Too many employers are asking for too much when seeking to fill entry-level cybersecurity positions, then lamenting that there’s a shortage of talent applying for the job.
“There’s a misunderstanding, I think, out the door of what the [requirements] really should be for junior, midlevel and senior roles, and what those expectations are,” said Neal Dennis, a threat intelligence specialist, in an interview with The Wall Street Journal.
Citing a report by the International Information System Security Certification Consortium (ISC2), the Journal said there is a need for 3.1 million cybersecurity professionals to meet security requirements. But companies leave positions unfilled insisting they can’t find people to fill them.
Researchers tell the Journal “outlandish job requirements are the problem,” not than a lack of workers.
“We’ve created this self-licking ice-cream cone of misery that continues to drive the narrative forward that we don’t have the ability to solve this problem, or we don’t have enough humans,” said Chase Cunningham, principal analyst at research firm Forrester Inc.
The Journal article notes that job postings for entry-level security roles frequently request two to four years’ experience and advanced knowledge, which can be evidenced by certifications such as the Certified Information Security Systems Professional.
But Clar Rosso, chief executive of ISC2, which issues the certification, points out in the article that it takes 5 years of experience before earning a CISSP. “Possibly the human resources recruiter doesn’t have experience in the area and they’re not able to say, wait, that doesn’t even make sense,” she told the Journal.
The solution, says the Journal, is for companies to rework their expectations and hire tech professionals with non-traditional backgrounds, then invest in training. “Apprenticeship schemes and firm career development paths for new cybersecurity workers would help,” says the Journal.
“Once that shift occurs,” Dennis said, referring to on-the-job training and certification prep programs, “I think that the skill shortage starts to answer itself. And then we’ll finally realize that there’s not really a people shortage, there’s just a knowledge shortage on the people who are available.”