Understanding the cybersecurity skills gap and how education can solve it.
By Ingrid Toppelberg, Chief Product Officer at Cybint
Apr 19, 2021

An introduction to this article appeared in the monthly Creating Connections newsletter put together by the women of The CyberWire. This is a guest-written article. The views and opinions expressed in this article are those of the authors, not necessarily the CyberWire, Inc.

Understanding the cybersecurity skills gap and how education can solve it.

The cybersecurity industry is projected to triple year-over-year through 2022, yet the workforce shortage still stands at millions worldwide. With a 273 percent increase in large-scale data breaches in the first quarter of 2020 alone, employing more cybersecurity professionals is a pressing challenge for both companies looking to hire in-house and cybersecurity agencies alike.

According to the International Information System Security Certification Consortium, there are now more than 4.07 million unfilled cybersecurity positions across the world. Despite high entry salaries, recession-proof job security, and plentiful career opportunities, there are simply not enough trained cybersecurity professionals to fill the skills gap.

Why is there a cybersecurity skills gap? 

One of the biggest issues facing the cybersecurity industry is the perception of a career in this field. To get a career in tech, individuals commonly believe that the only route is a four-year degree from university or college, which requires them to have the time and the right precursor skills to be accepted. However, given the increasing costs of attending college, a lot of people who have the potential to be cybersecurity professionals are priced out of gaining the qualifications they need.

Research has also shown that with schools and colleges in historically poor and non-white districts having less access to federal funding, Black and Minority Ethnicity (BAME) students face a significantly harder route to higher education and careers—especially those who are female. While females are under-represented in the tech space in general, minority women are unsurprisingly under-represented in cybersecurity, with less than 20 percent of the workforce composed of people who identify as female. 

All of this has led to a situation where not only is there a “hard” skills gap in cybersecurity, but a lack of “soft” skills too. When the cybersecurity industry is composed mainly of individuals with a traditional college background, it lacks the diversity of thinking vital in pursuits such as threat detection, prevention, and prediction. That can also bring about the question: where does one look for diversity of thought? Life experience? Ethnicity? Race? Gender? Religion? Age? The answer to that would be all of the above. Diversity needs to be represented from all fronts.

The effects of the cybersecurity skills gap. 

Obviously, the cybersecurity skills gap is a crisis.

With so few qualified cybersecurity professionals entering the job market, those who have the skills to work in this industry are quickly hired by larger companies looking to strengthen their security teams. This leaves small and medium businesses without access to a pool of cybersecurity professionals, so they are more vulnerable to attacks. In fact, nearly 60 percent of small businesses do not have a cybersecurity policy set in place, which positions them in a situation where they are responding to attacks rather than preventing them. Those that have the means often end up retaining a company that specializes in providing cybersecurity services.

On the other hand, the cybersecurity skills gap presents an opportunity for people who want to pursue a lucrative and in-demand career in technology. Since cybersecurity employees are sought after, the starting salary in the field in the U.S. is over $80,000. Opportunities in cyber are growing three times faster than in any other technical field. Huge companies like Google, LinkedIn, and more are hiring graduates from bootcamps that have the career-ready skills for Cyber. A four-year degree is no longer mandatory in the field.

While the crisis is ever-looming, it also means the cybersecurity career landscape is full of opportunities for not only learners - but educators.

How to fix the cybersecurity skills gap.

So how can businesses and educational institutions work together to reduce the cybersecurity workforce shortage and reskill the workforce?

A big change that is already underway is businesses changing their requirements for cybersecurity professionals to hold a degree in cybersecurity. This is often because these companies both recognize that college is increasingly inaccessible and that it does not always teach real-world employability skills that businesses need. It creates a sense of credentialism in many job descriptions. This is leading to a cybersecurity job market where skills are becoming more valued than degrees, which lessens the entry requirements that individuals have to meet to be employed in this sector. With that requirement lessened, more people can find employment in entry-level cybersecurity jobs.

Bootcamps are the perfect opportunity to reduce the cybersecurity workforce shortage. They provide courses that focus on the skills people need to enter the workforce, as well as give students an academic understanding of the cybersecurity sphere. By partnering with bootcamp providers, educational institutions also reduce the cybersecurity skills gap by giving learners access to the real-world resources they need to succeed. A career-accelerating bootcamp provides the learners the skills they need for an entry-level job in cybersecurity in as little as three months of study. It can help to address the cybersecurity workforce shortage almost immediately, filling cybersecurity roles in areas that include corporate cyber security, risk assessment, network monitoring, and security operations.

About the author: 

As Chief Product Officer at Cybint, Ingrid Toppelberg puts her formidable professional education expertise to work developing relevant, best-in-class oriented programs for those entering the cybersecurity field or advancing their careers. In addition to her Cybint position, she currently serves as a Head Coach for the prestigious Massachusetts Institute of Technology (MIT) Bootcamps, where she trains and manages MIT’s Innovation and Entrepreneurship Bootcamps coaches. An economist by training, Ingrid also worked at Mckinsey & Company, where she specialized in digitalization and change management. Ingrid holds an MBA from MIT Sloan School Of Management and a bachelor’s in economics from Universidad Torcuato Di Tella in Buenos Aires.

About Cybint: 

Cybint is a global cyber education company with a commitment to reskilling the workforce and upskilling the industry in cybersecurity. With innovative and leading-edge education and training solutions, Cybint tackles cybersecurity's two greatest threats: the talent shortage and the skills gap. The Cybint team is comprised of military cyber experts, industry professionals, and educators united under the vision of creating a safer digital world through education, training, and collaboration. For more information, visit www.cybintsolutions.com