Thank you for Subscribing to CIO Applications Weekly Brief
How to Build a Skilled Workforce for Strong, Sustainable and Balanced Growth
Eric VanDine, Director, Cyber Security Operations, The Walt Disney Company
Based only on stats, one may assume cybersecurity an undesirable or unattainable career path. Yet, pay for the industry is far higher than the average American salary and the vast majority of entry level skills can be developed by self-study with an average computer and internet access. Quality of life is relatively high and cybersecurity jobs exist in every state with a growing percentage of remote roles available to anyone with an internet connection.This begs the question: how can a talent shortage exist? One would think folks from all walks of life would be trying to break into this industry.
Cybersecurity has been an established practice for a few decades at best. Our industry is largely practiced in secret and the implementation of cybersecurity services is highly customized and specific to each company and industry. This isolated community of practice stunts the maturity of the industry. Cybersecurity programs are reliant on individual contributors capable of thinking creatively, working independently, and producing results with minimal on the job support. In this kind of environment, taking advantage of entry level candidates is nearly impossible. Entry level candidates require significant structure and support; in other words, clearly documented process, mentorship, on-the-job training, and coaching. Small to medium sized businesses are typically incapable of funding this amount of organizational rigor. The onus falls on Fortune 1000 organizations, cybersecurity vendors, and service providers to facilitate a pipeline for entry level talent.
The solution to the talent shortage is equally simple and intricate: organizations with large cybersecurity teams must build their services with support for entry level hires in mind
The solution to the talent shortage is equally simple and intricate: organizations with large cybersecurity teams must build their services with support for entry level hires in mind. Large organizations have the luxury of leveraging money and brand reputation to compete for talent. However, those of us in these positions must hold ourselves to a higher standard. Take the time to document robust processes, standards, and guidelines. Build cybersecurity teams and services with entry-level hiring in mind, carving out full-time roles that are simple and approachable for an intern, college grad, or talented, self-taught eighteen-year-old straight out of highschool. I would go so far as to say cybersecurity executives hold an obligation to this industry to do so. Before launching your next big initiative or tool deployment, consider the number of entry level employees you’ve hired in the last few years. If that number is low or non-existent, take a moment to evaluate how you can re-organize your service to allow someone to break into the industry. This not only benefits your employees and organization, but helps the maturity of our entire industry.