Get started Bring yourself up to speed with our introductory content.

How (ISC)2 plans to get millennials into cybersecurity careers

The (ISC)2 2015 Global Information Security Workforce Study was bigger than ever this year, reaching more than 14,000 respondents. One of the key takeaways from the study, according to (ISC)2 Executive Director David Shearer, is the workforce gap within the security industry. One explanation for the gap could be the lack of millennials entering cybersecurity careers.

"[The] average age within the profession is 42 years of age, which isn't extremely old, but we're just not seeing the millennials and the younger folks coming into the profession," said Shearer.

In this interview at the 2015 RSA Conference, Shearer discusses what he believes is causing millennials to stay away from security career paths.

"I think one of the challenges we have, not just with bringing people into the profession, but with society," said Shearer, "is that the convenience of technology is so attractive; everyone wants the convenience. But with that convenience comes security risks, and that's not always the sexiest topic because … talking about the negative side that technology can bring sometimes is not as attractive. So, maybe we need to think about how we approach the young and maybe that's where some of the rub is."

So, what is (ISC)2 doing to fix this problem? Aside from the global academic program, it's approaching recruiting millennials with a unique set of tactics.

"What we're trying to look at is how to better communicate [with millennials]. (ISC)2 as an organization has to understand approaching millennials and speaking to them in a language that's going to resonate with them to try to get them interested in [security], and we are. But we also have to understand these young folks have been exposed to technology for so long that they look at it as second nature to them."

Shearer remains confident that (ISC)2 can help close the workforce gap. "I think through education and awareness we can make a difference."

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What tactics does your organization use to facilitate security hiring? Do you think they are effective?
We try hard to retain our senior staff, far more than worrying about getting millennials into a security career. While we want the new ideas and fresh energy, we value the knowhow and experience more. Over time we've learned that matching youthful energy with the senior wisdom lets them both gain. And we come out far ahead.
At the moment, my organization is letting me learn more about penetration testing and security management rather than hiring outside people. It's proven to be an interesting challenge, and I dare say I'm having fun learning about areas I have really only scratched the surface up to now :).
I think we have to blame the current lure of bright lights and instant fame tv programming. And if you can't get into that SFX is a massive growth area especially at our University. It's not every kid but it doesn't help.
Ray Kurzweil says that by 2045 (when some of these kids will be mature enough) we will have the 'Singularity' - The technological singularity occurs as artificial intelligence surpass human beings as the smartest and most capable life forms on the Earth. Technological development is taken over by the machines, who can think, act and communicate so quickly that normal humans cannot even comprehend what is going on. The machines enter into a "runaway reaction" of self-improvement cycles, with each new generation of A.I.s appearing faster and faster. From this point onwards, technological advancement is explosive, under the control of the machines, and thus cannot be accurately predicted (hence the term "Singularity").

What then for IT Security? The only certainty as we hurtle towards mass IT proliferation is Security Breaches.

I'm 44 and have been in IT for 15 years and am looking to branch into INFOSEC. But prior to this job interviewing was very hard to come by.
While is always wise to nurture our next generation, our obsession with youth may prove to be our undoing here. A better question for long-term survival is why our retention of the most experienced, most senior staff has been so dismal. A huge amount of knowhow, a vast store of experience is being wasted every time a millennial pushes past a not-quite-ready-to-retire senior.

Want a far better workplace...? Bring back an apprenticeship system the extracts the most from the experienced and conveys the best to the next generation.
Being a millennial myself and currently growing in my cyber security role, have always noted that what appeals the most is just how relevant cyber security is. You cant go a day without hearing that someone got hacked, and this is our world now. Reaching us isn't rocket science really, its more about playing upon the relevancy factor. With our generation, a lot of us are drawn to careers that have a broader reaching scale and while technology is second nature to most if not all of us, a career that focuses on making our world more secure can be the most attractive factor. More programs in more university need to start adding Cyber security as a major alone. You still see the more general IT majors taking precedent and that could be another factor in why younger folks just aren't aware of the opportunities. All in all, you cant just have an organization of only "experienced people". What happens when those said experienced people who are more than likely 50 and up, retire? With cyber security becoming an increasing problem every year, we need the younger generations to step up and fall into those loop holes that are inevitability going to occur once our experienced Jedis phase out.