One of the biggest reasons I think the Cybersecurity industry has a shortage of qualified candidates is not because we don’t have enough people but because the job market is confusing. The majority of people entering the cybersecurity workforce are either recent graduates from university or mid-career people looking for a different career. I believe there is such thing as an entry level cybersecurity position so let me explain why and how.
Cybersecurity is a very broad field. To really know cybersecurity and call yourself an expert, you should be very well rounded in a variety of technical and non technical skills. That is precisely the problem. New university graduates or people switching careers will not immediately have these skill in the first year. Trying to learn everything at once will just lead people into frustration thinking they know the basic materials but lack the knowledge to fully implement it into the real world.
In my honest opinion, we need to move away from the broad job titles we use today on job postings. You will see things posted such as “Cybersecurity consultant”, “Cybersecurity engineer”, or “Cybersecurity analyst” to name a few. Each of these postings have different things each employers ask for and it is not very uniform. Most are made up of unicorn candidates (these are candidates with 20+ years experience in technology that has only been around for 10 years. Aka they don’t exist).
We need to shift more towards specializations within Cybersecurity. Instead of looking for a jack-of-all-trades, we need candidates who are highly specialized in one area and create a team around different people specialized in different Cybersecurity areas. That is exactly how most organizations structure their current IT infrastructure. They have people dedicated to just managing Windows Active Directory, people managing Virtual Machines, people managing SQL databases. Cybersecurity is currently trying to fit every possible skill into one candidate hence the reason why we have such a large amount of unfilled roles.
If you are in college, just graduated, switching careers, or already in the Cybersecurity field, take my advice and become highly specialized in one area. This will make you the subject matter expert in any organization. Instead of being a jack-of-all-trades – master of none, become the subject matter expert. I think as the Cybersecurity field matures, we will start to see more of a push towards hiring specialized Cybersecurity skills. Specializing in a specific area will leave you feeling with immense job satisfaction knowing you can be looked upon as a trusted subject matter expert.
Just take a look at a job posting for Cybersecurity, they usually include every possible skill currently available in just one posting for one candidate. Below you will find a live copy of specific skills I think someone can become a subject matter expert and specialize in that area to become a valuable asset in any organization. I say “live copy” because technology is changing so quick and I will do my best to continue to update this article.
Cybersecurity Career Pathways
The typical route most websites and videos online show you is that you must first work your way up from help desk (the “holy grail entry level position”). I myself started in this position working up from help desk but after years of experience and talking with people, I came to the conclusion this is definitely not needed. I know people right now who have been in help desk for over 15 years and they love it and are really good at it.
Put yourself in this scenario: if you are a hiring manager and are looking to fill a Technical Windows 10 Help Desk role, what is the first skill you are looking for in a candidate? If you said someone who knows Windows 10, you are wrong. First, you will look for a person who has great soft skills that allows them to effectively communicate with people. If you fill the role with someone who knows Windows 10 but get frustrated easily with people, that person will not succeed in that position because a help desk role interacts a lot with customers.
The same example above goes for all other positions. When entering cybersecurity, you must first ask yourself in what area of cybersecurity do I want to work in? If you go to college and learn a little bit about everything and then you graduate and try to enter the workforce, where do you start? If you self study at home on any one of those online websites teaching cybersecurity and they teach you a little bit about everything where do you start after you finish the course? Do you feel confident enough to go into a job interview telling them you are job ready for just about any cybersecurity skill they listed on their resume?
Put yourself in a hiring managers shoes now: if you know there is a shortage of candidates and they all know a little bit about everything but there is that one new candidate who also knows a little bit about everything BUT has put more focus and emphasis on building and managing firewalls, who would you hire?
How to Specialize?
Specializing in a certain skill set will set you apart from others. Take a look at an example with Penetration Testing, which as of today it is a fairly sought after position that many people are pursuing. There are many courses online teaching you “How to become a penetration tester” and most of these courses teach you a little bit about everything. Most people will take these courses, take a couple certifications, and apply for jobs. What sets others apart from getting the jobs is someone who is very good at a certain skill in penetration testing. If you are building a pen testing team, do you want everyone on the team to know the same skills at an entry to intermediate level? Or do you want everyone to be very good at a specific skill so when the team comes together they have the best results? For example, someone could be an amazing Windows Active Directory pentester and another could be an amazing AWS pentester. See what I am saying here? A hiring manager will look for specific skill sets when making their ultimate decision. You will set your self apart if you become a master of one instead of a jack-of-all-trades. This will help shorten the cybersecurity gap thus creating a safer place to live.
We are currently working on a very detailed career pathway diagram that will hopefully assist many of you. Please check back again for uploaded diagram. Thank you all for your support.