Podcast interview with Cybersecurity Ventures in Morristown, N.J.
Los Angeles, Calif. – Aug. 16, 2018
Cybersecurity Ventures predicts that there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million in 2014. Clearly, this is a huge challenge and we all need to come together to find a solution. We have to make cybersecurity an attractive professional pursuit for the youth of today!
Those who know me know, I’ve always loved radio (insert your own face for radio joke here…) When Cybercrime Magazine asked if I would go one-on-one with their podcast host, Georgia Reid, to discuss the cybersecurity workforce shortage, it was a no-brainer. Check out our podcast as well as the full transcript of our conversation below.
It is my great hope that this interview will spur more discussion in the boardroom and in the media about education & recruitment in our field. We have to change the conversation to make the potential of a career in cybersecurity more easily understood. People often ask if I have any regrets and while I’m quick to say no – one thing I always tell them is that I wish I knew to dream bigger in my early twenties. I wanted stability and I didn’t really understand how much opportunity was out there in the world. That is cybersecurity to me. The young people of today don’t completely understand the opportunity in front of them and I’m telling you, this is a dynamic, compelling field with technical opportunity, expertise and invention around every turn. The industry changes every 3 years and it’s an incredible field to be a part of. Read on, and check out the podcast because this is such an important topic.
GR: Welcome, everybody. It’s Georgia Reid, and in the studio today — actually, we took the studio on the road to Morristown N.J. today, August 14, 2018 — I am here with Robert Herjavec with Herjavec Group. Welcome.
OK, so just to get this started: In 2014, Cisco estimated that there were 1 million cybersecurity job openings globally. Cybercrime will more than triple the number of job openings to 3.5 million unfilled cybersecurity positions by 2021, according to Cybersecurity Ventures. Is the worker shortage the biggest challenge for organizations in their efforts to defend themselves against cyberattacks?
RH: I think there’s a lot of challenges to people in cybersecurity, all the way from identity to infrastructure, all sorts of things, applications, but the overriding problem is people don’t know what to do with it, and unless we get more people into the field, it’s going to be very difficult to know what to do with these tools. And yeah, I think it is the biggest challenge. It’s easy to buy a point solution; it’s difficult to deploy it.
GR: Speaking of employment in the cybersecurity space, I believe you’ve been quoted in the media saying the cybersecurity unemployment rate is at zero percent. Is that accurate? I mean, that’s a startling statistic. How do employers attract and hire cybersecurity experts in this climate?
RH: I think it is a startling statistic, but I also think we need to do a better job of attracting everyone to it. I think, for a long time, I never got into computers because I’m scared of math. I’ll put that out there. I’m not scared of man things, but you put a math equation on the board, and I’ll start crying like a little child.
GR: Yup, it actually gives me sweats, like I get anxiety attacks. I can’t do it.
RH: Yeah, me too. But now, I’m incredibly technical. I look at my friends; they are like, “Oh, I could never do computers cause I don’t know math” or something. So I think part of it is accessibility. Our field is very technical, it’s very complex, but it’s certainly not insurmountable. And we have to open it up to a wider audience. Women, minorities, different fields, and part of it is also education. I don’t think many people realize what a great job this is. If you know cybersecurity, you have a guaranteed job. For life.
GR: Right! That’s incredible.
RH: For life! What other fields could you say that in? Could you say that as a doctor? Even today, the hospital might close; who knows what is going to happen with healthcare. But my gosh, if you know cybersecurity, you can get a job for the rest of your life.
GR: It is very, very interesting. And speaking of women in cybersecurity, there’s been some industry talk and media attention on women in cybersecurity. There’s a 6-year-old survey that keeps circulating in the media and claims that women only make up 11 percent of the cyber workforce. But a careful investigation into the report and a recalculation that is underway by Cybersecurity Ventures puts the figure at 20 percent or more. Where do you see the figure, and in your opinion, are we making progress in this area for women?
RH: I think there is definitely a disconnect with those figures, and I think we can certainly do more. I think highlighting some of this is really important. Cybersecurity Ventures has done a great job of highlighting the problem — I can’t fix something unless I know there’s a problem. But there is a disconnect with the statistics. And I will tell you this, even five years ago if I walked into a meeting and the CISO or somebody in authority, a director, or even an engineer, was a woman in cybersecurity, I would notice. And I don’t notice anything like that now. It was so rare that I would actually notice. Like, if you said to me, how many people were male or female in the meeting you went to the other day — I just don’t think that way — but the point is, over this five years, we have seen it grow. It has a long way to go, and I think we can do it sooner, and younger, in schools especially, but I think there is a disconnect with those statistics.
GR: So, getting more young people exposed to cybersecurity and open to higher education and future careers starts at a younger age, you think?
RH: Yeah, I do a TV show called “Shark Tank,” and one of the great things that teachers tell us about “Shark Tank” is kids watch “Shark Tank” because they think it is cool to be in business.
GR: Yeah, to be an entrepreneur and everything.
RH: You know, 10 years ago it wasn’t cool. We need that same type of PR, if you will, around cybersecurity.
GR: That’s really interesting. So what do you think, just as far as a PR piece, or if you could say what makes a cybersecurity professional happy in their career? Is it making money? Is it that guaranteed job? I could see it being kind of a cutting-edge environment where they’ll be working on the latest technology platforms. You know, even just being a first line of defense and serving and protecting against cyberattacks. What do you think it is?
RH: I think it’s Batman!
GR: Batman! What do you mean by that?
RH: Kids ask me, “What do you do?” And what I say to them is — I don’t go into a technical explanation — I say to them, “I’m Batman.”
GR: Oh, well, that must make them sit up and take notice.
RH: Fundamentally, I believe what we do is good. I really believe that. I really believe what we are trying to do is help companies, help the world, and make it a safer place. It’s the same reason people become doctors, lawyers, cops, all that kind of stuff. Somewhere along the way, money and all that sort of stuff comes into it, of course, but when you’re a child, why do you want to become a fireman? Because you want to help others. That’s what we do. That’s what Batman does. And I think we need to do a better job of explaining that.
GR: It’s a little bit heroic.
RH: Yeah! I mean it is! We are fighting bad guys. The online world is the Wild West. And there is no sheriff. You know, if you’re stuck, there is no cavalry. No one is going to ride around the corner to save you. You’ve got to save yourself. And how many things do we get to do — a job that has that level of goodness, and by the way, pays very well, has incredible job security, and lets you figure out really complicated problems, and people respect you?
GR: Just one more question. How would you go about hiring someone for this if they don’t have a background in math, science, STEM or technology? I mean, what kind of cross-training can there be from other fields? What are the personal attributes you would look for, for somebody in this field?
RH: Well, I think network knowledge never goes away. If you don’t know cybersecurity, you’ve got to have a basic understanding of infrastructure. You’ve got to know how a router works, and those devices work. Now, if you don’t know that, you can start at a very basic level; you can start with an IT administrator, or even fixing computers, or even in a help desk. You can certainly progress that way. It takes a while; I think that’s part of the challenge. Cybersecurity isn’t something you can show up today and do tomorrow.
RH: So there is a certain amount of training you need. It’s kind of like being a surgeon. It’s hard to just show up and do the job, and it takes time. But, it’s not insurmountable and it’s well worth the journey.
GR: Excellent. Thank you so much for taking some time out today and hanging out with us.
RH: Thank you, Georgia.
Hopefully this conversation spurred some ideas for how you can develop the talent pipeline for cybersecurity specialists in your enterprise. After all, who doesn’t want to grow up to be Batman?
Stay tuned for the next edition of Cybersecurity CEO.
To Your Success,
Originally posted on cybersecurityceo.com