The cybersecurity industry is often misrepresented and misunderstood. The stereotypes and tropes surrounding what people who work in the industry are like and what they actually do are often laughably incorrect. And these misconceptions are keeping a lot of people who might enjoy the work from entering the field.
Over the last few years, the global cybersecurity workforce gap has received more attention and some progress has been made, but according to the 2021 (ISC)² Cybersecurity Workforce Study, the number of jobs within the industry necessary to defend critical assets is still 2.72 million.
It's past time to dispel some myths about cybersecurity because nearly three-quarters (73%) of organizations represented in a recent Fortinet survey had at least one intrusion or breach over the past year that could be partially attributed to a gap in cybersecurity skills.
One of the biggest misconceptions is that all jobs in cybersecurity are technical or require a four-year computer science degree. But just as only a fraction of the jobs in healthcare require a medical degree, cybersecurity contains a diversity of subfields and functions.
If you watch medical shows on TV, you might think that all jobs in healthcare involve dealing with patients. But that couldn't be further from the truth. The healthcare field is vast and many jobs don't require science backgrounds, degrees, or even a remote interest in caregiving. For example, the medical billers that send claims to a patient's insurance company need to learn about billing codes and charts, but organizational ability is probably just as important. And the skill sets of people who install and repair medical equipment have more in common with auto mechanics than doctors.
Years of medical dramas have led to skewed perceptions of healthcare, but cybersecurity is rarely represented in the media at all, except for the occasional stock photo of a hacker in a hoodie staring at a character-based terminal. In the absence of much of any information, most people assume that all jobs in cybersecurity involve highly specialized technology. It's true that cybersecurity is a subset of the technology industry, which is at least as vast an industry as healthcare. But just as not everyone in healthcare is a doctor, not everyone in cybersecurity is a coder. Many are liberal arts graduates with great communications skills. Others don't have a degree at all, but are amazing problem solvers.
According to the (ISC)² Cybersecurity Perception Study, the good news is that the stereotype of cybersecurity professionals as creepy guys working in dark rooms has been replaced by “good guys fighting cybercrime.” But the bad news is that a lot of people don't want to join the field because they think the technical skills they need are out of reach and require further education. Even though 29% said they are considering changing careers, they aren't interested in cybersecurity because they believe it would require too much technical knowledge or training (32%), they don’t know how to code (27%), or they find the field too intimidating (26%).
Fortunately, the survey also showed that pathways to cybersecurity are changing. Slightly more than half of cybersecurity professionals started their careers outside of IT: 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education, and 15% explored cybersecurity concepts on their own.
It's well known that diversity needs to be addressed in technology, but fostering a more diverse workforce will continue to face challenges until some of the myths about cybersecurity are dispelled. Women and other underrepresented groups aren't going to be interested in a career in cybersecurity if they don't know what the range of jobs are or what they are like. A case in point: right now, a lot of service industry employees are leaving their jobs and looking for something else to do as part of the Great Resignation or Great Reshuffling. How many of them have thought about cybersecurity?
If a former bartender is looking to make more money, have more regular hours, job flexibility, and better benefits, cybersecurity might be worth looking into. After all, more than three quarters of cybersecurity pros like what they do and they make good money doing it. Entry level jobs such as help desk and security analyst roles don't necessarily require a degree. Certifications and technology experience can help get your foot in the door, but a lot of the hiring decision depends on the person. Fortinet offers free training anyone can check out to see if cybersecurity is a subject that might interest them. And then the NSE certification options can help people advance in the field.
Those hiring in cybersecurity should be more vocal about opportunities that don't require degrees and open to candidates who have different experiences and different backgrounds, and who may be outside of their typical circle of technology colleagues. Open houses and job fairs can be good ways to educate more potential candidates about the benefits of a cybersecurity career.
When reviewing resumes, hiring managers also should modify and even loosen résumé-evaluating algorithms, so applications that don't necessarily check off every requirement can still be considered. Depending on the position, "soft skills" like communication ability or logical thinking can be more important than knowing all the right acronyms and lingo.
Bringing in candidates with more wide-ranging backgrounds can add new perspectives and contributions to organizations. Once you have people with the right general skills in place, you can support these new employees by offering training and certifications to bring them up to speed on the latest technology. Because cybersecurity is constantly changing, an aptitude for learning is arguably the most important skill of all.