It’s no secret that we’re facing a huge shortage of cybersecurity talent, today and in the future. We are in increasingly desperate need of new blood to fight this increasingly complicated battle. The problem is, there is an intense amount of gatekeeping today that a young person must overcome to enter this field.
From ridiculous entry-level job requirements, to a whole collection of ‘old guard’ members scared of being outdone, to what I’d like to address in this article: college degrees. According to Bankrate, the average public-college 4-year degree will set you back $10,490 if you’re an in-state student:
For the 2022-23 academic year, the average cost of tuition and fees for public four-year schools came out to $10,940 for in-state students and $28,240 for out-of-state students
That’s also based on the assumption that your local public college will have a useful cybersecurity program that trains on real world skill instead of wasting your time with academic pre-requisites that you’ll likely never apply. That’s also a statistical average. In reality, good cybersecurity programs seem to cost a lot more.
There’s a Better Way!
I, for one, really don’t think college is a necessary life experience for entering our field (or most any field for that matter). With some exceptions, most college programs will force you to retake advanced algebra classes or fill needless credit requirements that have nothing to do with your chosen field. Shelling out thirty grand to come out with little to no actual experience or a real world understanding of your field seems like a massive rip-off.
I think we can do better; I think we must do better. If we want to attract new talent into our field, we have to make it accessible. We have to make the education enticing, exciting, and also realistic. To achieve this, I propose that we look at the trade school model. If you want to be an electrician, you go to a trade school. You often graduate straight into a paid apprenticeship and begin growing your career from there. Why can’t we replicate that in IT and cybersecurity?
Actual Education
Imagine if we replaced lecture halls and useless elective courses with hands on training, real-world internships, and programs to graduate students straight into real paying jobs? Imagine if we could pull that off at a fraction of the cost? Even if your training sets you back ten grand, the power of building real world experience puts you in a position to actually pay that off. Imagine being able to graduate straight high school straight into a training program that will actually set you up for a career. A vocational training program that actually engages young minds, puts them in internships where they actually experience the work, and jumpstarts their career would go a hell of a lot further than the collegiate system.
Tangential side note: The threat-actors that are kicking your ass right now probably don’t hold a “BS of pwning the national healthcare system.”
Growth While Working
A “trade school” style education system wouldn’t work without the participation of employers that need this talent. It would require a fundamental change in the way we hire this talent. In all my time as a people leader, I’ve not once dug into a candidate’s college background. A degree or lack thereof wouldn’t be a factor even when I’m looking at two extremely similar candidates (work ethic, commitment, personality, and real experience are my typical tiebreakers).
If we can partner with effective vocational programs and bring in junior talent eager to go, we leaders can be the driving force behind that growth. We can build career paths that give people options for pursuing a fulfilling career of their choice. Whether you want to grow into the boardroom (like a CISO) or stay tactical, you can do it with real world experience and the guidance and support of good mentors and leaders.
Employer Contribution
Your people don’t give a shit about your office pizza party. Invest that money in developing your team and embracing junior talent. Challenge the norm, consider high-school and vocational school interns. Consider contributing into a system of education that will actually provide you with experienced junior professionals. Don’t expect your entry-level hires to have years of experience and accept a salary that’s less than half of their bachelor’s degree tuition. Develop real, tangible programs that will line your people up for growth, whether or not that growth keeps them on your payroll. Every employer (private and public sector) needs to contribute to the growth of cyber talent, unless we’re just going to roll over and die.
This one is a little ranty but, as someone who didn’t choose college, I feel pretty strongly about this one. I’ve met some of the young people interested in this field, and they aren’t like us. They’re more agile than us. They will outpace us and that type of talent is so desperately needed. At the same time, they aren’t going to accept that they need to spend tens of thousands of dollars and waste 4-8 years of their life in the classroom. They’ll just go to a more accepting field, or work for a company that does embrace them (and you’ll lose out on the next wave of talent altogether). Programs like Kyla Guru’s Bits N’ Bytes are proving that there are huge amounts of young people interested in our field. Practical, approachable, and affordable training programs will foster that interest to create the next generation of capable cyber defenders.