We have all waxed poetic about the doomsday scenario we will be greeted with if we don’t get the cyberskills shortage under control. The widening gap is expected to lead to a 3.5 million shortage of professionals.
But what can we do about it? That’s the question everyone is asking. We got to the source and asked our security team at SailPoint how we can encourage today’s workforce to help fill the gap and nurture the next generation of cybersecurity professionals. Here’s what they shared.
Curiosity Created the Cybersecurity Professional
The resounding consensus among our security team is that curiosity is a requirement for anyone in security. Rusty Lindgren, a security analyst at SailPoint, said he started hacking at a young age thanks in part to his mom encouraging his curiosity. “My mom wouldn’t buy me one new thing, but two used things so I could tear one apart.” That curiosity eventually evolved into things like learning programming and doing cybersecurity puzzles at events like DefCon.
The solution offered up here could be one of the most effective long-term solutions. In fact, the number of programs putting kids in situations where they can start hacking at an early age is almost its own security renaissance. In the past year, we’ve seen Girl Scouts add cybersecurity badges for their 1.8 million members, the UK launch a £20m program for students aged between 14 and 18 and a host of other localized initiatives to help kids see cyber as a path for themselves. At the very least, these efforts are ones that encourage a culture of cybersecurity, even if not every kid grows up to be an ethical hacker.
The Road Less Travelled
When it comes to getting into a career in security, there seem to be many paths without a one-size-fits-all track. SailPoint security analyst Michael Adkins originally got his degree in economics but then returned to school and got a testing certification. After getting a job as a test engineer at SailPoint, he started looking for bugs, leading him to his job on our security team today. Michael has since passed down his knowledge to another SailPoint security analyst, Javier Flores, who also started out as a test engineer. “Mike kind of took me under his wing, introduced me to hacking tools and started inviting me to conferences,” Javier said.
This approach is becoming more common in organizations, as tech companies look at taking a “new collar” approach to hiring and training new security talent – some are even looking into the gaming community for their next security hire. The important thing to note is that there is a golden opportunity for anyone to get into the field right now, regardless of your educational background.
Don’t be Afraid to Break Stuff
Failure is the companion to curiosity in cybersecurity. Noel Garcia, Sr. Security Engineer at SailPoint, started out in college not even knowing how to type and said he failed his first programming test. He got the hang of it though, and went on to a successful cyber career in the military and then in the Texas state government. The lesson he shared was this: being a willing learner who isn’t afraid to fail (and break stuff) is key to a successful career in cybersecurity.
Closing the skills gap will be a hard-fought battle as the threat landscape scales alongside it. But if you learn anything from those working in the trenches today, it’s this: with just a little curiosity, a touch of failure and a willingness to learn, you can be well on your way to a career in cybersecurity.