paller, founder of the SANS Institute, told Wired Workplace Then they get a job and don’t know how to do anything. It’s a lie they’re being told, and it’s damaging.”
WITHOUT A PLAN, attrition IS LIKELY
Without a clear entrance and path, the supply and demand issues remain problematic; and employees, employers, and job seekers become frustrated. We do not want potential cybersecurity professionals to become frustrated – so frustrated they consider other career options in the IT industry.
Hord Tipton, executive director of (ISC)2 said, “I like to compare the security space to a symphony orchestra. You have all kinds of different instruments in that orchestra, some of them more difficult than others, but you have a variety – bassoons, trumpets, saxophones and violins … and there’s a chair for everybody in the scene. The third chair can’t sit in the first chair. Employers do everyone a disservice and risk the enterprise if they put the person they employ in the wrong chair.”
It’s a good idea to recruit cyber talent straight out of college or the military. But if you plan to hire entry-level cleared talent, make sure you have a program in place to develop them into the experts your company truly needs.
GAMEPLAN FOR ENTRY-LEVEL CYBERSECURITY PROFESSIONALS
Colleges either cannot or are not providing the right skills for cybersecurity professions, so it is up to employers to tell cybersecurity professionals how to get into the field and how to grow. No one wants to waste time with adding unnecessary skills and qualifications to resumes. Plus, it is discouraging to wrongly think that a certification will make it possible to get a cybersecurity job – along with the alleged high pay.
Tipton and Paller recommend a three-step career path for entry-level cybersecurity professionals:
- Learning foundations of technology stage
- Continuous training and skills development stage
- Qualification steps to advanced positions stage
Recruiters may feel like it is a race to fill open cybersecurity positions. Perhaps the best way to attract entry-level talent is to demonstrate how they can progress through a three-step career path within their company. Focusing on continuous training and the steps necessary to advance may help you both attract and retain emerging cybersecurity talent.