With the number of cyberattacks rising and a widening gap in the cybersecurity talent pool, companies are taking a harder look at resources needed to combat a growing workforce issue. In the U.S. alone, there are more than 700,000 unfilled cybersecurity positions.
While some higher-level cybersecurity positions require advanced certifications, many entry-level positions can be filled by people who have less training. This could include upskilling courses, self-training, or learning on the job. While four-year degrees or master’s degrees aren’t always required to land a cybersecurity job, some companies and organizations are working to develop workforce training with community colleges and other educational institutions to prepare the future cyber workforce.
“There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world,” Vasu Jakkal, corporate vice president of Microsoft Security tells Fortune.
Microsoft Security, the $15 billion cybersecurity arm of the Fortune 500 tech giant, in 2021 launched a national campaign with U.S. community colleges to help skill and recruit 250,000 students into the cybersecurity workforce by 2025. Girl Security, a nonprofit focused on cybersecurity workforce development for women and other minority communities, provides programming with the goal to achieve equity in the national security sector.
Fortune had a roundtable discussion with Jakkal and Girl Security Founder Lauren Buitta to learn more about efforts to combat the cybersecurity workforce gap and how to address it.
Fortune: What are the biggest challenges associated with the cybersecurity workforce gap?
Buitta: It’s important for folks to understand that cybersecurity as we now know it is a relatively nascent professional field. If you think about law or medicine, those are professional sectors that have taken over a century to develop. One primary challenge is that the workforce is trying to get up-to-speed with the skills that it knows we need to remain competitive in a global economy.
Jakkal: Cybersecurity is this nascent field, but it’s growing exponentially just given the way the world works today. We saw that during the pandemic businesses and homes had to become digital, and that created this expanding attack surface that can easily get exploited. We’ve seen cybersecurity being top of mind for all organizations and cyber attacks happening to everyone. You have this perfect storm that’s happening—perfect storm of opportunity, as well—where there’s a talent shortage. That it opens incredible possibilities for women and minorities who may not necessarily feel it’s a field for them today.
How can the U.S. start to get ahead of the cybersecurity workforce gap?
Buitta: Basic cybersecurity awareness can start in the home and it can start as early as childhood. This includes normalizing a discussion around digital security, trust, and safety. Leveraging resources to activate public education in the home and community is very important. If we look at STEM studies and just what we’ve seen in terms of women’s representation in STEM, there’s a lot of important lessons to learn. We need to be getting to diverse populations sooner, which is why our partnership focuses on that important bridge-way between high school to college, where there really is a lack of continuous opportunity. It’s important to not just give access to education, but also hands-on learning.
Jakkal: Today, 71% of women believe that cybersecurity is too complex of a career for them. More than 25% of all grownups believe that parents are more likely to steer their sons into cybersecurity than their daughters. These myths need to change. For cybersecurity to be a career for everyone, we need to start with myth busting and role modeling.
We launched an initiative where we’ve committed to train 250,000 people partnering with community community colleges by 2025. In the corporate world, we need to make sure we have diverse slates when hiring and that we are very intentional. It’s going to take the entire village, from parents to school teachers to hiring managers to colleagues and peers to organizations, to elevate women and minorities into cybersecurity.
Are non-technical skills valued in the cybersecurity industry?
Buitta: Girl Security has always valued what we call enduring skill sets. We engage with girls and gender minorities in our program by asking them what ideas about work, school, responsibility, or jobs they were raised with. Oftentimes when girls come to the table, they say things like, “my parents always told me to tell the truth,” or “hard work is important,” or “working with classmates is important.” Cybersecurity requires collaboration, ethical decision making, and thinking innovation. We really focus on some of those core skill sets that we know are going to be extremely valuable in a changing environment.
Jakkal: One of the things we need to change is how we talk about cybersecurity. For a long time, cybersecurity has been very technical. It’s been very fear-based and really dark. We need to tell stories of inspiration and hope, because that’s what cybersecurity is about. It’s about innovation.
There’s a career in cybersecurity for everyone. Security is for all. Whether you are a neuroscientist, whether you’re a psychologist, you need that, whether you have studied the law, you need that, whether you’re an engineer, you need that, whether you tell great stories, you need that. There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world.
Candidates sometimes get discouraged because companies are looking to hire only the cyber elite. What do you have to say about that?
Buitta: There’s no question that those perceptions are impediments, certainly around the certifications and the associated costs with certifications. The positive is that these conversations are yielding really innovative models to equip the workforce sooner with the cyber skillset that they’ll need while thinking about ways to minimize the cost of populations. But we have a long way to go. At Girl Security, we provide stipended training that is also virtual, so it’s accessible from anywhere.
Just like Microsoft, we’re focused a lot on community colleges: saving cost upfront, making the field as accessible as possible, and then creating a continuum into pathways. We have to have that pipeline in place that is low-cost, accessible, and yields a job for someone who needs a job. There’s plenty of jobs available, it’s just a matter of finding people, making the message accessible and providing them that direct pipeline into an opportunity at a company like Microsoft Security.
What training is really valuable for starting a career in cybersecurity?
Jakkal: When there’s an abundance of opportunities, there are many ways of getting into that opportunity. We do have an incredible talent shortage. Going back to a myth buster, 37% of the people that we surveyed said that they thought a college degree was necessary to be in security. It’s not true. You don’t need a college degree. Many security jobs don’t require a four-year college degree. You can qualify by getting a certificate, an associate degree from a community college. Hence, why we are working with community colleges. There’s also a lot of resources for free because it can be daunting.
The cost itself can be daunting, but there’s a lot of resources. Microsoft has a massive content repository that we have made available. We have made certifications. These are available to anyone who wants to take them, and there are ways you can train yourself and get into cybersecurity. We have this abundance of opportunity, which creates new ways of getting in, and we need to educate people about all these facets about how they can get in.
What other advice do you have for someone trying to break into cybersecurity?
Buitta: For anyone who is interested in the cybersecurity field, especially a young person, it’s understanding that the field needs them. Wherever they see a place for themselves, there is a potential career pathway for them. There are organizations and companies committed to see them thrive in this environment. There are a lot of resources out there. There is a lot of support out there. The workforce really needs that diverse community.
Jakkal: There are lots of jobs in cybersecurity. There is a job for everyone. You need to have the passion for it, you need to understand it. That’s on us to simplify cybersecurity and to explain it. My call to action would be for all our youth, for all our girls in diverse populations, to really believe that there’s something in cybersecurity for them. It’s our responsibility to create those opportunities for them.
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.