The week four theme of National Cyber Security Awareness Month (NCSAM) is “The Internet Wants You: Consider a Career in Cybersecurity.”
We asked our Vice President of Human Resources, Leah Schmid, to weigh in on this topic. In this week’s blog, she offers her insights into the different issues surrounding the growing shortage of qualified cyber security professionals and what that means for the future, as well as some advice for people interested in a career in cyber security.
Dev: How real is the cyber security hiring shortage? What are some of the challenges you’re facing on the human resources front?
Leah: It’s very real. Just Google “cyber security jobs,” and in the search results, you’ll see a job board showing more than 2,600 open positions for “Cyber Security Analyst” in the Washington, DC metro area alone. This is happening across the country. It’s a job-seekers’ market, and companies are fighting for candidates from a very limited pool.
“Cyber security” encompasses so many different job functions – like SOC analysts, security engineers, penetration testers, policy and governance subject matter experts — which further limits the pool of qualified and available people, depending on the skill set needed.
For instance, thanks to the almost daily reports of companies large and small being compromised, there is a high demand for penetration testers and security engineers in professional services organizations like Delta Risk. These are people who perform assessments and advisory services for a mix of customers versus working on a dedicated security team for a single company. They’re typically already employed by another company or are self-employed as a “free agent,” meaning they aren’t the typical “active candidate” who has his or her resume posted on a job board.
Recruiters and hiring managers are increasingly relying upon referrals, attending conferences, and networking to find qualified candidates. Both recruiters and hiring managers must be able to engage candidates about the unique projects they can work on and selling points of the company culture, including competitive benefits and perks.
Prospective employees are selective about the type of work they want to perform, the customers they want to support, and other company perks like remote working arrangements and professional development resources. Yes, salary plays a part to in attracting top talent. However, more often, it’s the type of work and the company culture that will get the candidate over the finish line to accept your offer.
Dev: From your vantage point, what are some of the reasons for the potential shortage of information workers?
Leah: Rapidly changing technology and the inability for universities, colleges, and K-12 teachers to keep up with designing programs and curriculum is just one potential reason. Another is that cyber security isn’t taught as a basic everyday life skill for living in the 21st century. Previous generations were required to take courses like machine shop, woodworking, home economics, typing, and personal finances to graduate. Cyber security isn’t viewed in the same light.
Teaching kids basic programming fundamentals, network configuration, and cyber security practices would go a long way in developing interest in the information technology field. I also think there is a stereotype associated with cyber security professionals of being social misfits or the proverbial “creepy guy in a hoodie” sitting in a dark basement hacking into your computer in the wee hours of the morning. Education has always been key to breaking down stereotypes, and this is one area where exposure and education would help tremendously, especially in terms of recruiting more women into the field of cyber security.
Dev: Speaking of the education system, what are the steps key influencers – like parents, teachers, guidance counselors, or state and local officials – can take to engage youth in pursuing a cyber security career?
Leah: Within the last five years, there has been a significant increase in the number of campaigns, programs, educational exposure, and overall encouragement from national, state, and local groups to develop a healthy pipeline of future cyber security professionals across all levels of education in the U.S.
More and more K-12 schools are offering youth classes focusing on technology, through expanded Science, Technology, Engineering and Mathematics (STEM) programs made possible by Title IV grants led by the STEM Education Coalition and other private and non-profit organizations. Many state governors recognized the need to create a cyber security pipeline and have created state-wide programs designed to bring industry and education together for dual-enrollment programs (high school students can earn college credits by taking cyber security classes at area colleges, for example) and coding games and competitions.
These are all great first steps in developing the cyber security pipeline. I believe that we also need to focus on the older generations and educate them on basic information technology and cyber security principles. If children have parents, aunts and uncles, teachers, and guidance counselors who have a fundamental understanding of the technology we take for granted daily, they can encourage and help steer the future generations to the technology of tomorrow.
Dev: If you were speaking to someone who is interested in pursuing a career in cyber security but wasn’t 100 percent sure it was the right direction, what are the key benefits you would highlight? Also, what are some of the frequent questions they ask?
Leah: Anyone who is curious about cyber security should network and talk with current cyber security professionals across various functions to learn about their day-to-day responsibilities and opportunities for career growth. They should also research current cyber security trends in the news and participate in cyber security forums to determine interest. There are hundreds of interesting blogs and newsletters out there too that you can get started with to learn more about different aspects of cyber security.
As far as benefits to venturing into the cyber security world, the biggest and most apparent is job security – cyber security isn’t going away and is in such high demand. The most successful cyber security professionals have a drive, passion, and a healthy curiosity to keep learning. There are so many different types of jobs and roles within cyber security that most people in it can find something they’re passionate about if they keep exploring and growing in their career. There is also a growing need for other roles within this field besides technical or engineering experts – for example, sales and marketing professionals who have an aptitude for and understanding of cyber security.
Dev: Lastly, what is Delta Risk doing to create more opportunities for information workers and aspiring cyber security workers?
We are proud to provide opportunities to aspiring cyber security workers through our managed services and professional services capabilities within Delta Risk. We typically hire entry-level SOC analysts to mentor, and we provide them with on-the-job training to develop their fundamental knowledge and analytical skills in information technology and cyber security. We have developed a career path framework that outlines the knowledge, skills, abilities, and certifications required to move up and across job families.
Delta Risk also budgets for and expects our employees to use their professional development benefits ($2,500 annually) to get new skills and certifications, or to attend conferences that help them advance their career. We also encourage our employees to collaborate and share knowledge through internal brown bags.
Most cyber security professionals want variety in the types of projects they work on, and Delta Risk scratches this itch by giving our employees the opportunity to move to different projects (short-term and long-term) between our commercial and federal sectors.
To learn more about current job openings with Delta Risk, visit our careers page.