Truth of the matter—there are way more job openings than experienced candidates today.
Cybersecurity jobs are abounding. If you go on Indeed, LinkedIn, or some other flavor of job site, you won’t have a hard time finding openings for cybersecurity positions—some looking for newbies to the field (maybe those that have some education in cybersecurity) and others looking for years of experience.
What employers are finding? Security jobs are going unfilled. Unfilled to the point that many big employers are starting to scrape the bottom of the barrel. In today’s cybersecurity departments, a lot of those tech companies that have been actively recruiting people in cybersecurity-related positions for years, there simply aren’t enough people with real world knowledge. What many companies, including the likes of IBM and other hi-tech companies are finding is that no experience is required.
There simply aren’t enough candidates out there—and when I talk about candidates I mean the ones who have actually gotten their hands dirty playing around with different security tools, those that understand computer networking like the back of their hand, or those passionate techie (you probably can think of one or two of these folks)—the kind of guy in high school that might have spent every hour of the day in a computer lab (that’s what I had done in high school at least). These passionate tech guys and gals are either pursuing their dreams in other related tech careers, already have plush jobs, or are satisfied in some other field.
The cold reality many in cybersecurity are facing today: there are no qualified candidates!
I’m sure at some point you could relate to that statement. Maybe you were on a hiring committee or had taken on the task to fill a position in your company. Maybe for certain positions, you get hundreds of applications. As you sort through them all, you might ask yourself, did any of these people even read our job ad?
In cybersecurity, those bottom barrel people have started to forge their careers in an industry that is supposed to be attracting the top talent and top minds, the most experienced of the experienced computer guys. But for various reasons, it is attracting a lot of green candidates that have no experience and who are not working towards improving their understanding within a field that is dynamically changing almost daily (cyber criminals are NOT slowing down here!).
So far, companies have turned towards hiring individuals without even traditional training or formal experience.
At this point, there are over 300,000 cybersecurity positions in the United States unfilled. While some universities and vocational schools have turned their attention to filling the gap and designing programs that fit cybersecurity’s needs in workers, they are unable to filter enough qualified candidates through their programs to make much of a dent in the demand.
At Healthcurity, we hire passionate techs and help them grow into security experts.
Let me be clear—security experts hail from all sorts of backgrounds. They may in some instances come with a ton of experienced in IT departments and might already have security certifications, like the sought after CISSP (we do have several guys with a CISSP on our team). Many of these folks come seeking to advance their careers and climb to the top of the food pyramid. What I’ve found is that these guys don’t fit our culture as good as the folks that join our team excited about technology and helping people and then realize that they love security and want to develop themselves to help keeping organizations keep their data and networks more secure.
These people are the type that want to collaborate and learn from everyone—they want to look at how users are working and figure out how to make security part of a solution that doesn’t simply put rules in place and enforces harder working conditions (a lot of security teams simply have a mindset of my way or the highway). These security experts are the one that learn about your business and how it runs to give them better perspective on how security tools can help keep people safer (security is part technology, but the biggest part is how we use that technology).
The best security team members are not just thinking about cookie cutter approaches, but use them when it’s cost prohibitive or unreasonable to tailor security to specific needs. BUT they are always on the hunt for making security more approachable and more fluid throughout our team and yours.
Cybersecurity today is a team game. While there might still be lone wolf hackers, the majority are working together to penetrate networks more effectively and cause the most damage possible. These players may be from state enemies (governments) or might be groups of very experienced coders looking to exploit your business. Whatever the structure, criminals are working in teams to get into your network.
Why aren’t many security companies following suit? The problem with a lot of the cybersecurity landscape at this point is people are either too green to really contribute or haven’t developed skills to absorb and collaborate yet, or the teams are internally competitive to the point where individual players try to hog the ball and the credit.
What I’ve learned coaching cybersecurity team members is we grow as a team. Sometimes we have individuals that really score home runs, like recovering all of the files from a server that had been blown away from a cyberattack (including any backups). But we learn and grow together.
