We talk a lot in Silicon Valley about product pipelines and sales pipelines, but what about talent pipelines? It is, after all, talent – people – who give us products to sell. The cybersecurity industry in particular is feeling the effects of an inadequate talent pipeline, with the Bureau of Labor Statistics reporting that 209,000 cybersecurity jobs will go unfilled in 2015 alone.
But how do we meet both our current needs for skilled cybersecurity professionals and ensure that the next generation of security pros is ready and waiting to meet future demand?
Let’s start with the current shortage. In the short term, the cybersecurity industry must fill the many thousands of jobs ranging from research positions to network security administration. This can happen in several ways:
- Some of the most talented network security pros didn’t come through traditional college programs or “climb the corporate ladder.” Employers need to be open-minded about real-world experience.
- Private companies can facilitate the growth of a skilled security workforce by sponsoring training, partnering with colleges and universities, and developing internships.
- Making it easier for companies to recruit foreign workers with the necessary skills helps address immediate resource needs, builds a more diverse workforce, and increases the number of potential mentors for the next generation of security professionals.
The Mid Term: Post-Secondary Education
Although a number of network security programs are already emerging in colleges and universities, security is a field that benefits from hands-on experience in real-world situations. It is also a field that lacks a terminal degree that signifies expertise, like an MD or JD, and formalized internships and apprenticeships are either non-existent or difficult for employers to assess in terms of quality and rigor.
Building the next phase of the security talent pipeline will require several components that may often be driven by the companies at the forefront of security:
- A common set of standards and certifications that are vendor-neutral and represent mastery of real-world skills.
- College coursework that aligns with these standards.
- Development of apprenticeships and vocational programs that are suitable for non-traditional learners, retraining, career changes, and professional development.
For example, my company partners with Willis College in Ottawa, Canada, to deliver an intensive, 48-week curriculum with extensive hands-on time in a state-of-the-art lab that results in recognized certifications and an internship with our company.
At the University of Miami, research and instruction go hand-in-hand in a new network security lab where students can complete senior capstone experiences based on real-world, industry-provided cybersecurity projects. Students contribute valuable research in this partnership with the private sector while learning about the latest approaches in cybersecurity.
Working with higher education institutions can also help to aid cybersecurity professionals who are already in the workforce. Programs like these can help to move the industry forward by building rigorous and universally accepted certifications and changing expectations of what a security expert can and should be.
The Long Term: It All Starts in K12 and Our Communities
Truly developing not just the next generation of cybersecurity professionals, but also future generations of innovators, also requires tackling computer science and security education early on. The foundation of cybersecurity is computer science and yet less than 20% of U.S. high school students take a CS course. Far fewer have access to vocational options related to cybersecurity.
Even beginning to teach cybersecurity awareness at an early age can pique the interest of future researchers, engineers, and administrators. Really filling the talent pipeline in the long term means:
- Going beyond what we traditionally think of as STEM education and focusing on applied computer science, even in primary grades.
- Creating strong vocational tracks in computer science, network engineering, and cybersecurity.
- Partnering with libraries and community organizations to introduce more computer science and STEM activities to young people.
- Educating children to be aware of the benefits and consequences of being online citizens and teaching them the skills to keep themselves secure.
Don’t Forget Retention
Of course, ultimately, if the industry isn’t attractive to a diverse group of young people, it will continue to be difficult to fill that pipeline. We need to attract top talent, create great working environments, and then retain that talent. Those outstanding people we bring into our organizations now can be integral to building these educational and community-based programs. While there is no silver bullet that can solve the pipeline problem, a concerted, multifaceted effort can bring us far closer to a more secure connected world.
Ken Xie is founder, Chairman of the Board, and CEO of Fortinet.