“There are over 5 million jobs open in this country. The reason they are not filled is skills.” — Ginni Rometty, IBM CEO, speaking to Fox Business about new collar jobs.

Organizations are suffering from an inability to fill vacant technology and cybersecurity positions. A four-year wait for students to complete their curricula is an eternity for the technology sector given the rapid pace of innovation and change in the field. And since most organizations today cannot run without technology and an appropriate level of cybersecurity, this skills gap really extends to entire countries. A March 2017 report by Frost and Sullivan predicted that the number of global unfilled positions will reach 1.8 million by 2022.

Closing this gap in qualified workers requires innovative thinking, and security leaders must reach out to new pools of talent. In this new era of cybersecurity talent acquisition, potential recruits don’t need to have advanced degrees. This is neither a blue-collar nor a white-collar job; today, according to Rometty, “we have a new collar.”

What Are New Collar Jobs?

According to the recent report by the IBM Institute for Business Value (IBV), “It’s Not Where You Start — It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” new collar is a term that refers to “professionals who may not have a traditional college degree but do have the needed technical skills and aptitudes.” The report stated that “a new collar approach focuses on skills — not degrees earned — as a prerequisite to find and attract nontraditional candidates with diverse backgrounds and skill sets. Once hired, these new employees are expected to strive for continuous learning and professional growth.”

Monster offered five examples of new collar jobs that people can go after without a four-year degree. Here are three relevant to cybersecurity:

  • Cloud administrator — someone who develops, deploys and maintains cloud-based services. Many such folks are self-taught or have completed relevant certifications, and are proficient in scripting languages such as Perl, Ruby and Python.
  • Service delivery analyst — someone who relies on software to review how services are provided to end users and seeks to improve those processes.
  • Cybersecurity architect — someone who can design, implement and test the security of an organization’s networks and computers, including running vulnerability assessment software.

Read the complete report: Addressing the Skills Gap with a New Collar Approach

IBM Takes the Lead

Rometty is not only credited with having coined the term new collar, but she is also leading the charge and taking bold steps to challenge the way governments, academia and various industries approach talent acquisition.

In her November 2016 open letter to the then President-elect, Rometty wrote, “What matters most is relevant skills, sometimes obtained through vocational training.” She went on to share IBM’s success in championing a new educational model for the U.S. by creating “six-year public high schools that combine traditional education with the best of community colleges, mentoring and real-world job experience.” IBM supported the opening of the first such school in New York five years ago and hired some of the first graduates, Rometty explained, adding that there would soon be 100 of these schools across the country.

With the letter, Rometty challenged the government to create “a national corps of skilled workers” to address the thousands of IT jobs that would otherwise go unfilled.

Closing the Skills Gap

The IBV report outlined three ways to address a talent shortage:

  1. Change the way work is done (e.g., automation, outsourcing).
  2. Change the environment (e.g., change culture, benefits or compensation to attract more talent).
  3. Change who the organization pursues.

The final option means reviewing input filters, casting a wider net and seeking to recognize talent in the early stages. According to the report: “There is a growing realization that new roles focused on emerging technologies require specific skills and knowledge to perform, but do not necessarily require a university degree. The approach also involves restructuring work around specific skill sets to create new roles.”

Organizations should look at how they assess and develop core attributes and skills. IBV defined core attributes as “a general disposition beneficial to security professionals — a set of common personality traits and learned behaviors.” Skills can include both technical and workplace-related abilities. The figure below shows how core attributes and skills can be mapped along different characteristics.

The IBV report highlighted a whole suite of steps that organizations can take to solve the talent shortage. The steps include the following:

  1. Re-examine your workforce strategy. Look at redefining or re-aligning various roles to ensure that they represent different levels of skill mastery, including an entry-level category that might not require a four-year degree. The report presented several examples of roles for each main cybersecurity category: builders, operators and communicators.
  2. Improve your engagement and outreach. Expand your recruiting grounds and interact with instructors, classes and, ultimately, students.
  3. Build a local cybersecurity ecosystem. Foster innovation and collaboration by engaging with regional workforce organizations and academic institutions, including secondary schools. The report also mentioned the benefits of providing externships for instructors to stay current in the field and ensure that students get fresh and relevant information.
  4. Provide a robust support program for new hires. After all, their success will be your success.

The figure below highlights various activities that organizations should consider to close the skills gap.

The talent shortage is likely to continue, but adopting a new collar approach can definitely ease the pressure that chief information security officers (CISOs) and organizations are facing today.

Read the full report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…