By: Amos Reed

Welcome to another terrifyingly tantalizing Tale from the Crypt. Imagine, if you will, being led down an educational path by a trusted council. After applying yourself to the studies of the coursework and emerging with a coveted four-year degree, you are filled with the anticipation of starting an exciting career in an industry that is screaming for qualified people. In fact, there are over 500,000 open positions in the United States, as I tell you this tale.¹ Certainly you can easily qualify for an Entry Level Position with those odds, right?

You begin your hopeful quest by searching the internet for “Entry Level Cyber Security Jobs” and commence scouring through the open positions, each one leaving you more frustrated than the previous, as you review the “Requirements” and “Preferred Experience” sections of each job posting. You begin to accept the inevitable reality of your career’s demise, before it has even begun. You simply cannot meet the listed requirements. You ask yourself, “how can this person even exist?” Expanding to a nationwide search doesn’t make things any more hopeful.

There is a Threat & Vulnerability Operations Specialist in St. Louis, MO. This company’s job description requires at least an Associates Degree and 5-10 years of experience. But they prefer a Bachelor’s Degree with 10+ years of experience and multiple Cyber-related Licenses & Certifications for their “Entry Level” position.

You move east to a Cybersecurity Threat & Vulnerability Analyst position in Charlotte, NC. This job description requires a Master’s Degree & 2+ years of experience, or a Bachelors Degree with 6+ years of experience. In addition to those requirements, they prefer possession of one or more industry standard certifications. Included in the list of Preferred Certifications is CISSP & CISA. Both of which require 5 years of specific job experience prior to being able to be considered for the certification. What a terrifying thought it is that these requirements are listed for an Entry Level Position!

As your search continues, you move north, up the coast, to a Penetration Tester & Ethical Hacker position in Franklin, MA. This job description lists requirements of Bachelors Degree with 5+ years of experience, as well as having at least one certification. Listing, yet again, CISSP as one of the certificates preferred for the “Entry Level” job.

With little luck in the Midwest & East Coast, you search on the West Coast and find a Cybersecurity Analyst – Information Security position in Vancouver, WA. This entry level position again requires a Bachelor’s Degree, 5 years information security experience, and certifications. Your demise is imminent as you realize there is no possible way for you to fulfill the listed requirements for the job descriptions, now nationwide. In a last-ditch effort, you search once more.

The “Hail-Mary” delivers an “ICS Security Consultant” in Houston, TX. For this Entry Level job, you need a minimum of: 2 years control systems security, 3 years with ICS systems, another 3 years with one or more; IEC 62443/ISA 99, ISO 27001, NIST SP 800-82, or CPNI Good Practice, and an additional minimum of 2 years supporting specifically listed systems & troubleshooting, all to go along with your “Minimum Requirement of a Bachelors Degree.” And those are simply the “Requirements” of the job description, not the additional laundry list of “Preferred Skills”.

This tale is not fiction. This is the reality of our current state in the Cybersecurity World. We have an alarming amount of open positions at a time where we should be training our teams on how to stay ahead of cyber threats, instead of building fictitious job descriptions. The inability to be precise in the skillset actually needed to perform the duties has only helped to perpetuate the problem. Jobs continue to go unfilled, because the descriptions provided are of people who do not exist. For the gap to be closed in the cybersecurity world, we MUST find a way to realize what the minimum skills & talent potential are, rather than having an obscure list of requirements that don’t logically go together. The growing gap of open, necessary roles in cybersecurity is an ever-increasing recipe for disaster. And as more & more conveniences are attached to technology, the unmanned roles could lead to people being injured, or even dying, due to hacked operational items.

The light in the darkness of this cryptic tale, however, is that there is an answer to the problem. By engaging in collaborative efforts between Corporate, Government, Academia & Training entities, we can begin to define what is a realistic, viable skillset needed to begin a career in cybersecurity. From there, we can begin closing the gap and get ahead of the great chasm of darkness.

CyberUp is one of the first organizations of its kind in the United States. We are looking to continue to partner with businesses to forge ahead in the bright future of cybersecurity. “The best way to predict the future is to create it.”² Let’s work together to create our collective future, rather than continuing down the current path witnessing continued ghastly Tales from the Crypt…

1. <iframe height=’600′ width=’600′ frameborder=’0′ scrolling=’no’ src=’http://cyberseek.org/widget-heatmap/heatmap.html’></iframe>
2. Abraham Lincoln