
The shortage of IT staff with cybersecurity skills to fill the needs of organizations
Howard Solomon: I want to start with an issue that wasn’t in the headlines this week but is on the minds of cybersecurity leaders, and that’s the shortage of IT staff with cybersecurity skills to fill the needs of organizations.
I thought of this because on Tuesday I came across a Twitter thread started by cybersecurity podcaster Jack Rhysder who recalled that he graduated with a computer science degree from a major university but couldn’t find a job in the field for 10 years. It was only after he earned a certification for a network product from a particular manufacturer that he got a job and his career took off.
Which raises the question: If I want to start a career in cybersecurity, where should I begin? Is a university or college IT or cybersecurity degree enough? Should I also get a certification from Cisco/Microsoft/CompTIA or another source?
Terry Cutler: Here’s my personal experience: I hired interns two years ago. They were doing a three-year program in cybersecurity. But they didn’t have the proper skill set to even be employable on day one. And it was very frustrating because when I dug deeper [I found out], They learned from PowerPoint slides for almost three years. How is this possible? They had never installed Windows 10 or [Linux] Kali. Then we discovered that the teacher is just one chapter ahead of the students. They’re not even in the field. When universities reach out to senior cyber security guys — and I’ve had the privilege of being one — many times, they don’t have the time to teach because it’s just too time-consuming. That’s why we teach online: we can update the curriculum whenever possible.
Here’s the other challenge: People say they want to go into cyber security, but cyber security is an umbrella term. It’s so huge. Do you want to become a pen tester, an incident responder, a reverse malware engineer, a security architect or a product designer? One of the questions I often get is, where do I start?
Here’s another thing: If you are not passionate about computers and cybersecurity, this field will destroy you. You will burn out if you’re just in it for the money.
If you want to transition from regular IT and enter cyber security, look for courses like the CompTIA A+, CompTIA Network+ and the ISC2 CISSP program. Those will get you well-rounded. You can decide what [or if] you want to specialize in. And If you’re a junior or not even in this field yet, apply for internships [while studying]. Your goal here is to try to prove your worth.
One problem is that students are promised hundred-thousand dollars salaries when they come out of school, which is not true … The demand is there, but you need to prove yourself.
This transcript has been edited for clarity. To hear the full discussion play the podcast