America has enormous holes in its lines of cyber defense.
Today, cybersecurity continues to be a significant threat to our nation’s companies, institutions and even schools. These weakened defenses did not result from a lack of knowledge, ability, or technology. These gaps exist because we simply do not have enough people with the requisite training.
The United States has only enough skilled and qualified workers to fill about two-thirds of available cybersecurity jobs. That leaves nearly 770,000 open positions, and the projected demand for cybersecurity jobs shows no sign of abating. As cybercriminals try daily to breach our online defenses, colleges cannot produce graduates fast enough. Companies are competing with one another to attract and retain workers with cybersecurity skills.
To strengthen our cyber defenses, the United States has a unique opportunity to tap into a talent resource of more than 70 million people who lack a bachelor’s degree but have gained valuable skills through alternate routes. Currently, more than 80% of entry-level and mid-level cybersecurity job postings ask for a bachelor’s degree. College credentials can indeed prepare people for cybersecurity jobs, especially mid-level and senior roles, but other roles don’t necessarily require a degree program.
Skills-based hiring—hiring candidates who have demonstrated abilities and non-degree credentials, rather than a college degree—might offer an alternative. Research has shown that these workers can take on roles with more responsibility. Looking beyond degree requirements can also help create more opportunities for underrepresented learners and diversify the pipeline of workers.
There’s a growing recognition from governor’s mansions to corporate C-suites that degree requirements for many jobs aren’t serving people or employers well. But despite the potential benefits, skills-based hiring is still not widely adopted at scale.
The cybersecurity field can be an important first mover toward skills-based hiring. For one, the need for more workers is acute. The number of cyberattacks, the amount of ransomware payments, and the cost of cybercrime and cyber insurance are rising rapidly. The economic and societal damage from these threats will only continue to escalate until we find a better alternative. If we do not correct the cybersecurity talent shortage soon, it could endanger our way of life.
Second, cybersecurity has the advantage of a built-in pathway. Nearly 80% of cybersecurity professionals started their careers in information technology, where requirements for degreed workers are not nearly as common. Multiple entry-level IT roles can be filled by workers who have some postsecondary training but not a two- or four-year degree. These workers can move into needed cybersecurity positions and advance in the sector.
This approach to getting more employees in the door would be welcome news to cybersecurity specialists, who said in a recent survey that the best action their companies could take to address this talent shortage—something even more effective than raising wages—would be to commit to training new hires in cybersecurity. Companies can help workers collect verifiable non-degree micro-credentials that demonstrate that they have acquired the appropriate training and skills to deliver on the demands and expectations of cybersecurity professionals. This modern approach can help solve some of the immediate needs while providing different types of learners access to degrees, advanced learning opportunities, and higher-earning roles.
New training collaborations can also play a critical role. In 2021, Microsoft launched a campaign with more than 180 U.S. community colleges to train 250,000 people for the cybersecurity workforce by 2025. The apprenticeship model—a proven career track in other industries, especially outside the United States—holds promise in cybersecurity. Since early 2021, apprenticeships in cybersecurity-related occupations have grown by 28% to more than 700 registered programs. By highlighting how hands-on training leads to greater proficiency and higher salaries, college partnerships and apprenticeship models can strengthen and sustain a diverse talent pipeline.
To be clear, we aren’t suggesting that people seeking long-term careers in technology or information security wouldn’t benefit from seeking and completing a degree. Rather, our nation must quickly activate and enable talent by creating pathways that blend credential attainment with immediate economic impact.
Critically, this includes building awareness of short-term stackable pathways and providing specialized training programs or apprenticeships that can help learners step more quickly into IT and cybersecurity roles. This starts with demystifying these careers to help learners understand that cybersecurity roles exist across many industries—banking, insurance, manufacturing, national defense and others—that might align with their interests.
Because the cybersecurity talent gap is so large, our response must be urgent and massive. Our nation must be willing to embrace new strategies for hiring and training cybersecurity talent. The hackers and criminals threatening our nation’s security and economic well-being are not waiting for cybersecurity first responders to be hired and trained. There is too much at stake to delay.
Tom Monahan is president of DeVry University. He has served as chairman and CEO of CEB, a global tech-enabled data and content firm, and on the board of several other publicly-traded companies, including Transunion and Convergys. Lydia Smyers is vice president of U.S. Education for Microsoft, where she is responsible for the sales strategy, execution, and growth of the company’s higher education, K-12, library, and museum business. Before Microsoft, Smyers worked at Oracle, Red Hat, and Ernst & Young.