What One Cybersecurity Company is Doing to Help Close the Workforce Gap
In an effort designed to help close the cybersecurity industry’s 2.72 million global workforce gap, cybersecurity firm Trellix is launching new initiatives and partnerships aimed at creating a new pipeline of cybersecurity professionals.
The company, which announced its Soulful Work initiative earlier this year, is adding on and expanding that work, executives said at Trellix’s Xpand Live event in Las Vegas.
These new efforts include a new partnership with St. John’s University’s College of Professional Studies to create exciting avenues for its graduates. Trellix will be donating services to help improve students’ cybersecurity skills through curriculum development, classroom instruction and computer-based learning.
This partnership follows Trellix’s recently announced collaboration with the National Cybersecurity Alliance (NCA) to launch the Historically Black Colleges and Universities Cybersecurity Career Program, which seeks to increase diversity of an industry which includes just 9% of African Americans.
To help support its Soulful Work initiative, the company launched SoulfulWork.com, a new education and recruiting resource designed for professionals looking to break into cybersecurity. The company says it is committed to changing the industry mindset regarding the talent pool for recruiting the next generation of cybersecurity professionals.
In support of these goals, the company hosted undergraduate and graduate students from the College of Southern Nevada, Duke University, Prairie View A&M University, Shenandoah University, St. John’s University, St. Phillips University, and the University of Nevada Las Vegas to the Xpand Live event. Students received hands-on training, networking and professional development opportunities, and free eLearning to support the development of their cybersecurity skills.
In addition, the company hosted a Women in Cyber Changemaker Forum that produced discussions on the systemic barriers preventing broader gender diversity in the industry.
Trellix also welcomed professionals from the Hispanic Alliance for Career Enhancement and Latinas in Tech, who were provided with hands-on training, networking and professional development opportunities. The previously announced HACE-Trellix Cybersecurity Accelerator Program provides a mentorship and educational program to encourage and recruit talent in all phases of their career into cybersecurity as a meaningful and rewarding career path, the company says.
Where to find the next generation of cybersecurity professionals
Those initiatives—as well as others throughout the industry—aim to help organizations think outside of the box and consider professionals from non-technical backgrounds for security roles. Your organization’s cybersecurity professionals don’t have to come from a security background, and technical skills aren’t even necessarily a hard requirement for entry-level workers, according to Mike Kizerian, Trellix’s principal technical instructor.
According to Kizerian, organizations should focus less on qualifications and certifications and instead invest in candidates that have the drive, focus and soft skills needed to excel in a cybersecurity position.
Entry-level cybersecurity job openings often require an unrealistic level of certifications, education and experience, which can automatically disqualify a large group of applicants. To fuel that pipeline, Kizerian suggests throwing those standards out the window.
“This solution starts with the hiring process,” Kizerian says. “Entry level means entry level, this means no certifications, it means no experience.”
Those soft skills include:
- Critical thinking
- Verbal and written communication
- Eagerness to learn
- Strategic thinking
- Growth mindset
- Data analysis
- Adaptability
Technical skills can always be taught, but candidates with these skills always make for great cybersecurity learners:
- Networking
- Desktop administration
- Server administration
- Coding/scripting
- Hardware/software interaction
- Cloud technology
- Web technology
- Database technology
While not an exhaustive list of required technical skills, Kizerian says anyone can learn those foundational skills.
“There’s no reason that somebody’s coming in with a decade doing marketing, and only touches a computer to email, can’t learn (these skills),” he says. “There’s no reason they can’t learn how to code or script.”
Once these new employees have had time to learn these skills, Kizerian suggests they shadow established security professionals and learn about the ins and outs of their organization’s IT environment.
However, since cybersecurity is a continually evolving field, new security professionals should always pursue continuing education opportunities and stay in tune with the global cybersecurity community. This process includes subscribing to alerts from the U.S. Cybersecurity and Infrastructure Agency, SANS StormCast, various vendor blogs on new threats and social media pages.
If done right, a new SOC analyst without any technical background can be trained and operational within two months.
According to Kizerin, 60% of companies say they struggle to find cybersecurity professionals to hire, but by thinking outside of the box and investing in training and education, they can start to close those gaps.
Gloss