Stay tuned for episode three of the Cyber Talent Insights special series podcast airing on Friday, April 26, 2024. Listen to episode one, "Cyber Talent Insights: Navigating the landscape for enterprise organizations," and episode two, "Cyber Talent Insights: Charting your path in cybersecurity," now.
Strengthening the Cyber Talent Pipeline Apparatus Part I: Needs & Challenges
Cybersecurity Workforce Pipeline
It all begins in K-12 education, where we've observed a growing emphasis on cybersecurity awareness concerning online safety and citizenship. While this is commendable and essential for today's youth, we must also explore how to ignite their interest in cybersecurity as a potential career path and introduce them to the various opportunities that await them in this field.
As these young minds grow into adults, we must ensure they receive the necessary education and training to become skilled cybersecurity professionals who can fill the ever-expanding workforce demand. This education and training pipeline—comprising of academic programs, certifications, and hands-on experiences—is pivotal in shaping competent individuals ready to contribute to the cybersecurity workforce.
Needs and Challenges for K-12 Cybersecurity Career Awareness & Education
Unfortunately, numerous K-12 institutions grapple with resource constraints, limited funding, and a shortage of qualified educators dedicated to teaching cybersecurity. In a recent interview on N2K's Solution Spotlight podcast series, Tatyana Bolton, a Security Policy Manager at Google and Senior Advisor to the U.S. Cyberspace Solarium Commission, says this:
“The K to 12 piece is really critical because… if you don't have enough of a population that's even knowledgeable about the basics from an early age… they can't [be] inspired to go into cybersecurity and fix these problems… If [they are] not even seeing cybersecurity professionals until [they are] older, [they are] not really thinking about that as a career path… [but] there are not enough cyber experts to go into every school in America and say, ‘Hey, I do cybersecurity for a living’... the teachers…you can't put it on them. They're like massively overwhelmed as it is…K to 12 not having enough…focus, not having enough resources”
These obstacles obstruct the implementation of current and relevant cyber curricula and hands-on training opportunities. These resource limitations are particularly pronounced in racially diverse and socio-economically disadvantaged communities. Consequently, there appears to be a connection between early exposure and accessibility and the underrepresentation of diverse professionals in the field as adults. This situation is regrettable and requires rectification, as fostering an interest in cybersecurity careers among students from diverse backgrounds is essential for promoting inclusivity and enriching the industry with a wide range of perspectives and talents.
Moreover, there exists a noticeable lack of emphasis and standardization when it comes to cybersecurity education within the K-12 curriculum. This deficiency contributes to students' inadequate foundational knowledge and represents a missed opportunity to cultivate early career interests during their educational journeys. Students who develop an early interest are more likely to pursue relevant educational pathways and training as they progress through middle school, high school, and beyond.
Providing students with interactive methods like gamified lessons and hands-on activities such as coding exercises or simulated scenarios can expand their understanding of the vast array of cybersecurity specialties and help narrow in on their interests. Interested students are also more likely to participate in cybersecurity clubs, competitions, and extracurricular activities, which provide them with hands-on exposure, practical skills development, and networking opportunities, enhancing their readiness for future education and training. Those who pursue cybersecurity-related degrees with a solid foundation ensure a smoother transition into advanced studies and specialized training programs.
Access to focused training programs, certifications, and workshops during high school or post-secondary education helps them develop advanced skills employers seek, making them more competitive in the job market. Thus, addressing the challenges of providing young students with access to a standardized and innovative cybersecurity curriculum and generating more exposure to cybersecurity careers throughout the K-12 level sets the stage for a more seamless educational and training journey into adulthood.
Needs and Challenges for Adult Cybersecurity Education & Training
As we transition from nurturing interest in K-12 education, we encounter a fresh set of challenges when providing high-quality education and training for adults venturing into the cybersecurity workforce. These individuals may pursue various avenues, including traditional university degree programs, professional certification bootcamps, trade or technical schools, etc. However, these pathways have their share of additional hurdles.
Many argue that current education options focus too much on theory rather than the practical skills needed in workplaces. To bridge this gap, educational programs should include more hands-on labs, simulations, and exercises. Without exposure to real-world scenarios, professionals may struggle with actual cybersecurity incidents. Technology evolves quickly, so professionals need ongoing training to stay relevant. Traditional higher education often lags behind these changes, creating a demand for specialized hands-on programs that keep pace with industry trends and emerging threats.
Additionally, accessing high-quality cybersecurity education and certification programs can be too expensive for many, particularly those from underprivileged backgrounds. This financial barrier dissuades potentially talented individuals, further contributing to a lack of diversity in the field. Even pursuing short-term certification programs can be overwhelming due to numerous provider options and exams focusing too narrowly on specific technologies. There isn't a clear path for cyber certifications or career development, unlike other professions, such as lawyers taking the State Bar exam or nurses taking the NCLEX exam.
Therefore, a prevalent issue lies in the lack of standardized cybersecurity job roles and qualifications, which can lead to confusion for employers and job seekers alike. This absence of clear industry standards results in a job landscape convoluted with diverse role requirements, making it challenging for candidates to understand role and skill expectations. Today’s cyber job postings frequently demand substantial prior experience, posing a significant obstacle for entry-level professionals seeking to secure positions in the field. This disconnect in job role expectations perpetuates the search for and the development of skilled cybersecurity talent.
On another N2K Solution Spotlight podcast episode featuring guest Will Markow, the VP of Applied Research from Lightcast, he spoke to that expectation gap perfectly, saying:
“There definitely is a skills gap in cybersecurity… [but] there's also an expectations gap that a lot of employers don't realize that they are contributing to some of the hiring challenges that they have by asking for certain credentials or certifications or skill sets that may or may not be important in the roles that they're asking them for.”
The expectations gap needs to be the priority in terms of aligning the skills, certification, and experience requirements employers seek, education and training providers focus on, and individuals entering the workforce as early professionals actually possess.
Wrapping Up
The cybersecurity education and training landscape must adapt and innovate to ensure that aspiring professionals receive the comprehensive preparation they need to thrive in cybersecurity. An insights-driven solution can enable more collaboration and partnership opportunities between educational institutions, industry professionals, and employers.