Garrett O’Hara is the Chief Field Technologist, APAC at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies and is a regular industry commentator on the cyber security landscape, data assurance approaches and business continuity.
It’s already hard enough to find skilled cyber workers, and future demand is only set to increase as digitisation grows across the business world.
A survey by The Center for Cyber Safety and Education (CCSE) noted a global shortfall of 3 million skilled personnel, leading nearly 60% of respondents to say their organisations are at moderate to extreme risk as a result.
Universities are struggling to keep cyber training up to date
Even though every industry is hungry for cybersecurity talent, many companies still prize university degrees and higher education qualifications over real-world training and experience. But when it comes to an area as complex as cybersecurity and cyber resilience, the threat landscape is evolving too quickly for universities and traditional classroom instruction to keep up.
In addition to academic study, today’s cyber professionals also need practical knowledge of modern cybercriminals, the tools of their trade, their methods and their strategies. Unfortunately, the majority of cybersecurity undergraduate and masters degree programs taught in universities today are outdated, leaving their graduates ill-prepared to handle a rapidly evolving threat landscape.
The best cyber talent can come from unexpected places
While classroom training is great for building the fundamentals, the best cybersecurity talent may or may not have an IT degree. They are usually self-taught, hands-on and have a ‘move fast and break things’ attitude. They enjoy thinking on their feet and dislike stale classroom lectures and run-of-the-mill assignments.
There are many passionate cyber workers who come through unconventional routes, honing their skills through their own projects, specialised certifications or internships. They tend to have skills that are far more up-to-date and flexible than the average university student who stopped learning after graduation.
Unfortunately, most organisations are still heavily biased towards university grads. Granted, some companies may have reasons for limiting their candidate pool to people with university degrees and that’s fine, but they still should be looking at qualities beyond just their educational background.
When evaluating candidates, companies need to look for initiative and evidence of proven skills that can close the cyber gap within their organisation.
Online training programs can be a powerful path to upskilling
The good news is, that there is now a large range of options for generalist IT workers to upskill and specialise in cybersecurity. Online courses, micro certifications and specialised training programmes give workers the flexibility to learn real-world skills at their own pace as well as pursue specific areas of interest, without the costs of traditional university education. Studying online is a lot more flexible and the material tends to be more up-to-date as well, making them an attractive option for graduates and non-graduates alike.
The boom in online education is a huge opportunity for companies looking to recruit and retain tech talent. They can cut down recruitment costs by leveraging these programs to upskill their current employees. It’s a win-win situation: the company can fill skill gaps internally, and their employees get the chance to specialise and progress their careers.