There is a woefully low supply of cybersecurity workers, with open positions taxing the number of available employees.

Between April 2017 and March 2018, Cyberseek reported more than 300,000 job openings in cybersecurity and a total employed workforce of more than 768,000 cybersecurity professionals.

The low supply of workers, however, makes it unlikely companies will fill open cybersecurity positions, particularly in states with heightened demand like Texas, Maryland, Virginia and New York.

In response, companies are turning to training pipelines separate from colleges or universities to hire qualified workers. More affordable for students, online programs focus on real-world applications and can help workers expand their existing knowledge base or pivot careers entirely.

Breaking into security

While cybersecurity concerns plague headlines — both mainstream and industry-specific coverage — pathways to get into technology are not always clear. Some self-taught developers can enter tech roles using connections or coding prowess, and others transition credentials into jobs, without necessarily relying on formal education.

In software development, for example, worldwide about 75% of professional developers have a bachelor's degree or higher, according to Stack Overflow's 2018 developer survey. But developers can still find jobs without degrees.

However, without experience, breaking into technical or analyst roles poses more of a challenge.

While at the University of Cincinnati, Gabrielle Hempel, security analyst at Accenture and assistant mentor at Cybrary, studied psychology and neuroscience, with a minor in criminal justice. Upon graduation, she began working in pharmaceutical compliance, gravitating toward the IT space and projects in data governance.

Interested in security, Hempel found herself looking for resources to bridge her technical and knowledge gaps. Subreddits for netsec and netsecstudents pointed her in the direction of Cybrary.

Cybrary is a free cybersecurity training platform, launched in January 2015. The organization reports a network of more than 1.7 million IT and cybersecurity professionals, with training in courses like CompTIA A+, cryptography and social engineering and manipulation.

Cybrary is not alone in the industry. There are many programs available across the security sector — some free, some not — including Sans Cyber Aces, Udemy and a virtual learning portal through the U.S. Department of Homeland Security. 

Completing a program does not guarantee employment, but coursework readies students for industry exams. The platform also offers career learning pathways, something Hempel took advantage of.

"I came from a field where it wasn't relevant at all, so I started from the ground up with Cybrary," Hempel said in an interview with CIO Dive.  

When she started her new role, "I felt like people were speaking a foreign language for the first couple weeks." Once she settled in, Hempel was able to apply what she had learned through online programs to her new position.

On to the next one

People are joining the security sector regardless of background. Cybrary students have an array of degrees, including IT, computer science, engineering, information science and business.

"There's really something for everybody's background in coming into cyber," Kathie Miley, COO of Cybrary, said in an interview with CIO Dive. "It's just that people don't realize that because it's not all tech."

One of the key issues is many people do not know cybersecurity is an option, or lack awareness about how to get into the field.

"I think people know that the positions are out there. We've known for a long time that we're facing a massive talent shortage," Miley said. But if Hempel had not been pointed in the direction of cybersecurity coursework by peers or colleagues, "she probably would have had no idea where to start."

If Hempel had been exposed to it, she probably would have considered cybersecurity a career option earlier. "It wasn't really ever presented to me," Hempel said.

Hempel began her new role at Accenture in June, conducting vulnerability scanning and remediation, which goes along with threat detection. Part of her responsibilities include aspects of project management, ensuring people are connected on the right projects and service line agreements are met.

While Hempel came in with training from Cybrary, there is still a lot of on-the-job learning required.

Programs offer the fundamentals behind concepts in information technology, acting as building blocks. But a lot of the application comes when a technical worker is in a company's environment, according to Hempel. Even the same tools can differ in use across companies.