Over the last few years, I have listened to many presentations, read many articles and countless white papers on the cybersecurity skills gap. I want to be completely honest here, I don't believe the problem is as big as it is being made out to be. Let's wait a few seconds for everyone to jump up and down and say I am crazy and don't know what I am talking about. I will just wait a little bit more for you to calm down and then I will explain why I think this is the case.
Let’s look at the issue we have, currently there is say, twice as many security jobs as there are professionals to fill them (Don't worry about the amount I am just hypothesizing here and guessed at the number). This situation is going to get worse as far as all the discussions around this go, so let's say we will only have 25% of the required professionals to fill the security positions in 5 years' time. Now that sounds bad and we could continue the doom and gloom angle but that's not where I want to take this.
I want to look at this another way, everywhere I go I see amazing, smart individuals who want to get into cyber security or its related offshoots, but they just keep getting knocked down at every approach. They have all the basic soft skills – inquisitive, keen, continuous learners who love to get in and figure out how things work but no one will even look at them because they don't have blah amount of experience or blah certifications. None of the Blah really matters for entry-level jobs but companies and hiring managers will not give them a chance.
Now, this isn't all about the companies or hiring managers either that is only a small piece of this problem. In my opinion, WE in security are a big part of this problem.
We have made these expectations of what skills or certifications someone needs and how many years of servitude are required before we are respected by our peers. I get that in senior positions it should be people who have the skills and qualifications to do those jobs but for entry-level positions which I am sure we have all been in some way or another, this should not be a requirement. We need to drop the ego trips and look at what we really need in an entry-level position. Personality fits and the basic skills they will need for the job.
Security skills are learnt, we are not born with the knowledge and anyone can be taught. Yes, as in everything, some people are just naturals and will blow everyone else out of the water with their abilities and that's great. We should surround ourselves with people like them and learn everything we can. However, even naturals need to learn how to hack or code or whatever skill makes them so inspiring so why do we shut down anyone who wants to get into our industry? They won't all be superstars but that's okay too.
We need diversity in our industry if we are ever going to have a chance at winning this war we are fighting with the cybercriminals. Also, by diversity, I don't mean sex, race or any of that. None of that should even matter or be a consideration to us we should be looking more at the diversity in skills both in life and professional careers that could make our industry better at what we are trying to achieve. I think this type of diversity is what is needed.
So, if what I am saying is correct and we, as the professionals in the industry are a big part of the problem shouldn’t we do our part in fixing it? I think we should. Last week I was asked to join Cyber Century Mentoring as one of the Australian executive team. CCM was cofounded by Lana Tosic (New Zealand), and Amanda-Jane Turner (Australia), who both saw a need for quality mentorship to support those working or wishing to work in the many diverse roles that make up cybersecurity and cybercrime prevention. CCM is trans-Atlantic, and at this stage is concentrated in Australia and New Zealand.
The New Zealand Exec team is led by co-founder and National Director (New Zealand), Lana Tosic. Exec Team NZ TBC. The Australian Exec team consists of Amanda-Jane Turner as co-founder and National Director (Australia), Kristine Sihto as Senior Editor and Comms Manager and, Craig Ford as Programme Developer and Outreach Manager (Australia) – Obviously, I accepted the invitation to join the team.
CCM is currently in what I would call the start-up stage of a volunteer initiative and is not yet registered as a not-for-profit in either New Zealand or Australia. We are hoping to strongly establish our presence and support of mentoring and we aim to be formally recognised as a not-for-profit association within two years. It is important to us that we start supporting mentoring as soon as we can instead of waiting for all the formal structures before we commence helping the community.
So why did I agree to join the volunteer initiative? It’s simple really and to be honest, is probably the same reason Mandy and Lana started the initiative in the first place. I want to make a difference in our society and by mentoring or helping match up great mentor/mentee's I think we can help reduce the roadblock to entering this on occasion amazing industry as well as to help share our knowledge in a way that is both rewarding for ourselves and beneficial to the individuals wanting to get in.
I truly believe that by mentoring the up and coming talent from whichever industry or background they choose to come from we will all learn a lot from their varied experiences and help to educate a strong constant flow of new security professionals that will not only be able to hit the ground running but have the support they need to stay in the industry and succeed. It's a simple solution and I feel a great method to really make a difference to the apparent skills gap that is balancing on the cliff's edge. You never know we may even win the security war that is constantly waged with malicious actors/cybercriminals to protect our networks and critical infrastructure; if we can succeed in breathing new life to the industry.
As always tell me what you think, disagree with me and tell me why if that is the case. I honestly want to know your thoughts and experiences with this. Let us all work together to make a change for the better.
Till next time.