There isn’t just a cybersecurity workforce shortage – there’s also a serious shortage of under 40 and millennial employees in the field. Our recent article, Huge Opportunities Ahead for Cyber Security Careers, discussed the results of the 2017 Global Information Security Workforce Study, which found that the industry will have an estimated 1.8 million unfilled jobs by the year 2022. New details from the report creators indicate that there’s also a huge generational gap in the sector.
Wesley Simpson is the COO of ISC(2), which is one of the companies that performed the study. In a recent TechRepublic article, he reports that only 20% of the current cybersecurity workforce is under age 35 – and only 7% are under 29.
The average age for an information security specialist today is 42, which means there’s a big group that will be retiring from the industry in the next decade. Simpson explained that millennials aren’t entering the field, despite it seeming like a prime option for this group’s skill set and interests.
This information comes as a surprise to many who assume that today’s 20 and 30 somethings are perfect candidates for cybersecurity positions. These are the people that grew up in the age of hacking, when personal computers became ubiquitous in every home and classroom.
Movies like War Games, Hackers, and The Matrix defined the vigilante justice of computer hacking, inspiring many towards strong feelings for or against the practice. So why wouldn’t these same individuals want to get into the field now?
It’s even more confusing when you consider just how promising of an industry this is. Simpson notes:
“This is a field in great demand, with 2% unemployment globally, and an average salary of about $100,000.”
He considers the cybersecurity workforce problem to be multifaceted, with a lack of education being the main hindrance. People don’t always realize how lucrative the field can be, or how many jobs are currently available. There’s also confusion as to what qualifications are needed to succeed.
The natural assumption is that a Computer Science degree, military security clearance, and years of experience are required to secure a good cybersecurity workforce position. These are all incredible valuable assets for candidates to have, but they’re not all absolute necessities. Analyst Jeff Pollard explains:
“You don’t need a bachelor’s degree in a specific field to be great at security; in fact, you don’t necessarily need one at all. Recognize that cybersecurity is a skill, and teach people the profession of enterprise security. That means treating it like an apprenticeship or training program.”
Even among the millennials who are employed in this sector, there’s a lack of diversity. Women and minorities make up a small fraction of the workforce, which is a missed opportunity for employers. Information security works best when different viewpoints and strategies are incorporated. There’s no one type of hacker – despite all the images we see of men in hoodies, hunkered down over a computer in a dark room.
Black hat hackers (aka “the bad guys”) are men and women of all ages and ethnicities, from across the entire world. By employing mainly middle-aged white men, the industry is missing a chance to benefit from the unique knowledge and perspective that is needed to deal with the hacker population.
How can this problem be solved? Simpson and Pollard suggest hiring more women, minorities, millennials, and veterans. They also encourage employers to make their job listings more clear, and to broaden their requirements so more people are eligible.
If you’re looking to break into this field, CIAT can help you to gain the education, hands-on experience, and certifications that will make you stand out from the competition. These include CompTIA Security+ and CASP, Certified Ethical Hacker (CEH) and Certified Information Systems Security Specialist (CISSP).