Why is a career in cyber security so difficult to build?

There it is again. Another headline about the cyber security skills shortage. It’s getting worse, says the author. A different article puts the number at 4 Million open jobs with no relief in sight. Training platforms market their programs in an effort address the problem. Conferences host career fairs and villages. We have volunteers doing resume reviews and interview coaching. Yet despite all this effort, studies tell us the problem is growing.

This pattern would suggest that more jobs are being created than there are people to fill them. But if that were the case, who are all the people attending these career building events? Why are there people who’ve been searching for over 12 months to find a security role? If there are 4 Million unfilled jobs, shouldn’t it impossible to locate a job seeker who hasn’t been able to get called back on their applications? Truly these people exist and look at any Mentoring Monday Twitter thread and you’ll see they exist in large numbers.

The Blame Game

When you ask these questions of people around the security community you’ll get some interesting results. Employers point their fingers at academia for not offering relevant instruction. Hiring managers blame candidates for applying to positions they’re not qualified for. Aspiring security professionals often point out that entry-level jobs are hard to come by. Seasoned professionals, like myself, point to the myriad of unrealistic job listings that discourage candidates from even applying.

With all the postulating about who and/or what is to blame, it’s hard to know if there even is really a skill shortage. I previously wrote about my belief that this shortage is overblown if not an aberration all together. Two things are certain here. One, entry-level and experienced candidates searching for jobs often spend months to a year looking for work. Two, many cyber security roles sit open for months to a year or longer.

The real costs of this problem

Businesses pay dearly as a result of this situation. There is a concept in the recruiting world known as Cost-of-Vacancy (COV). Most people understand that actively recruiting for a position costs money. However, what many fail to account for are the other costs of having an open position. These include:

Two women sitting across from a third that they appear to be interviewing.
  • Increased attrition
  • Lower productivity
  • Lost sales or renewals
  • Increased travel and other expenses

Business are not the only ones bearing the costs of the problem. Obviously, the job seekers themselves take on much of the cost. Searching for jobs costs money as well as time. Mental and physical health suffer as a result of staying in a bad situation or just the job search process itself. Even family life can suffer as a result of this increased stress and demand for time.

Finding the solution

OK, so everyone pays a price as a result of this seemingly disconnected situation between hiring organizations and job seekers. Why then don’t we have a solution? It’s time for the industry to do better and be better. Predictably, that begins with building a better understanding of the reality we face. To that end, I recently announced via social media that I teamed up with Manning Publications to write a book. The focus of this book will be building a career in cyber security. Unlike the precious few other books of its type on the market, I don’t intend to focus heavily on training strategies and technical skills. Instead, my work will take a long hard look at the human factor. I’ll address the unseen challenges and provide ways to overcome them.

With that said, my first step is research. I want to find practical answers to the problems I’ve detailed above. This is where you can help me help others. I’ve created two data gathering surveys. The first targets experienced security professionals. I want to gather insight into the journeys others have taken in their careers. The second is for aspiring professionals. In other words, those who never worked in cyber security but want to. I want to understand the problems from their perspectives. I want to learn about their experiences and the skills they bring to the table. Both surveys are quite short, only 3-5 minutes to complete, and both are completely anonymous. I’ve included the links below and would appreciate if you could spread the word. Additionally, of course, if you fit either description above, I’d love if you could complete the appropriate survey.

Improving our situation

Thank you in advance for your assistance with this. I truly believe there is much to be gained from this work. I’m teaming up with others in the industry to understand their research as well. My goal is to finally bridge the real gap that I see here. The gap between expectations of job seekers and hiring organizations. That is how I think we’ll improve our community and the digital world as a whole.

Experienced Professionals Survey: https://s.surveyplanet.com/LupYIHiV

Aspiring Security Professionals Survey: https://s.surveyplanet.com/lmI4b4fB