As of last October, the global cybersecurity workforce shortage hit a record high of just under four million, despite the cybersecurity workforce actually growing by almost 10% – according to the “Cybersecurity Workforce Study” released by ISC2, the nonprofit member organization of cybersecurity professionals. There were at least 500,000 cyber job listings in the United States as of last August.
Several factors were cited in the study, including the economic uncertainty in the sector, adoption of artificial intelligence (AI), and a challenging threat landscape.
Degree Holding Some Back
However, another issue could be the barrier of entry – namely the need for a four-year degree. Earlier this month, newly named National Cyber Director Harry Coker suggested that the White House would seek to address that issue of educational requirements in contracting agreements.
“To secure our nation’s cyberspace, we need to make cyber jobs more available and attainable for groups that traditionally haven’t been recruited,” said Coker while speaking at the Community College of Baltimore County last week, Nextgov/FCW reported.
“We’re tackling how the federal government can hire cyber talent quickly, bring in diverse talent and remove barriers to working in cyber on federal contracts,” added Coker.
The Office of Personnel Management (OPM) is expected to introduce a legislative proposal that would “build equity” among federal agencies in terms of pay and more importantly hiring flexibilities for cyber talent. It could likely call for skills-based hiring with a focus on competencies, not credentials or experience.
However, there are still other issues that may need to be addressed.
“There is certainly demand for more cybersecurity professionals. Unfortunately one of the reasons for this is that many such jobs are not particularly stable,” suggested Dr. Jim Purtilo, associate professor of computer science at the University of Maryland.
“The big contractors churn employees as the contracts come and go, so the growth potential becomes limited,” Purtilo told ClearanceJobs. “And in small shops, the reward structure is based on what young employees do – to generate revenue as opposed to what they might prevent, as cyber defenders, which is to say, they are perceived as the least valued of members on a team. As a result, we don’t see cybersecurity-trained professionals move into corporate or agency leadership roles in quite the same proportion as those who came up through the ranks in other areas. To young people considering career options, other related areas must appear to be more attractive.”
Lower Barrier of Entry
Given the cost of higher education, and the fear of the debt that could come with it, many with interest in cybersecurity may not opt to go to college. That could leave them without the opportunities to work in the government sector.
“Harry Coker’s comments and the White House’s reported plans are spot on. Along with high demand for U.S. workers – reflected in continuing low unemployment numbers – there is a profound shortage of people with specific IT skills. Those include data center management and administrative staff, and specialists in areas, like cybersecurity,” explained technology industry analyst Charles King of Pund-IT.
“While there was a time when a Bachelor’s or Master’s degree in computer science was the key to unlocking IT jobs, generalist certificates are not necessary for all positions,” King told ClearnaceJobs. “That is especially true in areas where IT specialists are assisted by and supported with automated management tools and software.”
Along with supplying badly needed IT staff positions, such programs could further offer a step up for people hoping to better themselves and achieve their personal goals.
“It’s worth noting that many IT vendors, including IBM, have supported alternative tech education programs for many years. It is good to see government entities heading in the same direction,” King continued.
The Bigger Picture
As noted, there are other factors in why the cybersecurity sector continues to face a shortfall in workers. Removing a college degree requirement could help address some of the issues, but certainly not all.
“There are many tech jobs that don’t require a bachelor degree, but softening degree requirements in a work force that already suffers fast turnover seems counterproductive,” warned Dr. Purtilo.
“The pace of tech change in cybersecurity is already breathtakingly brisk, meaning effective workers must adapt quickly too,” he continued. “The professionals who have been most resilient and able to adapt have been those who are broadly prepared in programming, testing, human factors, applied psychology and much more.”
There is also the fact that those who advance to leadership roles need the serious soft skills so often discussed in higher education.
“All of these are the hallmarks of a good bachelor degree,” added Purtilo. “Someone with a two-year training program under their belt might be able to step in to offer short term value, but my fear is that these will be the workers least likely to be promoted and most likely to churn as the tech changes. And then we start the cycle all over again.”