Sander Vinberg, Threat Research Evangelist at F5 Labs

The cybersecurity skills gap is one of the most pervasive bugbears in the information security community.

A lack of high-level cybersecurity specialists is often viewed as a threat to profits, national security, and market stability. To some extent, we agree – there is a problem with cybersecurity hiring and staffing. Most of the time, however, this problem is formulated only in terms of a lack of skilled applicants. Here is where the skills gap doesn’t pass the gut check, based on the cumulative century of security experience that F5 Labs brings to bear.

The cybersecurity skills gap is not merely a problem with supply, but also with demand. The security industry is partly responsible for creating this problem through a combination of self-interest, extraordinarily vague needs, and unrealistic expectations. Furthermore, in our experience, the myopia in cybersecurity hiring is not just hard on candidates. It is a big part of why cybersecurity itself is becoming simultaneously harder and less well defined.

We have our own opinions on the most important skills and perspectives in cybersecurity, but first we want to try to pin down the staffing problem.

How much cybersecurity expertise can I get for $20K?

Some of the problems around security hiring mirror broader staffing issues: everyone wants a finished product, but nobody wants to pay the market rate. We often hear an argument like “I don’t have time to train someone, I have to mitigate these threats tonight!” While we have been there, and can appreciate the sentiment, the fact that we have yet to find an equilibrium between candidate supply and demand indicates that we might not be formulating or pricing the problem correctly. If everyone always holds out for the complete package, nobody will ever get it.

What is cybersecurity, anyway?

Another issue in our field is that many organizations seem to build cybersecurity staffing requirements around a bachelor’s degree in computer science. This was possibly a good strategy once, but computer science degrees and cybersecurity are increasingly mismatched, for several reasons. Most people in computer science programs want to write software. Furthermore, most computer science programs offer little material on security. This is partly because there is so much other material to cover, and partly because security knowledge isn’t yet a big part of the development careers that follow. DevSecOps continues to hold promise, and developers may, in time, begin to know and care about security, but we aren’t there yet.

It’s clear that security is computer science-adjacent at best, in terms of both the body of knowledge and daily behaviors. A computer science graduate coming into security will not only have learned a lot of unnecessary information, but they will also have a lot of catching up to do. If nobody recognizes these gaps for what they are, the candidate can appear under skilled or unmotivated.

Which cybersecurity are we talking about?

Another problem is that security itself is a poorly defined body of knowledge. There are so many different skill sets that even veteran security experts often don’t see eye to eye about what a security professional should know and do. Our field encompasses such subdomains as malware analysis, penetration testing, code review, forensics, threat intelligence, risk assessment, compliance, cryptography, network monitoring, and incident response. It requires understanding other domains, including software development, application architecture, information architecture, data visualization, law, basic business principles, and effective communication. It occasionally requires knowledge from fields like geopolitics, global economics, counterterrorism, behavioral psychology, and statistical methods.

No institution can effectively cover all of this in one shot, and the needs of a given organization will also be determined by its strategy, security architecture, and the hiring manager’s perspective. This means that even experienced specialists need to be willing to humble themselves and constantly gain new skills.

Thus, the degrees that tend to get hired in this field aren’t a great match, and the field itself is so resistant to categorization that only lifelong learners can write their own tickets. However, the attribute that marks the kinds of people who go on to do well in the field is fundamental interest in the idea of security. If they have that, we can teach the rest. For that reason, we think that, rather than looking for turnkey candidates, it’s better to cultivate the practical skill set among people who self-select as being interested.

It’s better to grow your own cybersecurity experts

It can feel like a gamble to invest in unskilled but motivated candidates. It would be great if you could get a security genius off the shelf, but both the history and the direction of the field indicate the need to cultivate rather than purchase. The key to this is to test for passion first. For cybersecurity professionals, continual learning is part of the job. If they aren’t curious and motivated to do this, don’t bother going further. It will be a waste of their time and yours.

Conversely, if you find someone drawn to the field, then training them is a win for everyone—for you, for them, and for the organization. These people will go on to be more effective and significantly cheaper than the alternatives. We also need to emphasize that, in our experience, many of the best candidates will be from nontraditional backgrounds, and not just computer science students. Self-taught, passionate hobbyists and code-school candidates have frequently shown themselves to be willing and able to learn and excel in our field.

Sander Vinberg, Threat Research Evangelist at F5 Labs

You may also be interested in these articles:

Sponsored Video

Advertisers

Upcoming FE Events

Advertiser Skyscrapers

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.

Podcasts

We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.

Events

FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page