Skills gaps, certifications, new tools, employability – there are many challenges and elements to consider when putting people work in cyber security. What skills do prospective employees need to be work ready? How ought professionals demonstrate their capabilities? What aspects in the recruitment process should candidates be aware of? These are some of the questions that were discussed in a recent webinar with expert panelists Steve Wilson and Sunny Jassal of British Columbia Institute of Technology and Michael Kaplan of Phase2 Advantage.
Build Soft Skills
It’s no surprise that employers looking to fill open cyber positions want to hire someone with technical prowess but also effective communication skills. ‘Soft skills’ tend to be overlooked in the industry yet, as the panelist’s explained, are critical to thriving in the industry. Michael Kaplan noted that the impact of someone who has good soft skills is invaluable to making a good first impression in an interview.
Imagine a candidate who walks into an interview where the hiring manager asks if they know Wireshark. If the candidate had instilled confidence and competency in his abilities, his reply of ‘take me to a computer and I can show you’ would certainly make him stand out among the pile of resumes.
Hands-On Cyber Practice
Do certifications or experience matter more when applying for a job in cyber? That’s the chicken or the egg question in the industry…Naturally, certifications are the bread and butter of many cyber career pursuits and our panelists recognized the value they bring to the table, especially when coupled with hands-on practice. Sunny said certifications are still relevant and they demonstrate to an employer that you’re passionate about the subject. It shows you “have the grit to prove yourself,” he said.
Yet certifications only carry a candidate so far in the hiring process. They may get you the interview but may not get you the career. That’s where hands-on cyber range experience comes into play. Panelists touted the value of hands-on experience working with real cyber tools in realistic environments in order for candidates to show their skills to prospective employers.
You may have the certs but if you can’t apply what you learned from obtaining that cert, you’ve wasted your time and your employer’s money, Michael stated. Sunny shared some of his personal barriers when entering the field, starting out first as an IT professional and transitioning into cybersecurity (a common career path transition for many). How do I build a lab? Where do I look for resources or a playbook? Those were some of the questions Sunny had to answer himself since gamified scenario tool sets weren’t readily available at the time. He continued on to say how important it is to think like an adversary and it requires a mind shift that can be cultivated with hands-on training available.
Lifelong Learning in Cyber
The dynamic nature of the cyber profession not only places barriers on those seeking employment but also on those training and teaching cyber security. We often neglect the “trainers” or those who are teaching students about cyber security, Michael noted. There must be a top—down approach whereby trainers and educators are equally comfortable teaching cyber, even if (and oftentimes) their background isn’t in that discipline.
“What about the folks who are in professional development or in technical college systems who wake up one morning and find themselves in charge of teaching a technical cyber program? It’s putting them at a serious disadvantage,” said Michael, if they are not trained to teach curriculum that is enriching and hands-on.
Cyber security is a lifelong learning journey that extends beyond what certifications provide. Even remote work as a result of COVID has impacted how today’s businesses harden network infrastructure, and infosec professionals need to be ready to adapt to anything the industry throws their way—requiring continual learning.
Academia and workforce development companies are adapting to these shifts by building courses that surround certifications so that by the time a learner in a 2- or 4-year program graduates, they will have taken a course that prepares them to pass a certification exam. A blended learning experience is a shift that Steve predicts, will continue to gain traction across institutions that are looking to put people to work in cyber security.