An article titled “Cyber Boot Camps Fall Short For Some Students” appeared in the Pro Cybersecurity section of the Wall Street Journal of 19 May 2022 (article link at the end of this post). It highlights an important issue with career paths into cyber security.
The United States is the focus of the article, but challenges in transitioning from the initial education and training phase to viable career pathways in cyber security would appear to be much more widespread that just the US.
The article highlights comments such as, “Entry-level cybersecurity jobs are kind of a myth”, from people who have invested quite large sums of money and successfully graduated from boot camp programmes.
It would also seem reasonable to hypothesise that if people have met the entry requirements of such programmes and successfully graduated, they should have the necessary aptitudes for entry into a cyber security career.
The point here is that many boot camp programmes, and also 3rd level programmes, in cyber security would in themselves appear to be insufficient in terms of equipping job seekers with the skill sets required by the cyber security market, even at an entry or junior level. Other possibilities might be that there is a mismatch between the perceived level of career opportunities and the reality on the ground, or that job opportunity qualification and experience requirements are unrealistic at the recruitment level.
Clearly one has to apply a reality factor to the constant media and recruitment drumbeat headlines concerning the shortage of cyber security talent and there is work to be done differentiating the substance from the soundbytes.
Either way, one of the challenges that exists is a better calibration of the market requirements – available resources equation.
However, if there ever was any doubt, Russian cyber aggression, present, past, and undoubtedly future, should assist with clearer thinking about the state of the cyber security threat landscape. Competent cyber defence strategies, plans and incident management clearly imply the need for requisite skills and hands on deck.
For example, in the recent past, the Irish Government, through various Springboard initiatives, provided funding for 3rd level institutions to develop and deliver a level of cyber security training for candidates who met certain criteria, and at no cost to the candidates themselves.
While this is laudable, and no doubt some benefits accrued, concete evidence of such benefits would be hard to come by. The main risk would again seem to be a significant gap between the acquired skill sets of the successful graduates, and the actual skill sets and experience required by the market.
An alternative and arguably more efficient approach might be to provide the comparable funding but applied through an integrated vertical initiative with tighter selection of candidates, specific focused skill sets, and bolted-on internship or entry-level positions with suitable organisations on successful graduation.
The Wall Street Journal article article can be found here: