28 Dec Hacking The Cybersecurity Talent Gap Is Everyone’s Responsibility
And the lack of women isn’t the only diversity issue, Novolex CISO Matt Burroughs points out
Melbourne, Australia – Dec. 28, 2022
Government initiatives may have been working to increase the numbers in cybersecurity, but the only way the industry is actually going to fill its skills gap, the CISO of a prominent manufacturing company has pointed out, is if companies take the initiative to engage with young people early on.
An internship program, run by Hartsville, S.C.-based manufacturer Novolex in conjunction with the schools in Charlotte, N.C., has proven successful in establishing ties with local students that may, CISO Matt Burroughs told Cybercrime Magazine, end up working in cybersecurity one day.
“The conversations that I am having with others is that there is this expectation that those coming out of school are able to start with an entry-level job in the field,” Burroughs explained.
By engaging with students in their sophomore and junior years as part of the company internship program, he said, “we’re able to bring them in early. We have them get some level of understanding about what the actual industry looks like, to see if it’s something they actually want to lean into as they grow their careers.”
The internship roles are hands-on, with one recent participant responsible for building Novolex’s phishing campaigns for the entire year.
“It was cool for us because they brought a new lens to the overall campaigns that we are doing,” Burroughs explained. “They were able to take on the challenge and say ‘we’re going to try to phish people in really new ways.’ It was really helpful to have them come on.”
Early engagement with potential cybersecurity workers is also helpful in planting the seeds of the soft skills that many employers see as hard to find in candidates these days.
“I’m aware of the challenges that they’re facing in the field right now, on the soft skills that it actually takes to be able to communicate,” he explained. “If they’re doing incident response, this means really understanding what that means and how we’re going to be able to solve problems.”
The challenges of bringing qualified people into the skills pipeline continue right through university, when candidates commit more seriously to a course of study with the intention that it will lead them to a career.
“There’s a misconception that you have to be a computer science major, and to be super technical to get into the field,” said Gordon Lawson, CEO of security innovator Conceal, who has seen many common themes in his discussions with Burroughs and other CISOs in similar situations.
“That’s simply not true. Because every startup, every cybersecurity company, and every SaaS company — which is such a huge and growing field in this country — needs those softer skills.”
Managing phishing campaigns, for example, “is psychology.” “So, by being able to have that balance, as well as some of the traditional coding skills that you can get — which is quite easy with some of the online programs that are available — that’s a killer combination.”
Closing the diversity gap
Just helping people get into the industry is only part of the challenge, however. To ensure that cybersecurity teams are tapping the broadest base of capabilities possible, both Lawson and Burroughs acknowledged the importance of recruiting a diverse range of candidates.
For all the talk about the underrepresentation of women — who comprise around one in four cybersecurity workers — Burroughs said the gap is even larger for minorities such as African-Americans, who comprise just seven percent of executives and around twelve percent of information security analysts.
Calling those numbers “disappointing,” Burroughs said one of the biggest contributors was a lack of understanding and role models within the minority community.
“There’s a lack of mentorship across the board,” he explained, “and people don’t really understand what cybersecurity is, what the field is about, and how to get into the field.”
“They don’t have real leaders to look up to, and relationships where someone says ‘here’s what cybersecurity looks like for my community, and here’s someone I can talk to about my challenges and things I’m facing.’”
Although some companies had tried to address the issue by spending millions of dollars to fund computer-science programs at historically Black colleges and universities (HBCUs), Burroughs said, “I’ve also seen where some of these companies also pull that money back out… There needs to be a way to actually gauge the progress, and get it to a more respectable number.”
Sharing “positive stories” is crucial to fixing this situation, Lawson said, noting that “there are organizations on the public and private side, within the cyber realm, where you can just have amazing experiences.”
“It’s important for us, as leaders in the community, to get out into our communities and talk about the opportunities that are there.”
“Of course, young people have to put in the work to get there — but we have to open those doors for them, find those opportunities, and put our money where our mouth is.”
“If we just assume it’s going to happen, or assume the government is going to do it, it’s not sufficient.”
“It’s really on us to make sure that folks know this is a growing field,” he continued. “By breaking down some of these misconceptions about what it takes to get into the industry, it’s going to overall give us a much more diverse and stronger pool to fill these roles.”
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.
Conceal provides a capability that protects people and critical assets against the most advanced threat actors in the world. We are fundamentally changing the approach to cybersecurity by creating a platform where security practitioners can see the latest threat vectors and implement enterprise-wide solutions that comprehensively protect their organization.
With our Conceal platform, we take those core capabilities and evolve them into a commercially available product that incorporates intelligence-grade, Zero Trust technology to protect global companies — of all sizes — from malware and ransomware.
Conceal is leading the fight to protect enterprises from cyber threats — if there is malware, we detect, defend and isolate it from users and the network.