Here’s how we can empower the next generation of cyber defenders

Share This Post



COMMENTARY: Media coverage and vendor perspectives share a common thread when discussing today’s state of cybersecurity careers. Industry reports highlight thousands of unfilled positions, yet newcomers to the field suggest that entry-level positions aren’t truly designed as entry level.

This raises a critical question: Are we facing a talent gap or a skills gap?

According to the World Economic Forum, globally there are nearly 4 million unfilled cybersecurity roles open. Their study suggests that 71% of companies have unfilled positions, but more interestingly, 52% of public organizations say that a lack of resources and skills remains their biggest challenge when designing for cyber resilience.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Software vendors often use this as a talking point, claiming their technology can bridge this gap or even replace human workers entirely. However, as someone who has hired analysts from diverse backgrounds and specializations, I find this oversimplified: the reality is far more nuanced.

Understanding the real gap

There’s a talent gap, but it’s not for a lack of bodies. I would argue it’s because there’s really no such thing as an entry-level cybersecurity job. We work in a field that demands a high level of dedication, expertise, and continuous learning. The best cybersecurity people start as network engineers or systems administrators, or even on the help desk. Cybersecurity operates as a 24/7 responsibility, crucial to safeguarding everything from personal data to national security. This means it requires people who view their work as a calling as opposed to just a job, or a chance to earn a six-figure paycheck.

Said more plainly: certifications like Network+ and Security+ are beneficial, and boot camps can prepare people to an extent. However, these programs don’t ensure newcomers are technically adaptable enough to succeed once they are hired.

Organizations require an extensive tech background because understanding and operating technology is essential to securing it. Combine this with potential challenges from missteps in the security operations center (SOC) or not being able to understand what new vulnerabilities apply to a business, and that’s a risk most businesses can’t accept.

Cybersecurity is a calling

Cybersecurity programs can mean life or death, especially in situations like hospitals impacted by ransomware, cyber espionage, or impacts to critical infrastructure. These incidents and breaches can really impact people’s lives, and it requires a workforce interested in and dedicated to this work because it’s a drive inside them.

It’s a calling from their spirit to do this work, an effort that goes beyond passion, and managers should identify if a candidate has such passion during the hiring process.

Hiring managers in cybersecurity need to find mission-driven candidates: those who want to save the world. People who enter this field must expect hard work and embrace it as part of their professional calling. The threat landscape constantly changes, and so must the skills of its workforce. This doesn’t mean there aren’t people who can’t balance work and life, they can – and do.

Invest in skill development

So, if we don’t necessarily have a talent gap, but our empty roles are because the skills are not readily available to fill them, how do we solve this challenge? Private organizations and certification bodies are contributing, but employers must offer more support for upskilling.

Most importantly, we’re not effectively developing the next generation of cybersecurity talent. Putting junior analysts in front of endless security alerts in a SOC doesn’t foster creativity or build well-rounded security professionals. To build an ecosystem of excellent security professionals, we need to treat newcomers like they have the potential to become the best.

The solution isn’t simply hiring more people— it’s about rethinking how we develop talent and being more open-minded about transferable skills from other fields. Organizations need to focus on proactive talent development rather than just reactive hiring. By doing so, they contribute to their success, and also to the advancement of cybersecurity as a whole.

Practitioners also must play a role. We need to think of continuous learning as not just advisable, but a professional obligation. Individuals need to become experts in niche areas that excite them.

Finally, we should invest time in elevating our skills and capabilities with artificial intelligence (AI). AII represents a new interface, adding layers of efficiency and insight that traditional methods can’t match. AI can analyze communication data to detect emotional nuances or identify potential credentials within a data set—tasks that are nearly impossible with older technology.

Rather than letting overly simplified talking points shape the why behind unfilled cybersecurity roles, we can use Generative AI to hone our craft and fill them ourselves.

For those interested in further exploring this subject more, check out the Microsoft Threat Intelligence Podcast, where guests share their thoughts on the latest cybersecurity trends and research.

Sherrod DeGrippo, director of threat intelligence strategy, Microsoft

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Do You Want To Boost Your Business?

drop us a line and keep in touch