- Why Abacus?
This article was written by Paul Ponzeka CTO at Abacus Group, and originally appeared in Forbes.
Despite adding almost half a million workers in a year, the global cybersecurity workforce gap has experienced a 26% year-on-year increase. Meanwhile, securing systems, networks and data against constantly evolving cyberattacks has become more complex and challenging than ever. With demand far outweighing supply, cybersecurity specialists are highly sought-after in today's job market, offering lucrative salaries and promising job prospects for a fresh pipeline of emerging cyber talent.
However, breaking into cybersecurity and achieving expertise is a challenging feat. It requires years of continuous learning and dedicated effort, and people without prior industry knowledge may face challenges navigating undefined learning paths. Cyber professionals must prioritize ongoing education and certifications to ensure long-term success while charting a clear trajectory in the field.
How can a new generation of cybersecurity talent be supported in building a portfolio of security credentials to advance their careers?
Cybersecurity certifications cover a wide range of disciplines, skills and emerging security trends. From threat intelligence and penetration testing to governance, risk and compliance, these certifications provide a comprehensive framework for professionals to enhance their knowledge and proficiency. They have also become the norm in many security job descriptions as organizations seek measurable indicators of prospective employees' expertise.
A certification amounts to more than a fancy piece of paper or a resume feature. It signifies that a person has invested in their ongoing education and has demonstrated their excellence in the field. Certification also speaks to their character as a professional, showcasing their adherence to a code of ethics and often involving endorsement from existing credential holders.
Even so, a person with numerous certifications but limited real-world experience will not necessarily outperform somebody with hands-on expertise but no cybersecurity credentials. Striking the right balance between certifications and practical experience is crucial. Organizations should provide new cyber talent with exposure to various specializations and verticals, allowing them to apply their certified knowledge in practical scenarios. For example, a rotational cycle program will enable professionals to explore diverse focal areas within the field.
Rather than feeling intimidated by their senior peers and the array of certifications and specialisms they hold, organizations should encourage cybersecurity newcomers to actively engage with them. This will allow them to broaden their perspectives, gain valuable insights and stay informed about the most valuable cyber credentials in the field.
It's an exciting time to be in cybersecurity, and new developments continue to propel the industry forward. Whether it's analyzing vulnerabilities through red teaming exercises or securing emerging technologies like IoT and cloud computing, the field is ripe with opportunities for cyber professionals.
Accordingly, the U.K. Cyber Security Council has developed a cyber pathways framework encompassing 16 clear specialisms. This includes a new certification mapping tool that details the qualifications and experience required for diverse cybersecurity disciplines.
The introduction of this framework provides transparency and support for industry newcomers, shedding light on a range of career progression opportunities. This, in turn, allows organizations to attract and retain cyber talent by providing clear career paths along with the necessary training and development support.
While the U.S. does not yet have a similar mapping tool, there is a notable push toward industry standardization. Certifications that demonstrate direct correlations or have a broader focus beyond specific municipalities are gaining prominence. For example, there are significant overlaps between the EU's General Data Protection Regulation (GDPR) and U.S. state laws, such as those in California, that have essentially adopted GDPR principles.
As a result, security certifications are gaining more transferability across different regions, resulting in better-aligned development paths and greater opportunities for a new generation of cybersecurity talent. Notably, Google has also recently launched an entry-level cybersecurity certificate that offers hands-on experience with industry standards and tools, while universal frameworks such as the MITRE ATT&CK framework will continue to shape how certifications are leveraged in the real world.
In addition to gaining certifications, upward mobility in cybersecurity requires professionals to broaden their perspective beyond the confines of "black box" security and grasp the broader business context of their roles. Understanding how cybersecurity aligns with the overall objectives of the organization is crucial for effective decision making and risk management.
Firms can start closing the cybersecurity skills gap by promoting from within, continually upskilling and reskilling their workforce to raise their collective security intelligence. This may involve encouraging people from the wider business to build a portfolio of security certifications or even transition to the cybersecurity team. For example, someone moving across from the marketing department will bring a valuable understanding of the intersection between security and other organizational areas, fostering greater collaboration and alignment with external stakeholders.
Regardless of background or previous experience, there are cybersecurity certifications designed to meet people where they are. However, to truly prioritize cybersecurity talent development and deliver worthwhile learning opportunities, organizations must tackle barriers such as time constraints and certification costs. One way to address this is by providing dedicated study time and support, enabling employees to seize valuable learning opportunities and advance at their own pace.
As a relatively young field, cybersecurity is primed for further evolution and transformation. Organizations now have a golden opportunity to seize the moment by combining ongoing education, certifications and hands-on experience. In doing so, they will not only strengthen their long-term security posture but also position themselves as an attractive destination for top cyber talent.