Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Fixing the cybersecurity workforce problem starts with us

By Dave Stapleton
security-workforce-fp1170x658v8.jpg

Image via Freepik

November 4, 2022

Cybersecurity finally has a seat at the table! From enterprise executives, to boards, to government organizations, everyone seems to be prioritizing, or at minimum recognizing the importance, of cyber risk.


Enterprises are expanding security budgets to invest in new solutions and are giving their chief information security officers (CISOs) an elevated platform to communicate internally and externally. Board members are asking hard-hitting cyber questions and requiring team members to spearhead risk management programs and other cyber strategies.


The federal government is routinely publishing guidance and issuing legislation. Recently, we’ve witnessed the launch of the American Cybersecurity Literacy Act, software supply chain guidance for developers published by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) and numerous cyber-focused White House memos.


What’s most encouraging about all of this is the fact that it has created an opportunity for the public and private sectors to work together to bolster our defenses and mitigate shared risk. This is absolutely key to creating a more cyber-secure world, and we’re all taking that step.


This is excellent. This is what myself, and other CISOs and security professionals have wanted for years. And, while we are thrilled and celebrating this progress, we also recognize that there is a problem here as well.


There are hundreds of thousands of unfilled cybersecurity positions. Broadly speaking, any significant cybersecurity initiatives on a national level are going to be hampered by the industry’s current workforce challenges. When everyone currently employed in this space is wearing a dozen different “hats,” it is difficult or impossible to find time for specialization, experimentation, and innovation.


I’ve had a bit of a personal experience lately that produced some tangential thoughts on this topic. Essentially, I’ve realized we need to lower the barrier to entry to the industry. With this approach, we are one step closer to solving the problem.


The solution: Entry level should be entry level 

This will come as no surprise to anyone who has been involved in cybersecurity recruitment. There may be many unfilled positions, but there is no shortage of interested folks. There are a plethora of recent college graduates, tinkerers, or self-educated enthusiasts who are looking to kickstart their careers in cybersecurity. They are curious, hungry to learn, and eager to break into the industry.


Many of these individuals make amazing candidates for an entry level role, but a majority of these positions are not as ‘entry level’ as advertised. That’s right, far too often an “entry level” job listing will require three to five years of experience or an advanced degree for an entry or junior level position — a catch-22.


Those that are truly entry level do not qualify, and those with three to five years of experience do not want to remain in entry level positions. So, these jobs remain unfilled, and the workload continues to pile up on the other security team members. Entry level should mean that no experience is required.


Organizations need to look for candidates that are passionate and willing to learn and then commit to mentorship and allocating funds for the necessary education and training. That’s the approach I took recently, and I was blown away by the responses I received.


A couple of months ago, we needed a security analyst(s) for our SecOps team. We had a choice of pursuing a single analyst with three to five years of experience or splitting the position into two entry level roles. We decided on the latter, and made the conscious decision to have these positions be truly entry level, meaning no experience was required.


When I shared the job openings on LinkedIn, I stated that our primary requirements were that candidates have a demonstrated interest in the world of security and a desire to keep learning. We were absolutely inundated with applications. My post on LinkedIn received nearly 350 likes, 60 shares and 150 comments almost instantly.


After two days, we had to turn off the job posting because we had received over 600 applications from people around the world representing all walks of life. I wish I could have hired everyone.


My experience is just one anecdotal example of the immense appetite for cybersecurity careers. We have to lower the barrier to entry, focus on mentorship and prioritize continual training and education. This will build our workforce back up and allow the private and public sectors to actually begin collaborating effectively.


Everyone needs to do their part 

The U.S. government already hires an enormous number of college graduates for security roles, but I think they, and the private sector, can do much better. We’re not the only ones implementing this type of hiring practice. There are many other SMBs that are doing this as well!


And, if all of these SMBs can find a way to onboard and train truly entry level security professionals, then most other organizations should be able to as well. I can promise you, mentorship is not as daunting as it seems and is actually quite rewarding.


Spend the necessary time to train your entry level employees on one or two specific tasks that they can own within the first few weeks of employment. Implement monthly ‘lunch and learns’ with your team members to facilitate educational workshops.


As your team becomes more experienced, you can pass off the facilitation responsibilities to other members. Ensure that you are allocating portions of your budget to professional development. Send your entry level folks to educational conferences like Black Hat, where they offer numerous training sessions on-site. They can network, learn and absorb all at the same time. These are just a few of the ways that you can train new employees.


In a scenario such as this, where there is a large workforce shortage, yet a serious demand for talent due to the tumultuous climate of cybersecurity threats, we must all do our part.


We can’t sit back and wait for talent to come to us; we must create that talent. That’s the key to fortifying our walls against cybercriminals, implementing the latest initiatives stemming from the federal government and stopping the human impact felt every day across the globe from devastating cyberattacks.


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: cyber security cyber workforce risk management workforce development

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dave Stapleton is Chief Information Security Officer (CISO) at CyberGRX.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • endpoint-sec-freepik1170.jpg

    Sustainable cybersecurity starts with protecting both sides of the entry point

    See More
  • SEC1218-career-Feat-slide1_900px

    Nearly 10 Million People Filed for Unemployment in the US: What Does It Mean for the Cybersecurity and IT Workforce?

    See More
  • typing hands on computer keyboard

    Overcoming the cybersecurity talent shortage starts with hiring

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing