The cybersecurity sector has been battling a workforce shortage for years with cybersecurity training and certifications provider (ISC)2 estimating that the global skills gap currently sits at 3.4 million. There are over 600,000 current cyber-related job openings in the US alone, and the supply-to-demand ratio stands at 69%, the lowest it has been since 2010, according to Cyberseek.
Security leaders in organizations large and small often cite hiring and keeping security personnel as one of their biggest challenges, typically exacerbated by outdated, non-productive recruitment strategies. These have all too often put too much emphasis on years of experience or high-level, costly, and difficult-to-achieve security qualifications to demonstrate competency, even for cybersecurity roles deemed entry- or junior-level.
Businesses and the cybersecurity sector generally need to get better at attracting, supporting, and hiring new entry-level talent to stand any realistic chance of making a significant dent in the cybersecurity workforce shortage. After all, sometimes the best way to cultivate valued professionals is by developing them firsthand, building on foundations of basic skills to mold more experienced, loyal talent that grows in alignment with a company’s culture, values, and security posture.
Entry-level security talent offers fresh perspectives, increased diversity
“Clearly new cybersecurity talent produced by traditional university programs is not keeping up with resignation rates and rising need,” says Dave Stapleton, CISO at CyberGRX. He admits that recruiting and training entry-level cybersecurity employees can be daunting, as these individuals are unproven in the cyber industry, so there is some risk to investing in their onboarding and education. However, the potential rewards outweigh the risks, as intrinsically motivated employees with a passion for learning and a desire for professional growth will achieve success, particularly if given the right level of mentorship and focus, he says.
“Entry-level cyber professionals come with little preconception about what security should look and feel like. They also bring fresh perspectives and are more likely to question long-held ‘truths’ that those who’ve been in the field for decades probably haven’t challenged in quite some time.” What’s more, recruiting entry-level talent is also a way to increase the diversity of cybersecurity teams, a challenge the industry has done far too little to address over the years, Stapleton says.
Here are eight notable initiatives, programs, and resources launched this year to help facilitate entry-level cybersecurity skills development and career opportunities.
ThreatX partners with Cyversity, ICIT to offer free cybersecurity training
In March, API and application protection firm ThreatX announced a new partnership with non-profit Cyversity and cybersecurity think tank The Institute for Critical Infrastructure Technology (ICIT), providing members of both companies free access to almost 150 hours of cybersecurity training. The training is run via the ThreatX Academy and provides an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers.
“We are grateful for the support and partnership of ThreatX in fulfilling Cyversity’s mission to provide individuals from underserved communities with access to cybersecurity training and mentorship,” said Beverly Benson, executive director at Cyversity. The training will provide members with the knowledge needed to enter the workforce and gain a jump start in their cybersecurity careers, increasing their chances of success, she added.
ThreatX’s unique and highly complementary training platform will strengthen the cybersecurity workforce and help cultivate the next generation of cybersecurity leaders, a key pillar of ICIT’s mission, said Parham Eftekhari, founder and chairman of ICIT.
EC-Council launches CCT scholarship to spark new cybersecurity careers
In March, cybersecurity certification, education, training, and services company EC-Council announced a $3.5-million scholarship fund to help train approximately 10,000 candidates for entry-level cybersecurity jobs as part of a workforce development program to address the cybersecurity workforce gap. The scholarship offers successful awardees a unique, entry-level technical course partially funded by EC-Council and covers complete fees for instruction, e-courseware, practical hands-on labs, critical thinking challenges, and live Cyber Range activities.
The scholarship is aimed at high school, college, and university students, working professionals, and IT professionals. “For decades, there has been a serious lack of technical cybersecurity competencies, across many industries. EC-Council is proud to give back to the community by making its commercial, world-class Certified Cybersecurity Technician program available to aspiring professionals via its scholarship initiative,” said Jay Bavisi, group CEO and president of EC-Council,
(ISC)2 makes entry-level cybersecurity certification free for 20,000 Europeans
In April, (ISC)2 made a pledge to the European Commission to expand the reach of its One Million Certified in Cybersecurity program. It promised to provide a minimum of 20,000 individuals in Europe with its foundational Certified in Cybersecurity entry-level certification exam and education program for free. The certification is aimed at career changers, recent graduates, and entry- and junior-level cybersecurity practitioners.
The pledge is open to all EU residents who do not hold an (ISC)² cybersecurity certification. Recent graduates, career changers, IT professionals, and other professionals looking to move into cybersecurity are encouraged to participate. Once enrolled, participants will gain access to the online self-paced education course, and after successfully completing the free exam, participants will become (ISC)² members with access to a wide array of professional development resources to help them throughout their careers.
In the same month, (ISC)2 also launched Entry-Level Cybersecurity Skill-Builders — short-format, immersive learning courses created by industry experts. The Skill-Builders courses cover cybersecurity strategies, API security, and supply chain management. The courses are free for members and $19 for non-members.
EU Cybersecurity Skills Academy aims to become entry point for cybersecurity careers
In April, the EU Commission adopted a Communication on a Cybersecurity Skills Academy, a policy initiative that aims to bring together existing initiatives on cyber skills and improve their coordination in view of closing the cybersecurity talent gap and boosting the EU’s competitiveness, growth, and resilience.
The EU Commission hopes the Academy can act as a single point of entry for those interested in cybersecurity careers and plans to scale up stakeholders’ initiatives to reach a critical mass that will make a difference in the labor market. The European Cybersecurity Skills Framework (ECSF) provides the basis for the Academy to define and assess relevant skills, monitor the evolution of skills gaps, and provide indications of new needs.
Google launches entry-level cybersecurity certificate to teach threat detection skills
In May, Google announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open cyber roles, the tech giant said.
It offers hands-on experience with industry standards and tools including Python, Linux, and security information and event management (SIEM), also helping to prepare learners for the CompTIA Security+ exam, the industry-leading certification for cybersecurity roles. Google said that its course will cost $150 to $300 on average, according to a report by the Wall Street Journal. A key focus area of the program is addressing the lack of diversity in the cybersecurity sector, with women, Hispanic, and Black workers significantly underrepresented in the field.
Upskill in Cyber program returns to aid career changes to cybersecurity
In May, the UK’s Department for Science, Innovation, and Technology (DSIT) and the SANS Institute announced the second iteration of the Upskill in Cyber program to help UK professionals make a career change into cybersecurity. The program lasts 14 weeks and offers free training and advice to support UK workers looking to forge a new cybersecurity career. First launched last year, the program has trained over 200 students with non-cyber backgrounds, with many securing guaranteed job interviews upon successful completion of the training, according to SANS Institute.
The program consists of two SANS cybersecurity training courses, SEC275: Foundations: Computers, Technology, and Security; and SEC401: Security Essentials: Network, Endpoint, and Cloud. Upskill in Cyber graduates will achieve two certifications that demonstrate their practical capabilities and knowledge: GIAC Foundational Cyber Security Technologies (GFACT) and GIAC Security Essentials Certification (GSEC).
To be eligible, candidates must be aged 18 or over, UK nationals, or have resided in the UK for the last three years, and not currently (or previously been) employed in a cybersecurity role. They must also not be currently pursuing or having achieved a professional cybersecurity-related certification or currently pursuing or having achieved a cybersecurity-related course at the undergraduate level or beyond.
Cyber Million program targets one million entry-level cybersecurity jobs
In June, Immersive Labs and Accenture announced the launch of the Cyber Million program to support access to one million entry-level cybersecurity jobs over the next decade. The program has an emphasis on real-world skills, upskilling, and aptitude over traditional evaluation methods and hopes to help organizations make cybersecurity operations roles available to a diverse pool of candidates.
Anyone over the age of 16 can register for the program and complete a series of curated hands-on exercises and labs that match the skill set requirements of open roles. Once candidates successfully complete these labs, individuals may apply to open employment partner roles. The program is designed to be flexible, allowing candidates to complete courses at their own pace.
“We founded Immersive Labs based on the idea that people from various backgrounds — both with or without a formal education — can excel in cybersecurity if given the right opportunities,” said James Hadley, CEO and founder of Immersive Labs. The Cyber Million program will help organizations discover hidden talent, increase diversity across the workforce, and build resilience against cyberattacks, he added.
ISACA pledges to help grow cybersecurity workforce in Europe
In June, global professional association ISACA pledged to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations. Closing the cybersecurity workforce gap and promoting diversity within the field will be key focus areas, helping the development of a high-quality cybersecurity workforce that instills confidence among employers, according to ISACA.
ISACA will support the identification of qualified candidates for organizations by facilitating contacts between student members and executives/senior professionals through virtual and in-person events held by over 40 ISACA chapters throughout Europe. The commitments made in the pledge should give European businesses increased confidence that the talent they’re recruiting have the credentials and the skills to use cybersecurity as an enabler of success, promoting customer and overall stakeholder trust, and accelerating the safer adoption of new technologies, Chris Dimitriadis, chief global strategy officer at ISACA, told CSO.