With attacks such as WannaCry, cybersecurity has the most dangerous skills gap. ESET’s Urban Schrott thinks one generation in particular could solve the problem.
Millennials, the name given to the demographic cohort born, roughly speaking, between 1980 and 2000, are members of what is now the largest living generation. As they mature into 20- and 30-something professionals, they are taking over the helm from their parents across all sectors.
But, with a predicted shortage of 1.8m workers within information security by 2022, the gaping employment gap means the influx of a millennial workforce will be critical – and may well reshape the industry.
Mind the skills gap
According to Stephen Cobb, a senior security researcher at ESET, the cybersecurity skills gap is the result of surging demand thanks to rising cybercrime, as well as a lack of – among newbie tech professionals – the historical enthusiasm of previous generations to maintain and secure existing systems.
Cobb wrote recently: “A lot of experienced security professionals are reaching retirement age, while many of today’s students find the potential rewards of building tomorrow’s technology more appealing than the task of securing yesterday’s.”
However, with headline-grabbing cyberattacks such as WannaCry, which went global last month, the importance of information security couldn’t be higher on the agenda – meaning there can only be increased emphasis on, and interest in, finding the best solutions to stem the disruption.
Rebalancing the industry
Into the vacuum left by retiring baby boomers will step “the most diverse group of information security workers” ever, according to a recent study from the Center for Cyber Safety and Education (CCE).
This is important, as research repeatedly shows that diverse workplaces outperform non-diverse alternatives, and it appears that information security is heading that way. According to the CCE, 78pc of baby boomers in the industry identified as being Caucasian. For millennials, it’s only 65pc.
Furthermore, an influx of young blood may help rebalance the gender skew. As of 2015, women held only one in 10 computer security positions. “As women make up more than half the population, and almost half of the current workforce, this means that our industry could be failing to reach skilled professionals who may not even be aware of the possibility of a career in computer security,” writes ESET researcher Lysa Myers.
Unlocking talent and encouraging people from all backgrounds to see information security as a career path is one means of helping the employment rate keep up with retirement rate. Reports show demand for cybersecurity professionals is growing 3.5 times faster than the overall IT job market, and 12 times faster than the total labour market.
But a 2014 survey by Raytheon and NCSA found that 67pc of men and 77pc of women in the US said no high-school teacher or career counsellor had ever mentioned the idea of a cybersecurity career.
According to the CCE study, millennials aren’t just a diverse workforce – they’re positive and open-minded about change, too.
It found that 58pc of millennials were optimistic about their companies’ performance metrics a year after a breach (compared to 48pc of boomers) and that they’re more likely to voluntarily change jobs — not due to low job satisfaction, but to find better professional perks.
The research showed that millennials are keen on training programmes, mentorship between experienced and new employees, and flexible working arrangements. That means that employers mindful of the skills gap would do well to offer such things to attract millennials.
Broader research suggests millennials would prefer high-paying, skilled and diverse jobs at companies they believe in, which means that both remuneration and integrity are important.
How exactly the future of the industry will be shaped remains to be seen, but the aforementioned study revealed that 37pc of young adults are now more likely to consider a cybersecurity career than they were a year before.
And so, while it’s certainly concerning that there is a significant gap in cybersecurity talent, enthusiasm for, and interest in, this burgeoning and increasingly important and relevant industry is on the increase. Things are changing. The millennials are coming.
Urban Schrott is an IT security and cybercrime analyst at ESET Ireland.
A version of this article appeared on the ESET blog.