Today, we are facing a frightening shortage of cybersecurity professionals in the workforce. Specifically, this widening gap is expected to lead to 3.5 million jobs left unfilled in the cybersecurity profession by 2021.
The month of October is National Cybersecurity Awareness Month, which aims to raise awareness about the importance of cybersecurity, and additionally, draw attention to careers in the field. With this top of mind, I sat down with my security team to ask what advice, tips, and ideas they could offer to help empower the next generation of security ninjas.
Their advice provides insights for individuals of different age groups who might have their sights set on pursuing careers in the field, as they recognize that people find their passions at different moments in life. As such, I’d like to share a few lessons that came out of my discussion with my team for people of all ages who might be interested in one day entering a career in cybersecurity.
Nature & Nurture
Most people who get involved in technology had an early aptitude for it. For example, one individual on my security team recalls having an interest in technology at the age of five, when his mom would let him take apart old electronics. I, too, was exposed to computers and security at a young age – around twelve years old – when at the time there was no Internet (remember the BBS systems), so movies like ‘War Games’ and ‘Hackers’ shaped my malleable brain.
What can we learn from this? If you see a young person showing interest in technology, fostering it is a sure-fire way to ensure they will continue to grow and ultimately learn the value of becoming part of the security industry. It’s up to us — parents, teachers, friends, and the security community to nurture children and to aid in their learning if there is a natural desire there to get involved with technology. Gone are the days of phone phreaking, we can now tell early on if children have a knack for computers.
Studying Goes into High Gear
Older children in high school typically find themselves gazing towards the future. With this age group in mind, a SailPoint security engineer shared this advice, “do some research to find more information about all of the career options associated with cybersecurity to get a lay of the career landscape. You may even consider, for example, taking an opportunity to participate in a ‘Capture the Flag’ exercise.”
Research is an excellent first step, and here are some other bits of advice as well. First, a no-brainer – study hard – as a student’s affinity for learning and learning fast will be measured in interviews and in college. Second, learn a programming language. Learning python, for example, is needed in today’s security teams and the traditional security engineer who does not know any programming or scripting languages is in low demand and slowly becoming obsolete. Meaning, learn to take a developer mindset. If you cannot speak their language, then you will struggle to talk risk to them.
Next, learn the cloud. With the latest trend around moving to the cloud, security leaders need to know and understand the cloud. They need to know CI/CD pipeline development and where security fits in with these new concepts and frameworks. Finally, be the solutions provider, as today too many security leaders waste valuable time and become obstacles to the business when articulating risk. If you bring up an issue or risk, be sure to bring your recommendations to solve the problem along with you. This will only increase your credibility and integrity with the business.
Growing as a Lifelong Learner
It was a resounding yes from the security team that anyone interested in cybersecurity needs to get a degree, as going to college helps you to learn how to learn. No one in IT or security has all the answers, but what defines us as IT and security folks is how we figure out problems. You learn how to become a lifelong learner in college and develop new skills on the job as you fine tune your natural gifts. Find your passion and be the very best at it, and that will make you stand out from the rest.
We even believe that degrees like math or philosophy would work for anyone looking to break into the field. You need to hone your cybersecurity skills on the side, but these degrees teach you logic and problem-solving. One security program manager on the team said college students should aim to get a job/internship as soon as possible, even if it is not technical. The goal here is that every industry has a security element, so if a job is not technical in nature, you are still learning workflows and problems on some level that deal with cybersecurity. That’s just the nature of the world we live in.
How to Break into Cybersecurity as a Professional
And finally, if you’ve graduated from college, but didn’t get a computer science degree – that’s OK. In fact, one person on our team didn’t realize until he was in the military in his 20s that he was interested in cybersecurity, and he now is an extremely valuable asset to our department.
We see adults shifting their career paths frequently, and as mentioned earlier, even non-computer degrees can be an asset. Cybersecurity is not rocket science, but it does take passion and craft, so new folks aiming to join the industry should choose a certification in a topic/skill they like and run with it. Another tip – try to gain some level of skills in this area before making the jump so that you can tell interesting stories about cybersecurity in interviews to help set you apart from your peers. One example – volunteer to participate in projects that are IT-related, especially if there is a security component in your current role. You never know what kind of doors will open when you put yourself out there. As the CISO of a public company, when I interview someone, I am looking for their story around cybersecurity and their passion, which is usually coupled with knowledge, so all of these small efforts truly do add up.
Individuals discover their passion at different times of their lives. If, by chance, an individual is inclined to pursue a career in cybersecurity – no matter at what age – then they should consider this a tremendous area of opportunity, as the workforce is in great need of cybersecurity pros. And, seeing as we’re right in the middle of Cybersecurity Awareness Month, there’s no better time to start making strides towards your future role.
Charles Poff, CISO, SailPoint