This feature first appeared in the Winter 2017 issue of Certification Magazine. Click here to get your own print or digital copy.
The cybersecurity skills gap is very real. While estimates run the gamut, the global demand for cybersecurity workers is projected to soar to 6 million by 2019. According to projections by cybersecurity solutions provider Symantec, 1.5 million of those jobs will not be filled.
To overcome these staffing shortages, organizations must do a better job connecting with Millennials. Many Baby Boomers, after all, have already retired. While Gen X can help fulfill staffing needs for a certain window in time, it's clear that today's youngest generation of workers represent the long-term solution to the problem.
Cybersecurity is a challenge that this generation will be forced to solve — but to be successful, they will need to solve it together, globally. Millennials enjoy being a part of something that is bigger than themselves, as well as the opportunity to contribute to a meaningful cause. There are very few things that are more meaningful than protecting our way of life from bad actors who are working tirelessly to steal data from our families, our communities, our businesses and our governments.
Cybersecurity has evolved from back-office function to mission-critical mandate. Employers aren't just looking for hands-on practitioners who can maintain firewalls and endpoints, pen test, and mitigate risk. They want well-rounded professionals who can apply their security expertise across the business, contributing to bottom-line financial results. This well-rounded professional will also need certain soft skills in order to succeed, and those skills may be overlooked in prospective candidates.
The modern cybersecurity professional
To be effective in cybersecurity, you'll need to be a lifelong student as much as a teacher. The IT threat landscape changes daily, and today's issues range from advanced persistent threats to phishing, malware, and employee-based vulnerabilities. All of that, however, is changing quickly.
As the playing field moves from traditional hardware and software to IoT devices and the cloud, the nature of cyberattacks against consumers and businesses will also evolve. Employers want proactive cybersecurity experts who are always exploring and finding ways to get ahead of tomorrow's biggest challenges, and who can communicate these concerns to the various levels of an organization.
Many IT executives rank teamwork as one of the top soft skills any cybersecurity professional should possess. Knowing how to navigate projects and difficult conversations with anyone from the CIO to line level employees, end users, vendors, and third parties is an essential trait for cybersecurity workers.
More lines of businesses and stakeholders are getting involved in their organizations' cybersecurity decision-making process, and cybersecurity teams must be able to partner and communicate with each of them effectively. An inclusive, patient, and open-minded attitude can go a long way when managing major security initiatives across teams or global office locations.
An attractive job profile
A career in cybersecurity should hold considerable appeal, particularly with respect to job security and professional growth, as reflected by corporations' dedication to the task at hand. Spending on cybersecurity solutions and services is expected to increase from less than $122.5 billion currently to about $202.4 billion in 2021, according to research from Markets-and-Markets.
That obviously looks impressive. Yet too many Millennials aren't taking advantage of the opportunity at hand. A lack of awareness is contributing greatly, as more than three-out-of-five Millennials said no teacher, guidance counselor, or supervisory adult has ever mentioned the possibility of a cybersecurity career to them, according to research from Raytheon and the National Cyber Security Alliance (NCSA). Only one-out-of-five claim that they've even met a practicing cybersecurity professional, and 58 percent said they've never attended a formal lesson about the topic.
Fortunately, there is interest — nearly three-out-of-10 Millennials said they are more likely than they were a year ago to choose a vocation in which they'd help make the internet safer for users, according to the Raytheon/ NCSA research. They yearn to land in roles which require the critical, core capabilities of cyber defense.
That includes problem solving (cited as a professional interest among 44 percent of young people) and data analysis (36 percent). Additionally, 38 percent of Millennials would like to have exposure to more classes or training to evaluate whether they are a good fit for such a career.
Changing the game
In other words, we can turn the tide here, but only if we effectively reach out to this generation. Here's how to do so:
"Sell" the cybersecurity culture. We simply don't do this enough. Which is too bad, because it's such a wonderfully distinct culture. Millennials grew up on social media, a place where knowledge and ideals are shared with the click of a button.
With cybersecurity, we can demonstrate that many of those norms are already in place — and that Millennials can make a darn good living while settling into them. Even if companies compete within the same industry, it's not as if their cybersecurity teams compete against each other in cutthroat fashion. To the contrary, these team members frequently join online communities in which they share information about threat trends, and collaborate on emerging best practices to thwart attacks.
At (ISC)�, for example, we've established a growing global membership of more than 120,000. This means that anyone joining us gains instant access to our amazing network. Participants can solve problems with any member anywhere, whenever they'd like. That's how the next generation of cybersecurity leaders can find their niche and grow.
Show them that we care. Millennials are quite idealistic and enjoy giving back. Employers need to communicate to their cybersecurity professionals that they play a significant role in making the world a safer place, not just for their company but for society, for kids and older adults.
Many young people are dedicated to their local community and social causes throughout the world. This translates to a recruitment opportunity, as an overwhelming two-thirds of Millennials say they'll avoid working for companies which do not convey a commitment to corporate responsibility — a sentiment shared by only one-half of their Gen X and Boomer counterparts, according to research from Cone Communications.
By showcasing your organization's charitable contributions and community activities, you create a welcoming atmosphere of "shared values." In providing (ISC)2 certifications, we've found that our classrooms are filled with those who want to "better their world" by making IT systems and networks safer. (ISC)2 members improve their world every day with our Safe and Secure Online programs, led by the Center for Cyber Safety and Education.
Loosen up. Sure, we all have businesses to run — but it's not 1950 anymore. People don't work 40 or 50 years for the same employer. So why do we still cling to so many outdated traditions?
To win over Millennials — especially the kind of new professionals who seek to immerse themselves in a cybersecurity culture — we must break from "the old" and embrace the 21st-century-friendly policies that encourage telecommuting, flex schedules, casual office attire, and so forth. These days, it's about getting the job done, as opposed to the time of day you do it. Or where you do it. Or what you're wearing while you do it.
Anyone can select a few values and hang them on a wall. Companies that live and embrace their principles, on the other hand, have a better chance of retaining talent.
Open up. Ultimately, cybersecurity is about trust, isn't it? We invest a tremendous amount of budget and personnel resources to ensure our sensitive proprietary data is protected. Similarly, a trusting mindset and culture must extend to the organization in general, and total transparency is a way to get there.
Managers need to illustrate how day-to-day tasks contribute directly to "big picture" company strategies. They should be open to thoughtful questions about routine functions and universally accepted "givens" about their business and their industry, and stand ready to respond with intelligent, insightful answers.
We are looking for employees who are intrinsically inquisitive and analytical, and seek to drive toward "the truth." If we attempt to hide it, then we'll fail to convince them to join us. Millennials aren't shy about sharing their opinions, and may have some insight into the issues and a fresh perspective that you don't, so don't be afraid to just ask.
Embrace the rising generation
So much has been written and said about Millennials that is flat-out wrong. They are not lazy. They are not entitled. They are willing, even eager to work long, hard hours — including weekends, holidays and vacations — if their organization has empowered them to successfully tackle tough but compelling challenges.
Fueled by the internal fire of meaningful purpose, they'll relentlessly examine and develop groundbreaking technologies and tactics to thwart hackers. But they'll only do so if we show them how much they can accomplish for organizations which reflect their values and interests.