Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017 (note: I am an ESG employee).
Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note: The two ESG/ISSA research reports are available for free download here).
This circuitous route to cybersecurity comes with some added benefits as IT professionals arrive with plenty of organizational and technical experience. This begs the question: Which experiences are most helpful as IT professionals transition to cybersecurity. The ESG/ISSA research reveals that:
- 46% of those who transitioned from IT to cybersecurity say that their IT career helped them gain experience with different types of technologies. This is certainly worthwhile as cybersecurity pros need to understand everything from identity management, to networking concepts, to application development. Hands-on IT experience can only help provide a well-rounded education in multiple areas.
- 44% of those who transitioned from IT to cybersecurity say that their IT career helped them gain IT operations knowledge and skills. Security teams work closely with IT operations in areas like configuration management, change management, and risk mitigation. It is extremely useful when you understand the challenges and responsibilities of your collaboration partners.
- 28% of those who transitioned from IT to cybersecurity say that their IT career helped them understand collaboration between IT and business units on business initiatives, processes, and strategic planning. This is an important point – IT personnel have had to develop a close relationship with business management over the past 25 years or so. Alternatively, security personnel were viewed as backroom geeks until the past few years. IT’s business experience and acumen could be a crucial addition to most cybersecurity teams.
- 18% of those who transitioned from IT to cybersecurity say that their IT career helped them with software programming knowledge and skills. Another important qualification as there is a lot of insecure software out there. Understanding programming can help security teams anticipate and address common software vulnerabilities and configuration errors.
With the uptake in cloud computing, a lot of old-school IT infrastructure personnel will likely find themselves on the chopping block over the next few years. These folks would certainly be well served by leveraging their valuable IT experience in a cybersecurity career. My advice to this group is to pursue training, watch market developments, and actively manage your careers. This could turn a dead-end IT job into a lucrative cybersecurity career over the next 12 to 18 months.