After the notorious SolarWinds cyberattack, cyber events have continued to illustrate the need for a highly trained and prepared cybersecurity workforce—and even motivated American adults to consider a career change to the field. According to the U.S. Bureau of Labor Statistics, employment in cybersecurity is expected to grow significantly faster than most occupations, increasing by 33% from 2020 to 2030.
On paper, cybersecurity is an attractive field that provides information security professionals with competitive annual salaries and countless career opportunities. However, the reality of the cyber landscape looks a bit different. The field is in the midst of a major skills gap in both the public and private sectors as employers struggle to build their cyber workforce.
Champlain College Online’s recent survey, Adult Viewpoints 2021: The Cybersecurity Skills Gap and Barriers to Entry, fielded questions to 1,011 American adults. While the survey found more than half were interested in a cybersecurity career, it also identified numerous barriers to entry.
High expectations for prior training, lack of diversity and inclusion, and toxic work culture are top barriers preventing adults from pursuing a career in cybersecurity. Respondents identified employer tuition assistance and employer-sponsored training and education as top motivators for entering the field. Recognizing both the barriers and motivators to a career in cybersecurity helps employers meet hiring needs and close the existing skills gap.
Barrier 1: High Expectations of Prior Training
High expectations for past training deterred 54% of non-cyber survey respondents from considering a career in cybersecurity. When it comes to those working in the industry, the majority of cyber hiring managers agreed that there is an expectation for even entry-level candidates to have vast prior experience in the field.
Both potential and current cyber professionals will benefit from more opportunities for individuals without prior cyber experience. Employers should present entry-level employees with opportunities to train and learn on the job. This responsibility falls on the organization, especially those with large IT departments.
Within an organization, hiring managers should recognize the value of non-experienced individuals who bring varied skill sets and demonstrate they can learn on the job by creating hiring quotas for non-experienced, future cybersecurity professionals. Individuals who lack cyber experience bring other valuable work experience that can be crucial for management, creativity, leadership, and other aspects of a healthy workforce.
Regardless of past experience, cyber hiring managers and current and potential cyber employees agree there needs to be a baseline foundation of cybersecurity training provided to those entering the field.
Barrier 2: Lack of Diversity and Inclusion
The vast majority of respondents —90% of hiring executives and job candidates—believe it is important to increase diversity in the cyber workforce. Yet, employers and managers don’t often know how to address diversity, equity, and inclusion (DEI) challenges, including discrimination. Additionally, employees may hesitate discussing DEI issues for fear that doing so may negatively affect their career.
Not only does an increase in diversity increase productivity, but it also helps organizations to identify internal problems from a variety of viewpoints and come up with creative, cost-effective solutions. Cyber organizations need to do more to combat the systemic and disproportionate under-representations of minority groups in the workplace. Collaborating with institutions that support a diverse, inclusive cyber workforce—such as Women in Cybersecurity (WiCyS) and the International Organization of Black Security Executives (IOBSE)—can help employers mentor and empower their workforce to advance the careers of diverse individuals.
Academia can also support encouraging minority groups to pursue cyber careers. Professors serve a vital role in persuading students to choose a career path, as they are often viewed as leaders in their field. Therefore, seeing an individual who reflects a minority group as a professor or academic leader can inspire others to follow a similar path. Likewise, seeing successful alumni from an institution who reflect their own experience can also encourage more students to consider a career in the field.
Barrier 3: Toxic Work Environment and Culture
For those considering a career in cybersecurity, 44% reported toxic work environments would discourage them from exploring the industry. Toxic workplaces often feature constant finger-pointing when things go wrong, leading to vulnerable, pressured teams and high turnover. In this culture, employees are generally afraid to express their concerns, causing additional issues.
To address the industry-wide toxic work culture, organizations should encourage open communication in the workplace, promote strong HR programs, and encourage work-life balance with leaders setting the example. Many organizations have recognized cybersecurity is no longer a siloed department but one that affects every aspect of business. This has resulted in the inclusion of IT leaders in business-wide meetings, which will hopefully provide cyber departments with resources, trust, and respect.
As the field of cybersecurity continues to become more complex and sophisticated, those interested in pursuing a career in the field need access to a program that prepares them to meet those demands. Individuals need to feel confident as they fill the hundreds of thousands of openings in the cybersecurity workforce.
The best resource for someone looking to pursue a career in cybersecurity is a degree or training program that combines knowledge with hands-on learning. Understanding new concepts and theories is only part of the training experience; emerging cybersecurity professionals can apply this knowledge in real-world scenarios to help prepare them for the current and future state of the industry.
Addressing these barriers—in addition to providing the education and training needed to prepare professionals to enter the cybersecurity workforce—will help close the cybersecurity skills gap the U.S. faces today and positively impact the industry for years to come.
Sérgio Tenreiro de Magalhães is Associate Professor and Department Chair of Cybersecurity at Champlain College, serving as Program Director for the undergraduate degrees in Cybersecurity and Software Development, as well as for the Master of Science in Digital Forensics. His experience includes academia and industry work, and he holds a PhD in Information Systems and Technologies in the field of cybersecurity.