Security certifications, prior experience stymie cyber hiring
A cybersecurity workforce with a range of backgrounds and experiences is a more effective one, but expensive certifications and limited entry-level opportunities are keeping candidates away, experts say.
A cybersecurity workforce with a range of backgrounds and experiences is a more effective one, but organizations struggle to hire Hispanics, Blacks and women in a notoriously tight labor market, according to panelists on the Sept. 9 webinar hosted by Aspen Institute's Tech Policy Hub and Aspen Digital.
Expensive certifications can represent a barrier of entry into the field, the experts said.
"We find that a lot of people learn through working with one another on certain kinds of key topics," said Karyn McMullen Harker, Global HR Business Partner in Cybersecurity at Accenture. "So I think providing the opportunity for certifications is an excellent thing for organizations to do, but requiring it just shuts people out of the game too early on in their careers."
Without alternative pathways into the field, certifications can limit the diversity of the overall workforce, said Camille Steward, global head of product security strategy at Google.
"Certifications have become a tool for excluding people because we're requiring them early in peoples' careers when many of these certifications require five years of experience," she said. "It becomes a hard barrier for folks, rather than one pathway into an organization, and then there aren't a lot of support for folks who cannot financially meet the burden of paying for these heavy certifications."
The panelists offered up as an example of an alternative in an apprenticeship initiative called the Cybersecurity Education Diversity Initiative between the Department of Defense and The National Security Agency. It matches students at minority-serving institutions with paid internships at private sector security companies.
Also on the job requirements front, panelists said it can be difficult for applicants to meet requirements for several years of prior experience for an entry level job, said Ron Ford, cybersecurity advisor at the Cybersecurity Infrastructure Security Agency.
Ford also spoke briefly about the Department of Homeland Security's new personnel system, the Cybersecurity Talent Management System, that's gearing up this fall after years in the making.
Generally, the hope is that it will "really open up the job field to understand how current employees are meeting those standards, as well as continuing to open up paths for career involvement and escalation," he said. It's "there to provide that support for those future employees who we really want to bring on board and try to meet them in a place where we typically haven't met them."
Ford and other panelists also flagged the NICE framework for job descriptions developed by the National Initiative for Cybersecurity Careers and Studies as a helpful tool to create cybersecurity job descriptions focused specifically on the skillsets needed for jobs.
Either way, diversity directly affects cybersecurity, said Rep. Lauren Underwood (D-Ill.), who spoke at the event.
Opening up the field can help fill in talent gaps in the tight market, and having a diverse set of perspectives in a room also decreases blind spots in threat assessments and increases the number of creative ideas, she said.
"A diverse security workforce keeps us safer," she said. "Probably the most obvious reason for this is we want to recruit top talent. Our nation faces evolving threats that require a whole of government and whole of society response ... A homogenous workforce can be a major red flag that we're failing to recruit all the available talent."
This article was first posted to FCW, a sibling site to GCN.