Addressing the Cybersecurity Skills Gap

Are More Defined Parameters the Key to Addressing the Cybersecurity Skills Gap? (Security Intelligence)

...the skill sets required tend to be more diverse than other IT-related jobs. In addition to tech skills, cybersecurity jobs also require skills that align with liberal arts and humanities fields, such as communications and psychology. This has the potential to open the door to a wide range of candidates.

What’s missing is an accurate job description, said Wesley Simpson, chief operating officer with (ISC)2, during a conversation at the company’s Security Congress in October. Hiring managers who write up job descriptions often don’t have a complete understanding of the actual skill needs for these cybersecurity careers. There is a tendency to become enamored with certifications, which a person often can’t qualify for until they have years of job experience.

However, many of these jobs that “require” certifications are essentially entry-level jobs, so the people who should be applying for them don’t because they don’t carry certifications. On the other hand, people who do apply may be over-qualified and see the position as a lateral move, which could lead them to turn an offer down.

Is an inability to define security the main cause of the cybersecurity skills gap? If we can't truly define what security is, how can organizations design the right cybersecurity jobs for their needs?

Are More Defined Parameters the Key to Addressing the Cybersecurity Skills Gap? (Security Intelligence)

...the skill sets required tend to be more diverse than other IT-related jobs. In addition to tech skills, cybersecurity jobs also require skills that align with liberal arts and humanities fields, such as communications and psychology. This has the potential to open the door to a wide range of candidates.

What’s missing is an accurate job description, said Wesley Simpson, chief operating officer with (ISC)2, during a conversation at the company’s Security Congress in October. Hiring managers who write up job descriptions often don’t have a complete understanding of the actual skill needs for these cybersecurity careers. There is a tendency to become enamored with certifications, which a person often can’t qualify for until they have years of job experience.

However, many of these jobs that “require” certifications are essentially entry-level jobs, so the people who should be applying for them don’t because they don’t carry certifications. On the other hand, people who do apply may be over-qualified and see the position as a lateral move, which could lead them to turn an offer down.

As part of the interview team, I am sometimes interviewing individuals with less experience but who appear to be enthusiastic about the field. Some are often on my shortlist for recommended hiring. However, many times, the rest of the interview team and the hiring manager want someone with more experience. Everyone wants a unicorn.

How do we fix this?

Keep all your pieces in play.

Don’t discard. Keep all your pieces in play. by Austin Kleon

ou’re telling me that there are three things you love and you want me to tell you which two to cut off…so you can limp along on the other one? This is not how things work. The advice I have for you is: don’t discard. Find a way to keep all three of these things in the mix. We’ll find out [what you should do for a living]. Right now, what you do is spend 2 hours a week whole-heartedly engaged in each of those 3 things. Let them them talk to each other. Something will begin to happen in your life that is unique and powerful.

Career planning = career limiting

The world is an incredibly complex place and everything is changing all the time.You can’t plan your career because you have no idea what’s going to happen in the future. You have no idea what industries you’ll enter, what companies you’ll work for, what roles you’ll have, where you’ll live, or what you will ultimately contribute to the world. You’ll change, industries will change, the world will change, and you can’t possibly predict any of it.

Trying to plan your career is an exercise in futility that will only serve to frustrate you, and to blind you to the really significant opportunities that life will throw your way.Marc Andreessen, American entrepreneur, investor, and software engineer.

Mark Andreessen wrote those words in 2009 but they seem very relevant today. If you had asked me what my career goals were back in the 1980s when I graduated from high school, I would have waffled and mumbled something about getting an engineering degree and then going to work for Bell Labs. But the honest answer would have been, "I don't know".

My career has taken unexpected turns over the year since I graduated from the University of Michigan Rackham Graduate School. I took my entering degree and started working on micro-controllers in the engine diagnostics division of General Motors/Electronic Data System. That experience helped me get work in the multi-media labs at Sarnoff. I got a lot of experience developing C+ code but I also started working with BASH scripts in Solaris. That experience with BASH and UNIX helped me get hired into the newly formed website development team at Bloomberg, LLP. The web site platform was based on UNIX and open source scripting languages. I learned a lot about model-view-controller development and working to deadlines.

Experience with rapid application development in scripting languages such as Perl and JavaScript helped me launch my consulting career. I worked in many industry segments including financial services and pharmaceutical doing web application development and system integration work. That helped me develop an aptitude for rapid learning which helped me land a consulting and then a full-time role in information security. In the 10 years I was at my former employer, I had the opportunity to develop project management, presentation, writing, and strategic thinking skills.