Cybersecurity’s people problem: More millennials needed

Industry must invite young people to the party to fill growing talent gap

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Faced with a growing shortage of workers, the cybersecurity industry needs to figure out how to attract a new wave of talent.

Nearly one third of organizations are not able to fill their cybersecurity positions, according to a recent survey by the cybersecurity nonprofit ISACA. For another 25 percent, the process takes six months.

The largest generation in the U.S. workforce now, according to Pew Research, is millennials, those coming of age in the early 21st century. Millennials are projected to comprise half of the working population in the next three years.

Related story: Unfilled jobs are the biggest threat to cybersecurity

David Shearer, (ISC)2 executive director

“The millennials are the most diverse generation of any before them, and they’re going to be the pool of talent we draw from,” says David Shearer, executive director of (ISC)2, an international membership organization focused on cybersecurity.

But the priorities and values of the millennials don’t always align with those of employers. As a result, both recruitment and retention pose challenges.

“We’re going to have to figure out how we communicate with each other, and the industry will have to … be more receptive to all forms of diversity coming in,” Shearer says.

Frost & Sullivan’s eighth Global Information Security Workforce Study, sponsored by (ISC)2 together with Booz Allen Hamilton, estimated that by 2020, the shortage of cybersecurity workers will reach 1.8 million. That’s 20 percent higher than the 1.5 million gap forecasted in 2015.

“We are not curbing the tide here relative to the increasing demand,” Shearer says.

Generational differences

Like any generation before them, millennials have their own idiosyncrasies, according to various research. Brought up in a digital world and on track to become the most-educated generation to date, they’re less likely to be motivated by money.

Instead, they value flexible workplaces with less rigid organizational structures. And they want to be validated.

“These young minds were exposed to technology and gaming programs and things that are rapid fire, keeping their brain very active and moving to different scenarios,” Shearer says. “We have to listen to their goals and aspirations if we want to retain them.”

Some of their goals and aspirations, according to the recently released Millennials — the Next Generation of Information Security Workers (part of the global workforce study), include:

  • Career development such as employer-paid training and certifications, mentorship and leadership programs
  • Flexible work arrangements
  • Diversity in their roles

(The study qualified millennials as people under age 30.)

The role diversity is reflected in the millennials’ answer to where they see their careers in the next two to three years. Management is a common career move for Gen X and baby boomers. Millennials are more likely to move into security consulting, the study found.

“They think of themselves as all-purpose security consultants who can address multiple needs—they don’t think of themselves as the proverbial cog in the machine,” says Jason Reed, Frost & Sullivan consulting analyst and lead statistician on the study.

Can loyalty be nurtured?

Millennials have been pegged as being less loyal to their employers and more likely to job hop.

One explanation may be the volatile economy. They entered the workplace during the worse economic recession in decades. They watched many companies go under, and contended with a much slower labor market recovery than other generations.

Coming out of the Great Recession, fewer millennials expected to have two to five employers over their lifetime: 54 percent in 2011, compared to 75 percent in 2008, according to a PwC study. Conversely, 25 percent of 2011 respondents expected to have six or more employers, compared to 10 percent in 2008.

But the tide may be changing with the more stable economy. The 2017 Deloitte Millennial Study found a decrease from last year in the number of millennials planning to leave their employer within two years (44 percent in 2016 vs. 38 percent in 2017) and an increase in the number of those planning to stay beyond five years.

One of the drivers behind job-hopping may be their desire to seek new learning experiences, says Angela Messer, Booz Allen executive vice president whose roles include cyber-talent development.

She believes that the answer for employers is in providing stickiness through engagement, mentorships and feedback.

“In our company, we create more opportunities so they don’t have to leave,” she says.

Not feeling validated

One of the reasons millennials are leaving their jobs, according to the Frost & Sullivan findings, is the feeling of being excluded. More than other generations, they feel marginalized, their input unimportant.

Overall, 31 percent expressed that sentiment—but the number shot up to 69 percent for the successful ones (categories as those earning more than $50,000 a year, feeling more satisfied in their position and identifying as an information security rather than IT professional). This sentiment also was a factor for those who’ve left their jobs.

“Their opinions may not feel validated and as a result, active recognition is the No. 1 reason for them leaving the jobs,” Reed says. “They want to find an atmosphere in which they feel recognized and feel as if they’re participating in the corporate culture.”

Part of the disconnect may be due to communication differences, Shearer says. If the millennials’ preferred method is text messaging, they may not be engaging as they sit around a conference room table.

“They may have wonderful ideas … but that input may not be making its way into the decision path,” he says.

Millennials, however, don’t put as much weight on communication. It is the second-to-last job skill for them while ranking at the top for hiring managers. The technology may have buffered these digital natives from having to learn interpersonal communication, Shearer says.

“All the generations are going to have to do some introspection of their role in advancing that communication,” he says. “We need to invite millennials to the party in a way that’s going to be attractive and meaningful to them. … But the millennials don’t get a pass either.”

More stories related to cybersecurity jobs:
Help wanted: More women in cybersecurity jobs
Three steps to fixing the cybersecurity talent shortage
Scholarships aimed at closing cybersecurity talent gap