I read an article recently which quoted some statistics from the most recently (ISC)2 Cybersecurity Workforce study. I decided to take a look for anything that really stood out in light of the conversations that I am having at the moment and there was one set of stats that really grabbed my attention.

Pathways to Cybersecurity Careers!

Here is was, right in front of me, the empirical data which reflects so many conversations I have. The report looked at 4 different routes to a cyber career and compared this with 3 different age demographics. The routes:

  • Started in IT then transitioned to cybersecurity
  • Started in another field then transitioned to cybersecurity
  • Perused an education in cybersecurity or related field then got a first job in cybersecurity
  • Explored cybersecurity concepts on my own an was recruited for a job in cybersecurity 

For the age demographics we had;

  • Gen Z/Millennials (under 39)
  • Gen X (39-54)
  • Baby Boomers (55+)

What was interesting, I thought, was that the first option had a fairly even spread. Most people across all age groups transitioned to cyber. An interesting point when we consider that so often we see the argument that there is not enough talent in cyber...well actually there never was - most people in cyber moved there from another IT discipline! 

So if this has been a dominant trait, why are we still looking for career long cyber folks and not looking for people with transferable skills who can learn cyber??

The longest serving group, the Baby Boomers lead the way in people who started in another unrelated field then transitioned to Cyber at 21%. Gen Z lead the way in those who pursued an education in cyber before landing a job -  suggesting an industry orchestrated effect on how people are hired. Who decided suddenly that cyber education was more important than transferable skills - which had previously been so successful?

Finally it is the Gen Z who lead the way in the self learning route. An interpretation could be that in the past there was more willingness to educate internally those who wanted to move across. Companies took the initiative? Now its on the individual? Possibly.

Overall I found it interesting that the solution which is regularly put forward is the way in which cyber has always grown. Yes there will always be a talent shortage, but what if the solution is staring you in the face? 

Retrain, reskill, rebuild your team?