Just how big is the cyber-security talent gap? According to one estimate, there are going to be 1.8 million unfilled roles by 2020. This is problematic for organisations already operating with an undersized workforce – and it presents opportunity to cyber-criminals who are hardly going to sit back and wait for the industry to catch up. They are continually developing new lines of attack, new malicious techniques – and organisations that are serious about protecting their data, revenue and reputation need to be able to respond.
One major problem is that cyber-security recruiting requirements are often extremely limiting – there simply aren't many people out there who meet them. Ninety-four percent of hiring managers want potential recruits to have prior experience in the cyber-security field – and yet 87 percent of cyber-security professionals worldwide did not start their careers in the field.
Hiring managers also typically want a range of highly technical skills such as incident response and secure software development – skills the majority of students are not exposed to these as part of their courses. In part this is due to the advanced certifications required to manage many of the traditional security appliances being used today. This puts off talented individuals who don't have the correct ‘tick in the box' yet could be highly innovative software developers who instead turn to other fields with fewer prerequisites.
There are clear disconnects, then, between what organisations are demanding from new members of their cyber-security teams, and what is actually available.
A new approach for recruiting cyber-security talent
What if cyber-security recruiters could tap into a new generation of talent with a different set of skills and strategies that are plentiful among technology enthusiasts?
Humans have a natural ability to reason visually and spatially in order to solve critical problems – and technologies such as augmented reality (AR), and virtual reality (VR) are making it easier than ever before to immerse people in visual and spatial environments. The gaming industry is, of course, well aware of this. But other industries are capitalising on the same tools and technologies to solve more commercial problems. The auto industry, for example, is using VR to reduce waste and inefficiencies.
Why, then, can't the cyber-security industry follow this lead?
Looking to the future
Protectwise recently commissioned a study, Immersive Technologies and the Future of Cybersecurity, which surveyed more than 500 people ages 16 to 24 who identify as ‘gamers'.
Unsurprisingly, many of the respondents were interested in pursuing technology-related careers – but cyber-security was referenced by only nine percent of them. Video game development (33 percent) and computer science/software development (21 percent) were far more appealing. Yet with an affinity for immersive environments, VR and AR technology, and collaborative problem-solving, these individuals are likely to have hugely compelling skillsets and interests for successful careers in cyber-security. They just don't know it yet.
When presented with the concept of using VR and other immersive technologies to accomplish tasks like identifying threats and assessing risks, nearly three quarters of them (74 percent) said it would increase their likelihood of pursuing a career in cyber-security. Even amongst the respondents who didn't feel that they had the technical aptitude for cyber-security jobs, 64 percent said access to these tools would increase the likelihood of their seeking a career in the industry.
The survey also underlined how little exposure many individuals get to cyber-security careers at home, at school and among their peers. Sixty-seven percent of respondents did not take a cyber-security class in school or college – and of those, 65 percent said this was because such a class wasn't even on offer. Only 17 percent said that a family member had worked in cyber-security, and only one percent were already working in cyber-security.
The onus, then, needs to be on the cyber-security industry to change the paradigm through innovation, and for forward-thinking organisations to embrace it. Millennials and post-millennials are the newest entrants to the IT workforce, with decades of career ahead of them. Their affinity for gaming, VR and AR presents the security industry with an unprecedented opportunity to develop solutions that attract young workers and empower them to be successful threat hunters and responders.
In fact, when told that VR and AR technologies could be a feature of cyber-security tools, 77 percent of survey respondents agreed that they would get more enjoyment from working in security, and 72 percent said they'd make them more effective. With enjoyment and fulfilment so key to attracting, retaining and growing talent, this is something the cyber-security industry should embrace. In the battle against cyber-crime, this approach truly can be win-win.
Ramon Peypoch, chief product officer at ProtectWise
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.