Over the last decade, the cybersecurity industry has seen a paradigm shift from traditional academia as the main source for skills education, to more non-traditional avenues. This shift is largely due to the sheer number of options professionals now have for gaining cybersecurity knowledge and skills.
In the early days, there weren’t many cyber-specific education paths. Professionals in the field typically held computer science or engineering degrees or received previous cyber experience during their time in the military or other “on the job” training. But today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.
The traditional linear career path of finishing at a master’s level in information systems or computer science and pursuing a role that is in-line with those degrees is slowly fading away. There are now growth paths that are offered through training organizations and even vendors that are tailored to addressing specific sets of skills gaps.
With these specialized training courses readily available, individuals can develop their own growth plans as their career unfolds, on their own timeline. For example, if a professional has a vast technical background, but isn’t as well versed in management, there are specific education options available to address that gap – they don’t need to go through a general degree program.
The industry has recognized the superior educational approach to cybersecurity success is one of lifelong, hands-on learning. It’s not limited to taking a degree, finding a job that matches your education and coasting forward, so to speak. Cybersecurity is a field that requires continuous learning commitment, and a commitment to obtaining hands-on skills. And the strength of this commitment commonly indicates a professional’s level of success in the field.
Participating in live drills and tests as part of a cyber team, while stressful at times, is hypercritical to a comprehensive security knowledge base. If conducted correctly, these real-world scenario simulations that incorporate human dimensions and variables – a team’s responsiveness, making decisions under pressure/uncertainty, limited facts or time – are of tremendous educational and experience value. There is no replacement for having real-world scenario experiences under your belt.
If you’re thinking about entering the cybersecurity workforce, I recommend obtaining a technical foundation from an established academic institution that specializes in cyber. You’ll never go wrong with solidifying a technical skills foundation from the get-go. In the future, I foresee technical skills sets will be expected of every professional in the entry to mid-level role, since they’re so critical to future career success.
But, as more vendors incorporate AI into their technology, professionals need to separate themselves from the lower level technical tasks that will soon be taken over by automation. Analyzing vulnerability reports and system logs are tasks that can be addressed by smart technology, such as AI. However, tasks that are more difficult for AI to execute on and require more of a human element, such as making cyber architectural recommendations, will be key for professionals to master to makes themselves invaluable in the future.
Once a professional begins to move forward in their career, everyone’s learning path will eventually vary. For example, if you look at highly regulated industries, such as financial services, professionals must have a deep understanding of regulation as it relates to cyber. Be sure to understand the best knowledge base to prioritize and build based on your specific industry.
As you get further along in your career and look to build your skills for a leadership role, you should consider undertaking leadership development. Project management, organization behavior, team building, and other business school environment concepts are key to elevating your career to the managerial level.
The media and security professionals are echoing the same woe – that the skills shortage in cybersecurity will be detrimental to our industry and cybersecurity in general. I believe the industry is now mature enough to be more precise. Is the skills shortage in cyber ops, assessment and testing, or some other skill? Does the shortage vary by industry or organization type? Security educators need answers to these types of specific questions in order to hone in on the education and talent acquisition challenges we face. My hope is that in the coming years we can address these types of questions with more certainty.
All in all, the cybersecurity industry is changing for the better with the prominence of non-traditional education paths. And as we continue to gain a deeper understanding of the skills challenges and security threats we face, we’ll be able to pivot and shape our education strategy to arm the next generation of cybersecurity professionals with the skills they need to be successful and keep critical data safe.