Is Education Enough to Solve the Cyber Security Skills Shortage

Posted by Kathleen Smith

BSides San Antonio Capture the Flag

BSides San Antonio Capture the Flag

While we look at the cyber security skills shortage, many will say that this starts with better education.  But is improving our educational system the answer?  According to Burning Glass, 61% of employers require a Bachelor’s while 34% require a Master’s degree.

When reviewing the requirements on a global scale most cyber security positions in Europe in particular require either a Master’s or Doctoral degree in cyber security for entry level positions. So when we are discussing a global skills shortage, we have to remember that employers around the globe have very different requirements for their positions.

But are there the programs available to provide professionals with the skills they need?  Not necessarily. According to Cloud Passage, cyber security as an academic discipline or program of study is not readily accessible. Only 7% of top universities in the U.S. offer an undergraduate major or minor in cyber security.

In addition to the basic curriculum, cyber security jobs require more certifications. 35% of the cyber security jobs listed in the U.S. require at least one certification, while only 23% of IT jobs listed require industry certification.

Certifications are an additional level that many employers are looking for, with entry level positions requiring at least Security+, GIAC, GSEC or SSCP which require less than 3 years of experience. The more advanced certifications such as CISSP, CISA, GCIH and GCIA require at least 3-5 years of experience and rigorous exams.

Additional skills are needed based on the industry. For health care, finance and DoD work there are additional Compliance and Standards requirements. Then of course add on top of this a security clearance. In 2014, there were 25,654 cyber security postings calling for a government security clearance to access classified information, representing 11% of all cyber security postings. On average, cyber security postings requiring a security clearance remained open 10% longer than cyber security postings overall, according to Burning Glass.

While students are striving for education, a global study found only 23% of the respondents felt that education programs were preparing students for the cyber security challenges ahead. The bottom line is that for most companies the right candidate needs both the education and experience. Most students focus on the getting the certification or degree, but most employers want the degree, skills, and the experience.

How do students get the experience as well? One way is through community based competitions held nationally or regionally that provide students and professionals with the opportunities to learn current critical skills. These competitions commonly called Capture the Flag (CTF) or hackathons have been growing in popularity as a way to build talent pipelines and to develop cyber security skills. Hackathons have been around since 1999 and gaining in popularity. Fortunately many hackathons are either online or in-person events and are held frequently.

But these are just games, right? These are not really providing real life experience. Or are they?

Competitions solve a problem such as water filtration, providing dogs with shelter, or finding the bugs in a current program. From single-company events to large-conference competitions at Black Hat or DEFCON, these events provide real-world experience on difficult challenges. Challenges that help professionals and students gain the skills that employers are looking for.

How do employers evaluate a student or professional who may have limited work experience, but has participated in competitions? First is understanding that competitions require a wide range of skills from technical challenges to working in teams. Second, an employer needs to understand the basic parameters of each of the competitions – wifi, car hacking, medical devices, etc. Third, they need to talk with potential hires about how the experiences gained in these competitions relate to the skills requirements of their positions.

Recruiters, hiring managers and job seekers have to work together to determine how the real-world experience gained in these events relates to the work experience the employer requires.

This entry was posted on Saturday, October 15, 2016 10:00 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.