Marketing the InfoSec ProfessionPersuading Millenials to Join the Field
The IT security industry must do a much better job of persuading young people with the requisite math and science skills to join the cybersecurity workforce rather than choose another profession, says David Shearer of (ISC)Â².
Shearer, executive director of the IT security education and certification organization, says in an interview with Information Security Media Group that the industry must take aggressive steps to address a severe shortage of skilled professionals.
Persuading millennials to become IT security practitioners can prove to be a tough sell, though, because of the long hours many cybersecurity professionals work. "No one in this profession works an eight-hour day," Shearer says. "They're grinding it out, and if there is an incident they have to respond to it. ... No one is watching the clock. You don't go home until you remediate it or you can get some sense of confidence that the organization is not at risk."
Shearer says he and others industry practitioners are trying to better understand millennials in order to explain to them the benefits of the profession. "We need to find a way to improve our messaging and reach out to the young in different ways," Shearer says. "... Are we speaking to them wrong? Is there some other way that we can attract the conversation? I do think that once they get exposed to truly what's happening in the workforce, we'll see there's great interest."
Shearer and others are looking to millennials to help fill what is projected to be a shortage of 1.5 million cybersecurity experts worldwide by 2020. Citing a survey conducted by the market research firm of Frost & Sullivan, and co-sponsored by (ISC)2, Shearer points out that the average age of an IT security practitioner is 42, and a mere 6 percent of the cybersecurity workforce is younger than age 30.
"We have an aging workforce, and we don't seem to be effectively drawing more young interest into the profession," he says. "The workforce is undersized, overworked and there's stress associated with that. It's also opening up organizations to vulnerabilities because they can't keep up with all the challenges they're faced with."
In the interview, Shearer explains:
- How organizations facing a skills shortage turn to technology to fill the gap, which in turn creates what he calls "security technology sprawl" that can lead to inefficiencies;
- The impact of the skills shortage has in an increase in phishing attacks; and
- Why the IT security community should help schools identify curricula to prepare students for future careers in cybersecurity.
Before being named executive director, Shearer served as chief operating officer for (ISC)Â². He previously held a number of senior IT positions in the U.S. government, including associate CIO for the Department of Agriculture's international technology service and deputy CIO at the Department of Interior.