Scramble for Non-Traditional Cybersecurity Talent Shows How Employers are Rethinking Job Requirements

Scramble for Non-Traditional Cybersecurity Talent Shows How Employers are Rethinking Job Requirements

In recent years, bachelor’s degrees have gone from giving young professionals a leg up in the job market to being a must-have credential for a wide range of careers, with college graduates taking the vast majority of new jobs created in the US since the end of the Great Recession nearly a decade ago. More recently, however, employers have begun to question whether these degrees are always necessary and dropping degree requirements for some roles.

A tight labor market and talent shortages in high-demand fields are driving this trend further. Last week, the Wall Street Journal highlighted an analysis of 15 million job ads by Burning Glass Technologies, which found that the share of job postings requiring a college degree had fallen from 32 percent to 30 percent between 2017 and the first half of 2018, down from 34 percent in 2012. Work experience requirements are also declining, with only 23 percent of entry-level jobs asking applicants for three years of experience or more, compared to 29 percent in 2012. That means there are an additional 1.2 million jobs accessible to candidates with little or no experience today than a few years ago.

With growing numbers of unfilled jobs, more companies are looking for ways to broaden their talent pool and speed up the rate at which they can fill a role. “Downskilling,” or requiring less work experience and education, is a strategy many companies have opted for to achieve this. One field in which many employers have “downskilled” to broaden their applicant pool is cybersecurity.

In the wake of numerous damaging, large-scale, and high-profile cyberattacks over the past few years, the demand for cybersecurity experts has grown exponentially. However, the supply of highly-skilled candidates with hands-on experience and certifications is insufficient to meet this demand. An estimated 3.5 million cybersecurity jobs will be unfilled by 2021, up from 1 million openings last year, according to Cybersecurity Ventures. Even the US government has been having a hard time filling cybersecurity roles, to the point that even the Federal Bureau of Investigation has considered easing its requirements for new hires in this field.

To attract more entry-level employees, the cybersecurity software company Symantec partnered with other employers (including CBS, Conde Nast, eBay, Gap, KPMG, and SAP) to launch Cyber Career Connection. The program’s goal is to prepare nontraditional candidates—those without traditional four-year college degrees or significant “on-the-job” experience—for careers in cybersecurity through technical and soft skills training, hands-on internships, and job placement support. This allows non-traditional candidates to develop the skills and credentials necessary for a cybersecurity role through an alternate route and places them on an equal playing field with those who do have four-year college degrees and previous job experience.

By “downskilling” conventional job requirements and considering non-traditional talent sources, companies can increase the supply of candidates for their open roles, thereby improving recruiting outcomes, while non-traditional candidates now have new job options for entry-level technical roles. Other challenges in cybersecurity hiring remain, however: In order to fill this growing talent shortage, employers need to find ways to bring more women into the male-dominated field and make cybersecurity jobs more appealing to millennial candidates.