Millennials and post-millennials play a key role in solving the cybersecurity skills shortage now and in the future, according to a recent survey.

While the survey participants revealed a deep understanding of technology and computing, they also showed a lack of awareness around key cybersecurity issues. The authors of the report noted that those knowledge gaps can serve as opportunities for the security industry to recruit members of this tech-savvy generation for cybersecurity careers.

A Life Molded by Technology

The survey found that millennials and post-millennials could thrive in cybersecurity because they grew up with smartphones, digital tablets and other modern technologies. Twenty-seven percent of respondents classified themselves as technology innovators while 41 percent identified as early adopters of technology.

These viewpoints shaped many of the survey participants’ future plans. For example, 23 percent of high school-age individuals said they were interested in pursuing computer science and technology in college, while 18 percent plan to study science and math and 15 percent aspire to major in engineering.

Many respondents also expressed an interest in pursuing technology-related careers. One-third reported intentions to go into video game development, 21 percent said they are interested in software development and 15 percent would like to enter the engineering field.

Millennials Lack Awareness About Cybersecurity Careers

For the study, cloud security provider ProtectWise commissioned Enterprise Strategy Group (ESG) to survey 524 millennials and post-millennials in the U.S. Their responses suggested a general lack of awareness among those age groups about IT security as a career path.

When asked whether they’d consider a career in cybersecurity, just 9 percent responded affirmatively, and 37 percent of participants said they were not interested in the security field because they did not know enough about it. Others cited a lack of technical aptitude (28 percent), requisite education (21 percent) and professional certifications (15 percent).

The report asserted that a lack of exposure was most likely to blame for this unfamiliarity with cybersecurity. Sixty-nine percent of survey participants said they’d never taken a class in cybersecurity, and 65 percent admitted that their schools never offered such a course. In addition, only 17 percent of millennials and post-millennials reported ever having met a cybersecurity professional.

Addressing the Cybersecurity Skills Shortage

James Condon, director of threat research and analysis at ProtectWise, said that millennials, particularly women, could be the key to solving the talent shortage if they knew more about security.

“The … concerns expressed by millennials and post-millennials would seemingly be addressed by providing earlier exposure to information security learning opportunities,” Condon wrote. He also pointed out that the “vast majority” of respondents did not reject the prospect of pursuing a cybersecurity career outright.

To help close the skills gap, Condon advised cybersecurity organizations to build partnerships with schools to create early learning opportunities for students, such as after-school security programs.

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…