23 Jul Flying Blind In Cyberspace: Where Are The Cybersecurity Careers?
Why our labor gap is widening… and what to do about it
Morristown, N.J. – July 23, 2020
There is a global blind spot in the cybersecurity industry, the lack of cybersecurity career pathways.
The currently accepted and inadequate cybersecurity career pathways are driven by cool-sounding job titles associated with numerous certifications and various degrees.
The current pathways go something like this — pick job title, pick cert, pick degree from the latest brochure, get hired, profit. Wrong.
That approach is a misaligned solution to close the cybersecurity workforce gap.
My experience has been that most people using this approach are mismatched to chosen job roles based on people’s habits and the daily job requirements.
This current approach to cybersecurity career pathways limits career success and reduces quality of work because of misguided perceptions about the job roles.
The global blind spot creates chaotic entryways into the cybersecurity industry and limits people’s ability to efficiently level up throughout their careers.
As a result, the current approach to cybersecurity career pathways perpetuates the cybersecurity workforce gap because the industry is too focused on certifications and education.
Certifications and education are critical elements of cybersecurity career pathways but not the solution to expand the talent pool and close the cybersecurity workforce gap.
Cybercrime TV: The Cybersecurity Labor Shortage
CISOs and thought leaders on career opportunities
A Unique Vantage Point
You haven’t heard of me yet but I’ve spent more than 21 years leading cybersecurity operations, incident response, and cyber risk management in the public and private sectors.
20 years were spent in the US Marine Corps conducting combined cyberspace operations with the intelligence community and law enforcement agencies against active cyber adversaries.
I’ve led world-class cybersecurity practitioners and cyber subject matter experts, many of whom have no certifications and no formal education, except they are the best in the world.
During those two decades I observed the cybersecurity industry, and 4 years ago I took extreme ownership and personal accountability to solve the global cybersecurity workforce gap.
I was forced to live through the current approach to cybersecurity career pathways and my experience has allowed me to identify the global blind spot in the cybersecurity industry.
Simple Question, Difficult to Answer
What problem are you trying to solve?
The March 2017 MIT Sloan Management Review article The Most Underrated Skill in Management stated it best, “There are few questions in business more powerful than ‘What problem are you trying to solve?’”
The MIT researchers went on to say, “Clear problem statements get more done with less effort and move more rapidly than their less-focused counterparts.”
Common with most people, the cybersecurity industry leapt from situation to solution without a defined problem statement.
This automatic processing of the cybersecurity workforce gap left us with 10 years of half-right answers in the form of certifications and education.
Maintaining our half-right solution is trending to give us another 10 years of problem admiration if we don’t change course.
The cybersecurity industry talks ABOUT the gap, not SOLVING the gap. That is problem admiration.
Jumping to the solutions of certifications and education kept the gap alive and left cybersecurity entrants with frustration, wasted time and money.
As far back as 2010, the Center for Strategic & International Studies reported in “A Human Capital Crisis in Cybersecurity” that “It is the consensus of the Commission that the current professional certification regime is not merely inadequate; it creates a dangerously false sense of security.”
The blind spot still exists because our current solution not only impedes achieving the desired end state of closing the cybersecurity workforce gap; the blind spot has widened the gap. A report from Cybersecurity Ventures predicts that there will be 3.5 million unfilled cybersecurity jobs by 2021, up from one million positions in 2014.
Further evidence shows the gap will not be closed with the current solution as highlighted by a Cybercrime Magazine article published last year — Only 3 Percent Of U.S. Bachelor’s Degree Grads Have Cybersecurity Related Skills.
Certifications and education were a comfortable answer at the time the industry leapt to a solution.
Worse, that answer biased the industry toward comfort and away from innovative solutions to close the gap.
Cybercrime Radio: Cybersecurity Is A Career You Will Love
Mastercard’s Deputy CISO says there are millions of unfilled jobs in our field
The Cybersecurity Workforce Gap Gemba
Certifications and education are absolutely correct answers to the wrong question.
The root problem of the cybersecurity workforce gap is not certification and education. In fact, there are possibly too many certifications and degrees for the cybersecurity industry and this leads to confusion and abandonment by those considering cyber as a profession.
Robert Herjavec said, “If you know cybersecurity, you have a guaranteed job for life.”
The combination of the cybersecurity workforce gap and zero percent unemployment rates create unprecedented career opportunities for those who can find their way into the cybersecurity industry.
By 2021 the cybersecurity industry is expected to have 3.5 million unfilled work roles globally, even though the global workforce has a pool of 3.46 billion people, and the United States alone has about 40 million unemployed Americans.
The “gap” between unfilled cybersecurity positions and available workforce has wasted time, created delays in hiring, and exposed organizations to unnecessary cyber risk.
Let’s stop focusing on the peripheral issues of certifications and education and get to the work we really need to do — close the cybersecurity workforce gap with cybersecurity career pathways.
– Jason Shockey is the Chief Information Security Officer at a publicly traded company in the greater New York City area. Prior to his CISO role, Jason was active duty in the US Marine Corps as technology leader conducting cybersecurity operations, incident response, and cyber risk management.