Professional development

Addressing the Cybersecurity Talent Shortage at the Undergraduate Level

May 29, 2018 by Susan Morrow

One of the biggest decisions you can make in your life is what career you want to pursue. Often this decision is made early on in adulthood at the point of entering tertiary education. A career in the tech industry is an essential part of the economy and the numbers confirm this; for example, in the U.S.  the high-tech industry employed almost 17 million people (1). The salaries are good, too; the average salary for a software engineer is around $89,000 and for a Senior Project Manager of Operations, it’s $120,000. (2)

But even with an attractive buoyant industry with good prospects, recruitment is becoming difficult. Lack of qualified candidates plagues the industry and 57% of IT professionals expect that the need for graduate-level candidates will only increase. (3)

In a survey by CompTIA, they found that although young people love technology, only 19% would be interested in following a technology-based career. (4)

The cybersecurity sector of the industry is also facing a lack of young people entering the profession. The TeenTech initiative in the UK, which works to encourage young people into a career in technology and science, has said that “Unfortunately careers in cyber security do seem to be a rather well-kept secret as far as teenagers and indeed parents are concerned”. (5)

The old adage “Love what you do and you’ll never work another day in your life” should apply to young and old alike, and we should, by rights, be seeing people under 24 rushing for careers in the technology sector. The fact we aren’t begs the question, why?

Why are Young People Not Looking for Careers in the Cybersecurity Sector?

The reasons why younger people are not choosing a career path in technology, and specifically cybersecurity, are likely to be varied, but certain factors seem to be common. These are:

Visibility of the sector: In a survey by Raytheon, 43% of 18-26-year-old were aware of cybersecurity issues but in the last year, 48% had not heard of any cyber-attacks via the news. (6) This interesting statistic comes on the back of many major cybersecurity attacks and the general increasing consumer awareness of security issues. However, the respondents did have a fairly high-level awareness of online risks in the workplace. The general visibility of the sector is improving, but more slowly than needed and careers associated with the sector need to be highlighted.

Perception of the needs of industry: In the same report, it was noted that one of the barriers to entry for a career as a security professional was perception. Young people believed they did not have the right skills to work in cybersecurity. The industry needs to express, more clearly, the wide range of skills needed to manage and control a highly complex, often human-centric, cybersecurity landscape.

Why Should Organizations Be Concerned About the Skill Shortage?

The skills shortage in cybersecurity is reaching crisis point. There is a predicted shortfall of 3.5 million workers in information security expected by 2021, with 1.8 million of those specifically in cybersecurity. (7, 8) The issue concerns the breadth and depth of the impact of cybersecurity on an organization. Security is no longer an IT only area. Security affects the entire organization from board-level down to the most junior. This equates to the need for a very broad-brush approach that requires wide skill sets. It is highly likely that security will continue to challenge companies across all industries and of all sizes. The skills shortage will force salaries every higher and create a gap that managed security services will fill, also pushing the price of those services skyward. To meet this challenge, we need to look at the pool of candidates and encourage young people to enter the industry with a wide variety of skills.

Why Should Governments Be Concerned About the Skill Shortage?

Government bodies can, and should, encourage young citizens to go into careers that help citizens. Cybersecurity is one such pathway that is important for the economy and society as a whole. Programs of education for young people and initiatives that help with the costs of university study can help to encourage the uptake of cybersecurity careers.

Some governments are already on the case:

In the UK, the Department for Digital, Culture, Media and Sport (DCMS) is spending £20 million (GBP) on a series of programs that are built to encourage and attract 15-18-year-olds into a cybersecurity career. (9)

In the USA in 2015, a $25 million grant was announced to support cybersecurity education. (10)

In Australia, the government is spending $4.5 million on cybersecurity in education. (11)

By investing in a program that encourages younger folks to take up security careers, a government is investing in their economy and the general welfare of the populace.

How Can We Encourage Young Professionals to Enter Cybersecurity?

Valecia Maclin, Raytheon director of cybersecurity programs, stated that “In three years, the millennial generation will make up half of the workforce”. (6) This means we have to encourage young persons to enter the profession now for this future eventuality. A number of ways of doing this have been suggested. In the aforementioned Raytheon research, they identified having good role models to influence young adults. This included parents and teachers as well as established cybersecurity professionals.

Another key area that needs to be addressed is that of dispelling the myth that a career in cybersecurity is for “computer geeks who code”. More research into the human-centered nature of cybersecurity is showing that cybercrime uses human behavior as a technique. Understanding the wider complexities of cybercrime and being able to communicate these issues across the wider population, are as important a skill for those seeking a career in cybersecurity as being able to write software code.

Demonstrating through role models, government initiatives, and building a higher profile for the industry will lead young people down a path into cybersecurity that is interesting, varied, and lucrative.

Cybersecurity Scholarship Opportunities From InfoSec Institute

InfoSec Institute just launched a new cybersecurity scholarship program to help close the growing cybersecurity skills gap and encourage new talent to join the industry. It awards over $50,000 in training courses to four recipients each year. Valued at $12,600 each, the scholarships guide aspiring security professionals through a progressive career path.

Scholarships target underrepresented groups in cybersecurity (including women and minorities), and include certification exam vouchers to give recipients the skills, credentials and experience needed to secure a professional-level cybersecurity position. Selection criteria varies by scholarship, but exclusively focuses on those seeking a career in cybersecurity. Available scholarships include:

Other Resources for Aspiring Cybersecurity Professionals:



Scholarships (USA):

Networking and Events:


  1. Bureau for Labor Statistics, Beyond the Numbers:
  2. Payscale, Average Salary for Industry: High-Tech:
  3. Robert Walters, Technology & recruitment – the landscape for 2017:
  4. CompTIA, Managing the Multigenerational Workforce:
  5. TeenTech, Cybersecurity:
  6. Raytheon, May the cyberforce be with you:
  7. Cybersecurity Ventures, Cybersecurity Jobs Report 2018-2021:
  8. (ISC)2, Global Cybersecurity Workforce Shortage to Reach 1.8 Million as Threats Loom Larger and Stakes Rise Higher:
  9. HM Government, Cyber Discovery:
  10. The White House, Vice President Biden Announces $25 Million in Funding for Cybersecurity Education at HBCUs:
  11. ZDNet, Australia to spend AU$4.5m on cybersecurity education centres:
Posted: May 29, 2018
Susan Morrow
View Profile

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure. Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.