And why it's a myth that anyone can be a cyber warrior.
There’s a myth circulating in the race to recruit and train up cybersecurity professionals that even those without a technical background can become a cyber warrior.
With a radical shortage of skilled cybersecurity talent, experts across the cyber industry have fueled the belief that anyone, particularly transitioning military personnel, with or without a technical background can enter the in-demand field and be successful, Alan Paller, founder of the SANS Institute, told Wired Workplace.
“What we’re doing is lying to people getting out of the military to say that if you get, say, a Security+ certification, then you’ll be a security expert,” Paller said. “Then they get a job and don’t know how to do anything. It’s a lie they’re being told, and it’s damaging.”
Results of the 2013 Global Information Security Workforce Study by (ISC)2 revealed an acute gap between the supply and demand of qualified cybersecurity professionals, a gap that is only expected to widen as cyber jobs grow by an estimated 11 percent annually over the next five years.
Hord Tipton, executive director of (ISC)2 said Thursday that while there are more than one million individuals who have earned basic security certifications and are not yet qualified as “cyber ninjas,” the responsibility ultimately falls on the employers to place new cyber hires in jobs commensurate with their skill level.
“I like to compare the security space to a symphony orchestra,” Tipton said. “You have all kinds of different instruments in that orchestra, some of them more difficult than others, but you have a variety – bassoons, trumpets, saxophones and violins … and there’s a chair for everybody in the scene. The third chair can’t sit in the first chair. Employers do everyone a disservice and risk the enterprise if they put the person they employ in the wrong chair.”
Still, much of the challenge stems from a lack of a defined career path for cybersecurity talent, Tipton and Paller said. Perhaps most promising would be a three-step career path where new cybersecurity workers learn the foundations of technology in areas like systems administration or tech services, followed by continuous training and skills development, eventually qualifying them to move into more advanced jobs, Paller said.
“There are so many jobs available right now that we need a pathway, Paller said. “The colleges can’t teach it, so we don’t see any other way to do it.”