The certification trap and broken pipelines: Other experts argued that an over reliance on CVs and certifications is one of the biggest barriers to hiring success in cybersecurity because it acts to shut out otherwise qualified candidates.”Despite bringing valuable experience and perspectives, people with 10 years of work experience are put off because there is a persisting emphasis on certifications,” said Kieran Rowley, director of community at cyber skills training firm Immersive Labs. “It’s absurd that an industry facing a skills shortage overlooks talent simply because candidates lack the ‘right’ exams.”Rowley added: “A cybersecurity degree doesn’t guarantee the best fit.”Raghu Nandakumara, VP of industry strategy at cybersecurity vendor Illumio, said the lack of a clear pathway from education to employment is acting as a barrier to entry into the profession and therefore contributing to the cyber skills gap.”Currently, talented individuals drift into other, more accessible fields as they struggle to find a clear pathway into cybersecurity,” Nandakumara told CSO. “We lack the necessary follow-up support to guide individuals into the workforce.”While apprenticeships and internships are valuable, there simply aren’t enough of them, according to Nandakumara.”Smaller organizations lack the resources to offer such schemes, and the government needs to step in more to support these initiatives or to encourage more larger organizations to adopt them,” Nandakumara added.Chris Wysopal, chief security evangelist at Veracode, argued that the “entry-level pipeline in cyber security is broken.””Many of the best potential practitioners aren’t university types, but unconventional talent like gamers, builders, and deep thinkers found in online communities,” Wysopal said.Criminalizing hacker behavior is a shortsighted move that’s costing the industry an opportunity to recruit more than viable candidates, according to Wysopal.”When it comes to hacking, not every teenager who tricked someone into handing over a password should be branded a criminal for life,” Wysopal argued. “We need to distinguish between genuine cybercrime and youthful curiosity, the latter of which should be sought after in cyber recruitment.”
The AI effect: Cyber talent has always been in high demand but this has intensified with threats increasing in both frequency and severity. The global cyber security skills gap is estimated at 4.8 million, a 19% increase from 2024.”Addressing these skills shortages, we are seeing more organizations turning to AI to do some of the heavy lifting, for example, in early threat detection and summarization,” says Harvey Nash’s Gaibee. “This is not replacing the need for cyber talent, just providing an effective way to manage the ever-increasing threats.”Increased use of AI is changing the profile of candidates in demand, according to both Harvey Nash and other industry experts.IT skills will change, rather than be replaced, as AI takes over more repetitive tasks, according to a recent survey by IT management software vendor ManageEngine.But Richard Watson, global cybersecurity consulting leader at EY, recently told CSO that he believes the level-one SOC analyst role “is going to be eradicated” by AI eventually. As a result, CISOs and cyber pros need to emphasize skills such as business literacy and communication.”The role is shifting to be one of partnering and advising because a lot of the technology is doing the monitoring, triaging, quarantining, and so on,” Watson told CSO’s Christine Wong.So, while technical skills will always be a key issue for cyber skills gaps, as AI takes on more technical tasks, the mix of skills CISOs are short on will increasingly include problem-solving, analytical thinking, and the range of people skills necessary to ensure a robust cybersecurity culture across the enterprise.
Broadening talent pools: Rob Demain, CEO of managed detection and response firm e2e-assure, said the vendor has amended its hiring process to make it more inclusive. As a result, one in 10 of e2e-assure’s workforce identify as neurodiverse, an often overlooked talent pool for cybersecurity.”Their strengths in pattern recognition, creative logic, and attention to detail directly map to the capabilities ISC2 highlights as most in demand and make us a stronger partner for our customers,” Demain explained.Hannah Roome, talent acquisition manager at cybersecurity services firm Bridewell, said the vendor is actively trying to increase diversity and expand its hiring scope by reaching out to universities, industry groups, and those seeking a change of career.”We deliver workshops, presentations, and Q&As to schools, colleges, universities and professional membership organizations such as SANS, WiCyS [Women in Cyber Security], TechVets, and the Career Transition Partnership, both of which support those leaving the military,” said Roome. “Many of these schools and colleges support underprivileged communities from a diverse set of backgrounds.”Illumio’s Nandakumara argued that rather than concentrating on pre-existing technical knowledge in candidates, cybersecurity hiring should focus on creativity, critical thinking, and willingness to learn.”These skills are much harder to teach than technical ones,” Nandakumara argued. “By valuing aptitude and diverse experiences, the industry can attract non-traditional talent and build a more inclusive workforce.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4058190/ai-is-altering-entry-level-cyber-hiring-and-the-nature-of-the-skills-gap.html
