Originally posted on August 5, 2020 @ 1:56 pm
At RSA this year there was a big focus on diversity in the workforce. There were many sessions about how to increase women and minorities in the workforce. I attended most with hopes of gaining insights on not only how to hire these demographics but ALL demographics. In my last session of the week, one of the panelists said what I’ve been thinking all week. “ I’m lucky to get 2 resumes’ to choose from, diversity never enters my mind. I’m focused on what’s between the eyes and back of the head!” I paraphrased a little but that’s the gist.
Depending on which website you read (and when) the shortage of Cyber professionals is somewhere between 500K and 3.5Million. That means that Cyber security is one of the few professions today with 0% unemployment. According to investopia.com “In 2016, there were 1 million job openings, with two openings for every available job candidate. The rapid job growth is expected to reach 1.5 million positions by 2019.” From other research I expect we will exceed that 1.5 million and by 2021 be closer to 3.5 million.
As of 2017 there were 780,000 cyber professionals in the U.S. with about 350,000 openings. The sessions I was in this week talked about increasing the female workforce from 10% to 20% or more. So that means the speakers were advocating moving from 78,000 women in the workforce to 156,000 still leaving nearly 200K in unfilled positions (there are a lot or assumptions in these numbers, I know.) That still doesn’t close the gap in positions to talent. We need to be looking at other areas and at building the “pipeline” of candidates.
In my mind, one of our biggest challenges is that our career field is 100% in the abstract. If your child wants to be a Doctor, she knows she’ll be working with people, things she can touch. Or if they’re goal is to be a lawyer, they know they’re helping people. But lets face it, cyber security professionals, no matter what the specialty, work in the abstract. We don’t build anything, we don’t create software or apps (that’s left to the developers), we don’t arrest people (that’s the FBI and other Law Enforcement Officers), in my daughter’s mind all we do is sit in meetings and stare at screens all day long! Maybe we make a few phone calls. How do you attract the upcoming generation to such a boring career? We’re not Kate Libby (Angelina Jolie) and Dade Murphy (Johnny Lee Miller) in Hackers, or Neo (Keanu Reeves) and Trinity (Carrie-Anne Moss) in the Matrix. Heck we’re not even Elliot Alderson (Rami Malek) or Darlene Alderson (Carly Chaikin) in Mr. Robot. BTW that’s one of the most realistic ‘hacker’ programs coming from Hollywood I’ve seen).
So, how do we attract new talent to such an abstract and boring profession? Part of it is the money. A friend from a long time ago told me that the only requirement she would place on her daughter going to school is that whatever the daughter majored in, she could make a living on. With Cyber Security, regardless of the discipline, the rising professionals can make a living, with 0% unemployment they can make a good living! The other part is education, people think that only the smartest people on the planet can do cyber security “stuff”. Yes, you have to be smart, but we all started at the bottom and worked our way up building our knowledge. No one is born as a cyber guru we all need to be taught and mentored.
Where was I going with this? Well if you’re reading this, chances are you’re a cyber security professional. I encourage everyone who sees this to get involved at the level closest to the children that your comfortable with. What does that mean? If you’ve got children, get involved. The GirlScouts have a cyber badge now, your school likely has a CyberPatriot Program (if they don’t, start one), take your kids/grandkids to work, show them what you do.
If you’re a manager of people within your organization, get to know your staff. See what they’re interested in. If they’ve got the drive and desire to move up and into the cyber security profession, encourage it. One of the many success stories I’ve seen is someone who’ve moved from Administrative Assistant to Information Security Engineer. She came back to the workforce after having children and knew she wanted to do more than manage someone’s calendar. She came back into an entry level position and got the training and certifications to move up in the organization. She took advantage of the training and education benefits of the company and is a highly successful Information Security Engineer.
The workforce problem isn’t just a one dimensional problem, as cyber professionals, take the lead and start working with youth to “build” the pipeline. If your kids are grown, work with the local HS, College, Civil Air Patrol, JROTC, Girl Scouts, Boy Scouts etc. Your example can help built the next generation of cyber professionals.