Cybersecurity’s people problem: More millennials needed

Industry must invite young people to the party to fill growing talent gap

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Faced with a grow­ing short­age of work­ers, the cyber­se­cu­ri­ty indus­try needs to fig­ure out how to attract a new wave of tal­ent.

Near­ly one third of orga­ni­za­tions are not able to fill their cyber­se­cu­ri­ty posi­tions, accord­ing to a recent sur­vey by the cyber­se­cu­ri­ty non­prof­it ISACA. For anoth­er 25 per­cent, the process takes six months.

The largest gen­er­a­tion in the U.S. work­force now, accord­ing to Pew Research, is mil­len­ni­als, those com­ing of age in the ear­ly 21st cen­tu­ry. Mil­len­ni­als are pro­ject­ed to com­prise half of the work­ing pop­u­la­tion in the next three years.

Relat­ed sto­ry: Unfilled jobs are the biggest threat to cyber­se­cu­ri­ty

David Shear­er, (ISC)2 exec­u­tive direc­tor

The mil­len­ni­als are the most diverse gen­er­a­tion of any before them, and they’re going to be the pool of tal­ent we draw from,” says David Shear­er, exec­u­tive direc­tor of (ISC)2, an inter­na­tion­al mem­ber­ship orga­ni­za­tion focused on cyber­se­cu­ri­ty.

But the pri­or­i­ties and val­ues of the mil­len­ni­als don’t always align with those of employ­ers. As a result, both recruit­ment and reten­tion pose chal­lenges.

We’re going to have to fig­ure out how we com­mu­ni­cate with each oth­er, and the indus­try will have to … be more recep­tive to all forms of diver­si­ty com­ing in,” Shear­er says.

Frost & Sullivan’s eighth Glob­al Infor­ma­tion Secu­ri­ty Work­force Study, spon­sored by (ISC)2 togeth­er with Booz Allen Hamil­ton, esti­mat­ed that by 2020, the short­age of cyber­se­cu­ri­ty work­ers will reach 1.8 mil­lion. That’s 20 per­cent high­er than the 1.5 mil­lion gap fore­cast­ed in 2015.

We are not curb­ing the tide here rel­a­tive to the increas­ing demand,” Shear­er says.

Gen­er­a­tional dif­fer­ences

Like any gen­er­a­tion before them, mil­len­ni­als have their own idio­syn­crasies, accord­ing to var­i­ous research. Brought up in a dig­i­tal world and on track to become the most-edu­cat­ed gen­er­a­tion to date, they’re less like­ly to be moti­vat­ed by mon­ey.

Instead, they val­ue flex­i­ble work­places with less rigid orga­ni­za­tion­al struc­tures. And they want to be val­i­dat­ed.

These young minds were exposed to tech­nol­o­gy and gam­ing pro­grams and things that are rapid fire, keep­ing their brain very active and mov­ing to dif­fer­ent sce­nar­ios,” Shear­er says. “We have to lis­ten to their goals and aspi­ra­tions if we want to retain them.”

Some of their goals and aspi­ra­tions, accord­ing to the recent­ly released Mil­len­ni­als — the Next Gen­er­a­tion of Infor­ma­tion Secu­ri­ty Work­ers (part of the glob­al work­force study), include:

  • Career devel­op­ment such as employ­er-paid train­ing and cer­ti­fi­ca­tions, men­tor­ship and lead­er­ship pro­grams
  • Flex­i­ble work arrange­ments
  • Diver­si­ty in their roles

(The study qual­i­fied mil­len­ni­als as peo­ple under age 30.)

The role diver­si­ty is reflect­ed in the mil­len­ni­als’ answer to where they see their careers in the next two to three years. Man­age­ment is a com­mon career move for Gen X and baby boomers. Mil­len­ni­als are more like­ly to move into secu­ri­ty con­sult­ing, the study found.

They think of them­selves as all-pur­pose secu­ri­ty con­sul­tants who can address mul­ti­ple needs—they don’t think of them­selves as the prover­bial cog in the machine,” says Jason Reed, Frost & Sul­li­van con­sult­ing ana­lyst and lead sta­tis­ti­cian on the study.

Can loy­al­ty be nur­tured?

Mil­len­ni­als have been pegged as being less loy­al to their employ­ers and more like­ly to job hop.

One expla­na­tion may be the volatile econ­o­my. They entered the work­place dur­ing the worse eco­nom­ic reces­sion in decades. They watched many com­pa­nies go under, and con­tend­ed with a much slow­er labor mar­ket recov­ery than oth­er gen­er­a­tions.

Com­ing out of the Great Reces­sion, few­er mil­len­ni­als expect­ed to have two to five employ­ers over their life­time: 54 per­cent in 2011, com­pared to 75 per­cent in 2008, accord­ing to a PwC study. Con­verse­ly, 25 per­cent of 2011 respon­dents expect­ed to have six or more employ­ers, com­pared to 10 per­cent in 2008.

But the tide may be chang­ing with the more sta­ble econ­o­my. The 2017 Deloitte Mil­len­ni­al Study found a decrease from last year in the num­ber of mil­len­ni­als plan­ning to leave their employ­er with­in two years (44 per­cent in 2016 vs. 38 per­cent in 2017) and an increase in the num­ber of those plan­ning to stay beyond five years.

One of the dri­vers behind job-hop­ping may be their desire to seek new learn­ing expe­ri­ences, says Angela Mess­er, Booz Allen exec­u­tive vice pres­i­dent whose roles include cyber-tal­ent devel­op­ment.

She believes that the answer for employ­ers is in pro­vid­ing stick­i­ness through engage­ment, men­tor­ships and feed­back.

In our com­pa­ny, we cre­ate more oppor­tu­ni­ties so they don’t have to leave,” she says.

Not feel­ing val­i­dat­ed

One of the rea­sons mil­len­ni­als are leav­ing their jobs, accord­ing to the Frost & Sul­li­van find­ings, is the feel­ing of being exclud­ed. More than oth­er gen­er­a­tions, they feel mar­gin­al­ized, their input unim­por­tant.

Over­all, 31 per­cent expressed that sentiment—but the num­ber shot up to 69 per­cent for the suc­cess­ful ones (cat­e­gories as those earn­ing more than $50,000 a year, feel­ing more sat­is­fied in their posi­tion and iden­ti­fy­ing as an infor­ma­tion secu­ri­ty rather than IT pro­fes­sion­al). This sen­ti­ment also was a fac­tor for those who’ve left their jobs.

Their opin­ions may not feel val­i­dat­ed and as a result, active recog­ni­tion is the No. 1 rea­son for them leav­ing the jobs,” Reed says. “They want to find an atmos­phere in which they feel rec­og­nized and feel as if they’re par­tic­i­pat­ing in the cor­po­rate cul­ture.”

Part of the dis­con­nect may be due to com­mu­ni­ca­tion dif­fer­ences, Shear­er says. If the mil­len­ni­als’ pre­ferred method is text mes­sag­ing, they may not be engag­ing as they sit around a con­fer­ence room table.

They may have won­der­ful ideas … but that input may not be mak­ing its way into the deci­sion path,” he says.

Mil­len­ni­als, how­ev­er, don’t put as much weight on com­mu­ni­ca­tion. It is the sec­ond-to-last job skill for them while rank­ing at the top for hir­ing man­agers. The tech­nol­o­gy may have buffered these dig­i­tal natives from hav­ing to learn inter­per­son­al com­mu­ni­ca­tion, Shear­er says.

All the gen­er­a­tions are going to have to do some intro­spec­tion of their role in advanc­ing that com­mu­ni­ca­tion,” he says. “We need to invite mil­len­ni­als to the par­ty in a way that’s going to be attrac­tive and mean­ing­ful to them. … But the mil­len­ni­als don’t get a pass either.”

More sto­ries relat­ed to cyber­se­cu­ri­ty jobs:
Help want­ed: More women in cyber­se­cu­ri­ty jobs
Three steps to fix­ing the cyber­se­cu­ri­ty tal­ent short­age
Schol­ar­ships aimed at clos­ing cyber­se­cu­ri­ty tal­ent gap


Posted in Cybersecurity, Featured Story