I remember my first job as a grocery clerk for my hometown grocery store like it was yesterday. I worked in customer service and was tasked with bagging groceries, sweeping floors, and keeping the front of the store clean and stocked. Thanks to this job, I learned as a teenager how to work hard, interact with all kinds of people, and solve problems calmly and quickly.
These are some of the most important skills I continue to use today working in cybersecurity. The security is consistently challenging, and the work makes a direct impact on companies and even (I like to think!) the world. I also appreciate the sense of justice, of doing the right thing in the face of overwhelming odds. But this industry I love is at a crossroads.
Acknowledging the Cybersecurity Skills Gap Is Not Enough
Today, there are more cybersecurity jobs available than people to fill them. The result is that many security teams are short-staffed, and the workers they do have are getting burnt out as they strive tirelessly to keep our communities, companies, and networks safe. Much has been written on this topic, all very germane, but unfortunately no clear solutions have appeared. In the meantime, we are left with serious dilemmas:
Recognizing the problem is important, but what the cybersecurity industry needs is real answers – and soon.
Cybersecurity and the Service Industry: A Marriage Made in the Grocery Aisle?
Now, what does my first job as a grocery clerk have to do with solving the cybersecurity skills gap? Both sectors are struggling now, albeit for different reasons. The service industry has been hard hit by both the pandemic and changing economic conditions. Meanwhile, many people with significant service experience are now open to new types of work. On average, a cybersecurity job pays more than a service industry role, so people wanting to create a better future for themselves, and their families might be motivated to try cybersecurity.
According to a survey of 500 security professionals, the top 3 barriers to filling cybersecurity roles are:
Finding qualified staff
Working conditions (stress, workload)
Work patterns (irregular schedule, long hours)
My suggestion, which you may see coming by now, is that companies who aren’t succeeding to find enough cybersecurity talent look to hire former service industry workers. These individuals are likely to have the work ethic, people skills, problem solving aptitude, and leadership abilities needed to succeed in cybersecurity roles.
Not unlike a security team, the service industry is characterized by high stress and high workload environments. (If you don’t believe me, just ask a server during the dinner rush!) In addition, service industry workers are already accustomed to long hours and irregular work patterns. The only item they’re missing is technical knowledge – and while gaining that will undeniably take effort, it’s easier to teach technical skills than it is to instill a willingness to work hard. People who apply themselves with great attitudes, work ethic, and creativity will usually do very well as they learn.
Fostering Diversity in Cybersecurity
An added benefit of recruiting service industry veterans into security is that it will help build a more diverse cybersecurity workforce. Hiring and training service industry veterans in cybersecurity will open amazing opportunities to all people, regardless of their gender, age, race, or religion. A more diverse cybersecurity workforce is better for everyone, for many reasons, including but not limited to:
Technology perspectives: With more diversity, different questions will be raised, and alternative ideas will be brought forward. This will significantly improve cybersecurity overall.
End-user connection: Service industry workers may be new to the cybersecurity field, but they are highly likely to have worked with security tools like multi-factor authentication (MFA) as end-users. This distinct perspective can be invaluable both in helping security veterans understand how end-users approach technology and in cutting down perceived friction from cybersecurity controls.
Representation: Our communities and companies have people from all walks of life working together. It is high time our cybersecurity teams (and leaders) look like the companies they serve.
Where Do We Go From Here?
Now, just hiring a bunch of former hospitality and retail staff is not going to magically solve all the problems facing the cybersecurity industry; we of course must also address the other challenges that make cybersecurity work so challenging. But opening the door to a diverse and talented pool of applicants and, in the process, giving former service industry professionals the opportunity to do well-paid and meaningful work, is a significant step in the right direction. I hope that we can lower the barrier to entry for cybersecurity jobs, offer more on-the-job training, and bring some needed staff to the frontlines of our cybersecurity teams.
