20 Aug Chaos And Disorder Is Limiting Our Cybersecurity Talent Pool
A lack of personal career pathways is a major problem
Morristown, N.J. – Aug. 20, 2020
“In all chaos there is a cosmos, in all disorder a secret order. We are caught and entangled in aimless experience, and the judging intellect with its categories proves itself powerless.” — Carl Jung
Our chaos is, there are no personalized cybersecurity career pathways for job seekers to enter the cybersecurity industry and level up throughout one’s career. The universe is all existing matter and space considered as a whole. Cosmos is an orderly, harmonious universe — the opposite of chaos. We are currently in chaos, there is no cosmos to direct people to our field and close the cybersecurity workforce gap of 3.5 million unfilled cybersecurity jobs by 2021. What is our secret order? Where are the personalized cybersecurity career pathways? We need a cosmos.
Chaos & Disorder
Cybersecurity career pathways are currently a chaotic, disordered universe. There are bright stars, dim stars, clusters of both, and empty space. Job seekers looking for a guaranteed job for life and excellent compensation want to join our universe. At first they are in awe, intrigued by our universe’s beauty and vastness, and then turned away. Not turned away on purpose, but by the design of our current system.
Our system is disordered. We have bright shiny career paths that start strong and fizzle out before they reach maturity; we have antipodal paths dimly lit but with the ability to reach into our version of deep space. An example of a “bright shiny” path is thinking a Certified Ethical Hacker (CEH) can be on keyboard for national level cyberspace operations — that’s not going to happen. An example of a “dimly lit” path is not pushing your penetration testing team to pursue becoming Offensive Security Exploitation Experts (OSEE). Marketing makes this so.
The lack of personalized cybersecurity career pathways limits our talent pool and chokes avenues to entry level jobs. There is also a perceived high barrier for success that looks daunting to a beginner — not everyone can turn Chrome Rewards into a high paying job.
Cybercrime TV: Jason Shockey, Founder of My Cyber Path
Learn how to get started in cybersecurity, no experience needed
Entangled & Aimless
Current cybersecurity career pathways are limited as they don’t reach the level of personalization and comprehensiveness required for people to make life-changing career decisions. A lot of time is spent at work. Making the wrong career choice based on incorrect perceptions or the marketing of existing products leads to lost time, wasted money, and frustration. Most of the existing pathways in cybersecurity don’t claim to be custom, let alone personalized and comprehensive. This lack of personalization produces aimless experience for would-be cybersecurity job seekers and seasoned practitioners.
There are several existing global leaders that produce their version of a cybersecurity career pathway. Their version of a pathway is determined by their position in the marketplace and their situation in the global cybersecurity industry. The organizations below and those not listed share a common thread: the lack of personalized cybersecurity career pathways — this is their blind spot. The below lists what our current industry is, and is not a critique.
1. The National Institute of Standards and Technology (NIST) runs the National Initiative for Cybersecurity Education called NICE. In 2017, NIST published the NICE Cybersecurity Workforce Framework Special Publication 800-181, “a reference structure that describes the interdisciplinary nature of cybersecurity work. It serves as: i) a fundamental reference resource to support a workforce capable of meeting an organization’s cybersecurity needs, ii) provides organizations with a common, consistent lexicon that categorizes and describes cybersecurity work, and iii) is a reference resource to improve the communication needed to identify, recruit, and develop cybersecurity talent.” SP 800-181 is a comprehensive listing of cybersecurity work roles for the United States government.
2. The National Initiative for Cybersecurity Careers and Studies (NICCS) started in 2013 is a NICE affiliate program run by the Department of Homeland Security. NICCS is: “i) an online resource for cybersecurity training that connects US Government employees, students, educators, and industry with cybersecurity training providers throughout the Nation, ii) the nation’s one-stop shop for cybersecurity careers and studies, and iii) connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management.” NICCS has a Cyber Career Pathways Tool. The tool is a great Venn diagrammed, color-coded precursor to understand the work roles in Special Publication 800-181. NICCS has superb free training resources for government personnel and veterans, aligned to the Special Publication 800-181 called the Federal Virtual Training Environment, FedVTE and select free cybersecurity training for the public, Public_FedVTE.
3. CyberSeek launched in 2016 and “is an online interactive data visualization portal that provides granular and actionable data about the cybersecurity workforce. CyberSeek is a joint effort between BurningGlass Technologies, CompTIA, and NICE.” CyberSeek has an interactive Cybersecurity Career Pathway that “shows key jobs within cybersecurity, common transition opportunities between them, and detailed information about the salaries, credentials, and skill sets associated with each role.” The tool has a nice mind map to work roles, maps to Special Publication 800-181 categories, has top skills requested, and common job titles from employers.
4. DICE was started in 1989, is owned by DHI Group, Inc. and has a Career Paths site. The career paths site at least queries users about their current status and attempts to provide a personalized pathway.
5. SANS was started in 1989 and has the SANS Cyber Security Career Roadmap. This is a great site with clear cybersecurity pathways for SANS certifications.
6. CompTIA was started in 1982 and has CompTIA IT Career Paths Roadmap and CompTIA Career Change. These are great resources for people pursuing CompTIA certifications and they reference partner certifications also.
10. Cybrary started in 2015 and is a “Cybersecurity and IT Career Development Platform.” Cybrary has a Career Paths page to take courses, practice skills, assess knowledge, and earn certifications.
The 10 examples above demonstrate the lack of personalized cybersecurity career pathways that induce entanglement resulting in aimless experience. Just as Alice in Wonderland asked, “Where should I go?” to which the Cheshire Cat replied, “That depends on where you want to end up.” Beginners in cyber don’t understand the cyber work roles and therefore don’t truly know what they want. We need our cosmos to demystify the cybersecurity work roles into understandable aim points for people to aim at what they actually want.
The Judging Intellect, Powerless
There is no shortage of intelligent, logical people in our field. So why hasn’t our industry’s global blind spot been addressed to close the cybersecurity workforce gap? The answer is the cybersecurity industry’s judging intellect is currently powerless because of the categories produced by our chaotic and aimless structure.
The categories of more certs and more education are focused on just that, selling more certs and selling more education. The categories are not focused on eliminating the cybersecurity workforce gap with personalized cybersecurity career pathways.
My purpose is to close the cybersecurity workforce gap with personalized cybersecurity career pathways. I want a cosmos.
– Jason Shockey is the Founder & CEO at My Cyber Path and Chief Information Security Officer at a publicly traded company in the greater New York City area. Prior to his CISO role, Jason was active duty in the US Marine Corps as a technology leader conducting cybersecurity operations, incident response, and cyber risk management.
About My Cyber Path
Get A Pathway, Get a Job for Life!
My Cyber Path uses a proprietary algorithm to match you to one of 12 cyber work roles in Leadership, Intelligence, Supporting Technology, or Operations.
Get a career pathway showing the right sequence and type of certifications, experience, training, and education required for your perfectly matched cyber work role.