Cybersecurity Apprenticeships Don’t Address Core Issues
Amidst mixed at best economic news of hiring freezes, there will continue to be a shortage of people working in information security and other related jobs. There are countless reasons why people have left the industry and ways to get new recruits, but a fundamental problem is that cybersecurity jobs require highly experienced, skilled and educated professionals.
Apprenticeships offer an alternative to college, but they are more likely to offer a pathway into the information technology workforce rather than specifically to a cybersecurity job.
Leaders from the United States government and business community met to discuss the perennial problem of unfilled cybersecurity jobs. The Biden Administration publicized a new initiative that basically doubles down on existing workforce development programs focused on apprenticeships. The White House will publicize the National Initiative for Cybersecurity Education’s (NICE) Registered Apprenticeship programs from now until mid-November.
The more than 100 programs in NICE’s database are targeted toward people that do not intend to graduate from a four-year college. For the most part, they provide training for “feeder” jobs into the cybersecurity workforce, like help desk and network administration. These are jobs you get before you get an entry-level cybersecurity job.
Fifty percent of job listings for IT support do not request a college degree in their job requirements, according to Cyberseek, a public-private collaboration NICE is involved with. Network and systems administrators often work up to their positions, — so, by default, they get around these requirements. Most other jobs that are entry points into cybersecurity are professions where a college degree is expected.
Apprenticeships can also be required in order to get a degree. According to a recent Equinix survey of IT decision-makers, 34% of companies worldwide partner with an institution of higher learning on a degree apprenticeship.
Hands-on experience with cybersecurity is essential for job candidates. Compared to a university degree, it is three times as likely to be considered very important to determining a cybersecurity job candidate’s qualifications, according to a recent ISACA study. Yet, a college degree is still required for an entry-level security job, according to 52% of respondents. Credentials are seen as ways to prove skills, but then each level of certification is usually viewed on its own merits.
Degrees matter most to those that already have them. Yet, according to a Linux Foundation survey, only 22% of non-college-educated hiring managers responsible for hiring open source professionals believe it is very important, while 49% of those with a degree feel that way.
Where Companies Recruit for Tech Talent
The “Equinix 2022 Global Tech Trends Survey” is based on data collected in March from 2,900 respondents, a pool made up of 100 IT leaders from 29 different markets throughout the globe. It shows that 85% of companies are reskilling workers into tech-focused roles. Most of the time, they are focused on recycling existing tech workers — retraining people from other IT and related industries.
Other relevant takeaways from the wide-ranging study include:
- Europe, Middle East and African (EMEA) companies are significantly less likely than the global average (51% versus 62%) to be training people from the tech industry for other tech jobs. European companies may be relying on government programs to do the training.
- Only 31% of companies that are involved with tech reskilling efforts are actually looking at people employed in other parts of their business besides those already in IT-related departments.
- Companies from the Asia-Pacific region are more likely to be recruiting from non-tech industries to find people to train for technology jobs.
- When asked what roles the reskilled workers usually take, the top answer was “IT technician,” especially among countries in the Americas. People from the Asia-Pacific region were more likely to say reskilled workers were getting security architect, security administrator, and artificial intelligence or machine learning jobs.
- There were a lot of variations on training and apprenticeships tracked by the survey. Collaborative training programs run with institutions of higher education are common, with 41% of companies running one. Only 31% of EMEA survey participants said they partner with colleges and universities this way.
Experience Valued Over a Degree
ISACA’s “State of Cybersecurity 2022, Global Update on Workforce Efforts” is based on a survey of 2,031 people with cybersecurity responsibilities. While 90% of them were ISACA members, less than half consider cybersecurity to be their primary responsibility. Relevant takeaways from the study are:
- Unfilled security manager and executive jobs have risen over the two years at a faster rate than junior positions.
- Only 20% of the ISAC’s survey thought a university degree is very important when determining if a cybersecurity candidate qualified for a job, with another 45% also giving it some importance.
- In comparison, 73% believe prior hands-on cybersecurity experience is very important, and another 22% said it is somewhat important.
- 52% of respondents with security responsibilities said their company requires a college degree for an entry-level security job.
Certifications Favored by Non-College Job Candidates
“The 10th Annual Open Source Jobs Report” from the Linux Foundation provides several clear differences between people with college degrees and those without. (The New Stack also wrote about this study previously.)
Overall, 19% of the open source professionals surveyed did not have at least a bachelor’s degree. The Linux Foundation was one of the aforementioned White House cybersecurity summit’s participants. Many of its current training offerings are aimed at a new generation of IT workers who can eventually become cybersecurity professionals. Just as importantly, the security-related courses it is working on are focused on the needs of software developers.
Among the findings:
- College graduates are twice as likely to think having a degree is very important for an open source job candidate to have a college or university degree. Only 15% of the 482 hiring managers surveyed did not have a college degree, but they have a vastly different outlook.
- Only 22% of survey participants without college degrees said it is very or extremely important for people seeking open source positions to have a college or university degree, with another 25% saying it is somewhat important. (That’s 47% in total saying a degree is at least somewhat important, versus the study average of 75%).
- In comparison, of those survey participants with a bachelor’s degree or higher, 49% said a degree is at least very important, with another 33% rating it somewhat important — for a total of 82%.
- Open source professionals without a college degree were more likely to see cybersecurity and Linux as growth areas. Notably, 42% plan to pursue a Linux Foundation Certified Administrator (LFCS) certification in the next year, as compared to 27% of those with degrees.
For more on the Linux Foundation’s efforts to train cybersecurity professionals, check out this recent edition of The New Stack Makers podcast, recorded at Open Source Summit North America in June: