Every day, we read about a new cyber threat facing our nation, whether it’s a data breach at a major corporation or a ransomware attack crippling a local hospital. With these risks rising exponentially, the demand for skilled cybersecurity professionals has never been greater. Yet, the pathway to these essential jobs remains laden with barriers for young professionals, especially those seeking entry-level positions.
The cybersecurity landscape is complex, with employers often demanding candidates possess a degree or a plethora of certifications. I’ve even seen some entry-level jobs request applicants to have certifications that require years of work experience to obtain. These expectations pose a daunting challenge for many who wish to enter the field. As the chief cybersecurity officer at Siemens USA, I have witnessed the passion and potential of numerous young individuals, keen to safeguard America’s digital frontier. However, the financial and time burden of pursuing advanced degrees or costly certifications often prevents these bright minds from accessing opportunities.
Let’s face it: Not everyone has the luxury to undertake a master’s program, spend thousands on certifications, or can afford to take an unpaid internship when starting their careers. This barrier has led to a paradoxical scenario where despite the surging demand for cybersecurity professionals, many entry-level positions remain unfilled. And we can’t rely solely on those who can afford an expensive education because we need a diversity of both perspective and lived experiences. Those interested in career changes can bring practical expertise to cybersecurity. In 2022, ISC2 reported that only 23% of C-level cybersecurity executives identified as being nonwhite, and that women are under-represented in advanced, nonmanagerial positions.
A New Approach to Identifying Cybersecurity Talent
But there is hope. By reimagining how we identify and nurture talent, we can bridge the gap and ensure America’s cyber defenses remain robust. From my own experience at Siemens I have learned that nurturing my colleagues own interest in cybersecurity has lead several of my colleagues and mentees down a path to pursue a career in cybersecurity. In the US, I started a cybersecurity mentorship program during my previous role with Siemens Healthineers. Anyone from anywhere in our company can identify as interested in cyber and we pair them with a mentor who is in a cybersecurity role, train and certify them, and then if they are interested, transition them to an available entry-level cyber role. Embracing a similar holistic approach to encourage people to enter cybersecurity can create security champions in all areas of a business and empower newcomers with the knowledge they need to thrive in their roles.
We also need to reconsider degree requirements as the sole indicator of job readiness. While education undoubtedly lays a foundation, the rapid evolution of cyber threats necessitates real-world experience, adaptability, and self-starters with a passion for life-long learning. We must re-evaluate our over-reliance on degree qualifications and start recognizing the value of diverse educational backgrounds and experiences. After all, some of the most effective cybersecurity professionals I’ve worked with hail from nontraditional backgrounds, bringing unique perspectives that are indispensable in our line of work.
More companies should support lifelong learning. The cybersecurity world is dynamic, with threats evolving daily. Continuous learning should be integral to any cyber professional’s journey. Companies should play a role in this by offering regular training sessions, workshops, and opportunities for employees to learn from seasoned professionals in the field. Personally, I see it as my professional responsibility to ensure my employees thrive, and part of that is ensuring they have the personal and professional support they need. This includes continuous training on new topics and things that interest them for professional development, but also to help stave off burnout.
Compensation and work-life balance play a huge part in today’s talent gap in cybersecurity. The misconception that entry-level must mean low pay is a deterrent for many, especially for the hours of work we demand as an industry today. More competitive salaries, paired with growth opportunities, and better work-life balance can make cybersecurity a more attractive career option for young professionals.
Additionally, as leaders in cybersecurity we should not perpetuate the unhealthy work environments that some of us started our careers with, working 80-plus hour weeks, an expectation of at-home research and study, and constant work stress. Adequate staffing should allow you to empower your team to work normal hours, research as part of their roles, and take time off to recharge. That way employees will be healthier, more productive, and stay in the industry longer.
We need more public-private education collaborations. By partnering with educational institutions, companies can help shape curriculum and ensure what students learn is immediately applicable in the real world. This could pave the way for internship programs, granting students invaluable exposure and potential job placements post-graduation.
A Global Imperative
As the world continues its journey of digitalization, our cybersecurity infrastructure is the bedrock on which our world’s future prosperity rests. Ensuring we have a talent pool equipped to tackle the cyber challenges of tomorrow is not just a corporate responsibility but a global imperative.
Our mission should not just be to fill vacancies but to nurture a diverse, inclusive, and highly skilled cybersecurity workforce. By making the field more accessible, we not only empower the next generation of cyber experts but ensure the safety, security, and success of our nation and world in an increasingly digital age.