The most positive finding of the recently released (ISC)2 2020 Cybersecurity Perception Study is that the stereotype of loners working in dark spaces is disappearing. However, a new one is replacing it and although it’s a more positive crimefighter image, it remains problematic because people view the cybersecurity field as being beyond their reach.
Check out this blog post for an overview of the findings:
There are a lot of misconceptions in the public about the requirements to join the field, namely that one needs to obtain more education and superior technical skills just to get their foot in the door. While that is true for some more technical positions, it’s not the full picture, since cybersecurity also requires risk awareness, investigative and communications skills, among many others.
Some of the questions that came up in the open-ended part of the Perception Study indicate just how little the general public knows about the profession. Perhaps more than any other comment from respondents, this one says it all: “How do you even go about getting a job in this field? Who hires you?”
It suggests the industry could do a much better job of explaining what it does to draw interest in the field. Other revealing questions from respondents included:
What is the best temperament for this profession?
What is the workweek like?
What are the upfront costs to into the field?
Where to Start?
It’s clear that respondents are curious about the profession, but as the study reveals, not enough to want to join. It’s important to point out that the study intentionally filtered out people who have never worked in the field because the goal was to learn what keeps people from pursuing such a great profession.
It’s likely that most people don’t even consider working in cybersecurity largely because they do not view themselves as having the required skills. Asked where they would begin if they planned to join the field, respondents said:
Go back to school
Earn a certification
Inquire with the IT or cybersecurity team at my employer
Teach myself (i.e., online courses)
Food for Thought
In order to draw more talent to the field, the Perception Study makes three recommendations that can help overcome cybersecurity stereotypes:
Focus on non-technical aspects. In job descriptions, stress attributes such as communication skills, problem-solving and creativity to widen the candidate pool. Emphasize that creative approaches to problems and an ability to handle ambiguities can be just as vital as technical knowhow.
Focus recruitment efforts. Aim recruiting efforts at jobseekers with complementary experience in areas such as communications, law enforcement, data flow, process development and regulatory compliance. These experiences develop and require skills that are transferrable to cybersecurity, and help create a more balanced, diverse cybersecurity team.
Address education. Co-develop cybersecurity programs with school districts and higher learning institutions to spur interest in the field. The earlier, you can get their attention, the more likely they are to consider a cybersecurity career – and help close the cybersecurity skills gap.
Are there other recommendations you would make to encourage more people to at least investigate cybersecurity as a potential career path?