By Miguel Angulo, Security Engineer & Evangelist, Office of the CTO, Check Point Software.
The cyber security landscape does not look promising. Attacks have increased with the Russia-Ukraine war. The pandemic forced people to work from home, a place where security controls are weak. Remote workers are using their home computers to access corporate data in the cloud or in the data center, placing corporate assets at risk. Cyber security professionals are beating their heads against the wall, as organizations are short-staffed, and unable to stop cyber attacks.
Worldwide, there are at least 4 million professionals in the cyber security field. In the US alone, there are more than 1 million professionals already in the field. But, in the last 12 months, cyber security job openings have increased 29%. Today, there are 600,000 jobs available in the US. When I share these facts, people ask me this question: “How can we be short 600,000 cyber professionals and I still can’t get a job?”
High demand for cyber security professionals makes it difficult to meet salary requirements. Small business are exposed to the same threats as enterprise companies, and yet can’t offer high enough pay to attract high-skilled cyber security workers. Because of the high demand, cyber security professionals have room to negotiate salary requirements and can jump from one company to another relatively easily.
Minorities’ under representation in cyber security
Minorities are underrepresented in the workforce. In cyber security, the minority representation is about 26% of the US cyber security workforce. Only 9% of the cyber security workers identify themselves as African American or Black, 4% as Hispanic, and 8% as Asian. In addition, women make up 51% of the population, but only comprise 24% of the cyber security workforce.
Lack of cyber security qualifications
It seems to be tough for employers to find people with the right skill set. Poor job descriptions, resume matching, unreliable salary data and HR hiring practices are factors that prevent people from joining the cyber security workforce.
Job postings are not aligned with the actual task the job requires. When searching for job postings in cyber security, I noticed the job descriptions can be challenging to understand. Drilling down further, the job requirements are sometimes nonsense. For entry-level positions, the list of requirements include certifications that take years to master, like CISSP or CCSP, and of course, experience.
As a result, people get discouraged and walk away. An entry-level job is meant to help build experience and earn industry certifications.
Cost of training and certifications
When it comes to training and certifications, the cost is high and the learning curve may be flat, especially for people with no experience. When someone shows interest in getting into cyber security, the common questions I am asked are, “What coursework, training or certifications do I need to pursue?” and “how long will they take me to learn/obtain?” My answer is “it depends.”
Cyber security has several fields of study and not all of the jobs are technical. The career path you choose in cyber security will determine the training you need to take, how long it will take, and how much you have to pay.
Cyber security programs in K12 & higher education
Today, there are at least 4 million professionals in the cyber security field worldwide, and yet they are not enough to protect organizations from cyber attacks. The cyber security job market must grow by 65% to protect the critical assets of the companies, according to the latest (ISC)² Cybersecurity Workforce Study.
In efforts to increase the talent pool, the public and private sector are turning to K-12 and higher education institutions to bring cyber security curricula to their classrooms. This is where Check Point’s SecureAcademy comes in.
I would like to share a bit about two of the most recent SecureAcademy partnerships. On March 28, The University of South Carolina announced a new partnership with Check Point Software Technologies to strengthen the cyber security workforce in South Carolina. On May 31, Dundee & Angus College in Scotland teamed up with Check Point Software Technologies to deliver state-of-the-art training.
SecureAcademy provides worldwide cyber security education through partnerships with higher learning institutions. Thousands of undergraduate students are benefiting from SecureAcademy as they learn cyber security with our Infinity technology, using up-to-date tools, hardware and software to get a hands-on experience and to build the skill-set they need to join the workforce in cyber security.
Building tomorrow’s cyber security professional today
In March of this year, British police arrested seven members of the Lapsus$ hacking group, which is responsible for cyber attacks on major companies that spend millions of dollars on cyber security.
When I heard the news, I could not believe it! The ages of the 7 members were between 16 and 21. According to the BBC, the mastermind was a 16 year-old teenager who accumulated about $14 million in Bitcoin from hacking.
If we give our time to coach soccer, basketball, baseball or any other sport, why can’t we give our time to teach teenagers in our communities about cyber security or engage with colleges and universities to share our experiences, either from the technical side or the business side of things?
We must give back to the community today to build the cyber security professional of tomorrow. We need more mentors to work with teenagers and young adults, especially those from low-income families, as they cannot afford the cost of education in order to become a cyber security professional. If we are not there to guide them towards the right path, someone else might lead them down the wrong path.
Under representation of minorities in cyber security, misleading job postings and requirements by recruiters, proper implementation of cyber security curricula in K-12 and higher education, and the lack of mentoring by existing professionals makes it difficult for someone to qualify for a cyber security role. Leaving cyber security roles vacant not only places organizations at-risk, but also nations and their citizens.
Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.