August 27, 2021 By David Bisson 4 min read

It’s time to look at the industry skills gap differently. More and more digital native young people could potentially be coming into the industry with the right skills, but several elements block their progress. Professionals already in place need to smooth the road for them. That might involve changing some assumptions about hiring, but in the end, it could be the solution to the skills gap problem.

In brief, what is the skills gap? Well, there are more jobs than qualified people to fill them. Open cybersecurity positions increased by 350% between 2013 and 2021. That brought the total number of unfilled security positions up to 3.5 million. Today, there are 2.5 million more vacant cybersecurity jobs than there were in 2014.

Reframing the Cybersecurity Skills Gap

So, there’s no disputing that there are open cybersecurity jobs. And desired skills are in short supply. Many people tend to see the latter as the cause of the former.

But that’s just it. These are ‘desired’ skills for that particular job in that company or agency, and they’re part of the skills gap too. They are not skills that are absolutely necessary for someone to land a position in the security industry more generally. Netskope’s chief information security officer, Lamont Orange, agreed when he wrote for TechCrunch that many hiring managers shortchange themselves by looking for professionals who, at one point, trained on all the technologies used by the organization. Preferences such as these are just not realistic. These types of applicants just don’t exist.

That means the people with the power to hire have an opportunity — if not an imperative — to reframe the cybersecurity skills gap. Given the difficulties they’re having in filling out their workforce, they’re not going to be able to find someone who meets every criterion by their first day on the job. So, they need to think about finding someone who can learn and grow into the role as their needs change. In particular, they need to look to individuals who want to improve their skills and who have something new that others in the organization don’t have.

How to Hire Despite the Skills Gap

Both of the traits discussed in the previous section fit young people. They’re digital natives who have grown up adapting to new technologies, which lets them keep up with the changing industry. What’s more, many young people view cybersecurity favorably. Over half (57%) of under-25s told Kaspersky that they consider hacking to be an “impressive” skill, for instance.

But there’s a problem. Digital criminals are taking up defenders’ time, thus making it difficult for them to train young people. RSA called it a “classic Catch-22” where organizations don’t teach and where young people decide to avoid the field after seeing this. It’s a self-perpetuating cycle that contributes to the skills gap, as well. Fewer young people who are engaged in the field means less creative thinking about solving challenges. This contributes to more time lost to defending against or responding to attacks and not enough time spent on training young people.

In the absence of meaningful guidance, some young people even find themselves on the other side of the law. Just under a quarter (23%) of young participants in Kaspersky’s survey said that they know someone who’s engaged in cyber-related activities that could be illegal. For the sake of their own security, it’s important for organizations to harness young people’s interest in this field and direct it towards making the internet a safer place.

Closing the Skills Gap With the Right Training

Cybersecurity training for young people can take on multiple forms. It can begin with building a cybersecurity foundation in a formal K-12 classroom setting.

That being said, formal classroom training can accomplish only so much. Young people can’t learn how an adversary thinks from reading a textbook. They also can’t learn what a job in the field might actually entail. For that kind of learning, young people need to look for opportunities outside of the classroom.

Apprenticeships and internships are a good choice. After all, they’re the best way to get real-world experience. That’s good for both the students and the industry, and is another way to close the skills gap.

“After doing my [Business and Technology Education Council qualification] in computer studies I got an apprenticeship, learning on the job while studying part-time for my degree,” Maxine Holt, senior research director at Omdia, told Global Security Mag. “I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”

Apprenticeships and internships are generally suited to older students who are deciding whether to get a degree or what specific field to study. What about younger students who might not even know the industry exists?

Team-related activities are good for this. Some, like IBM’s CyberDay4Girls, use 1-3 hour activity kits. This particular kit educates pre-teen and teenage girls about the internet of things, cryptography and other topics. They can also take on a format like Cyber Security Challenge U.K.’s Cyber Centurion where teenagers form teams and compete against each other as they learn about networking, defense and cybersecurity on different operating systems.

A Holistic Approach to Cybersecurity Training

Apprenticeships, internships, awareness initiatives and competitions can all help organizations educate young people about potential opportunities in the cybersecurity sector. None of those training methods are mutually exclusive, either. Organizations can pursue all the above with sponsorships and community outreach programs.

In response to the events of 2020, many organizations accelerated their journey to embrace their own digital transformations. They also opened themselves to new opportunities and new risks. Organizations can use that to close the skill gap and fill their open security positions. They themselves are on a journey, too, with their security needs always changing. They don’t need someone who satisfies only a snapshot of their current security posture. They need someone who is willing to grow with them on their security journey. That’s why training young people could be one of the smartest investments they make for the future of their security.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today