The global pandemic may have brought limitations and lockdowns, but Ryerson University Director of Development and Accelerated Cybersecurity Training Programs Rushmi Hasham said it has also increased the demand for cybersecurity professionals.
“Demand for people to fill these roles has boomed,” said Hasham, who directs the Rogers Cybersecure Catalyst training and certification program, which aims to give promising learners from diverse backgrounds the skills they need to launch careers in the cybersecurity sector.
“When COVID hit, many employers put hiring on pause, which naturally worried us. Would placements go up or down? Everything was up in the air for a while. By this past January, however, we found we actually had more job opportunities than grads.”
Hasham is clear on the reason for this boom in demand. “We see more threats coming in now from different places. The pandemic has forced companies to move to a hybrid office posture, which gives hackers a wider playing field. Naturally, demand for cyber talent – from entry level on up – has been one of the results of this shift. Companies are devoting more resources now to their security in an increasingly complex business environment.”
Microsoft Canada Chief Security Officer Kevin Magee also sees opportunities that have come out of the pandemic. “It’s allowed us to look differently at the talent we’re tapping,” he said. “Places are no longer relevant. In the past you had to be in or near a city for many gigs. In these kinds of scenarios, you might have the best person for the job not applying simply because they have no interest in moving. The disappearance of this location barrier is bringing increased diversity to the industry.”
Hasham said opportunities for students in the Accelerated Cybersecurity Training Program are on the rise. “Students who wouldn’t normally have been agreeable to traveling from downtown Toronto to Waterloo for work now find they don’t have to. Someone can be on the west coast and score a great position thousands of kilometres away, with no need to relocate. Geographical limitations have largely been eliminated.
Employers now have unprecedented access to a richness of perspectives. In security, diversity is a massive benefit as it gives companies new approaches and methods for attacking problems and vulnerabilities.”
Casting a Wider Net
Magee said organizations today have to compete for the same small talent pool. “You can continue down that road, driving up the price for a limited number of qualified individuals in the market, or you can look in other directions.”
Some of the best cybersecurity professionals, he said, started out in a seemingly unrelated field. “We have a lawyer, a mechanical engineer, and someone with an English degree. I myself have a history degree. There’s huge value to bringing in all these different perspectives.
Building a top-flight security team should have you looking beyond the traditional options. For example, who knows more about social engineering, voice subtleties over the phone, et cetera, than someone in sales? These people understand human behaviour in a way very few pure technologists do. Accountants, meanwhile, can bring you that key perspective on fraud, and how to more intelligently combat cyber crime.”
Magee said Microsoft is committed to the idea of broader perspectives, and through its Aspire program it brings in and develops students and interns. Many participants who come through this program are now some of the most productive members of his team, he said.
“You don’t need 20 years of experience to make an impact. In fact, when it comes to security, my 30 years of experience isn’t all that useful anymore. You can look at it as baggage. I tend to see every problem from a network perspective – always looking for the packet. People who didn’t come up in the network security age are able to call out my biases and help me see things from a completely different vantage point.”
Lowering the Barriers
Hasham said Ryerson is also committed to the idea of rich perspectives in cyber and is working to lower the barriers of entry. “This is especially needed in Canada, where that old ‘need five years of experience’ mindset dominates. When you look at companies around the world, specifically at entry-level jobs, you see there is often no “hard experience” requirement. They’re basically saying, ‘Show us you’re certified, and that you’ve completed a training program, and you’ll have our attention.’ Bringing this mindset to Canada will go a very long way toward closing the cybersecurity jobs gap.”
Hasham sees internal re-skilling as a potential goldmine.
“The job gap being so wide, the industry must get creative. Many companies would do well to re-skill some of their people – bring them into a new part of the organization such as cyber. Those old limitations like location and age are no longer relevant. The average age of our Catalyst program grads is 32, so we’re looking at mid-career changers who have decided cyber is where they want to be. The ability to decode and problem-solve – so essential in security – is not exclusive to people from tech backgrounds.
“Companies that realize this really are ahead of the curve. They see the value in people who can bring a unique mindset. Decision-makers at these companies are saying, ‘Let’s bring in the totality of these people, and add cyber to their skill-set.’ In doing so, organizations can add a powerful, potentially game-changing individual to their team.”
Tone From the Top
Magee sees thinking outside the box when it comes to cyber talent as not just a path to success but also as a way of ensuring the industry doesn’t lose its soul.
“Who were the original actors in cyber?” he said. “They were creative. They were intellectually curious. They loved to take things apart, to learn how they work. They wanted to make things better and find new uses and new avenues. The cyber industry is going to lose that soul if it doesn’t change.”
“The tone from the top must be to seek out tenacity and spirit. Is there risk in this? Of course. But there’s risk in everything, including in a traditional, experience-first team. The tone from the top must be to say, ‘This is a priority, and we’re willing to accept the risk that comes with a youth movement or bringing in more women or bringing in former chefs and lawyers. If bad actors in cyber are always evolving – and they are – then so too must we. I see this as a promising avenue; it certainly has been for Microsoft.”
Hasham said diversity in hiring is not something to be done for its own sake. “It must be done thoughtfully, and with purpose. Another part of that equation is inclusivity – giving a voice to anyone, no matter who they are or what they identify as. This is one of the pillars of our Catalyst program. Sixty-six per cent of those in the program right now are women. We want to see change in the industry, and we’re working with great companies like Microsoft to eliminate the needless barriers to entry.”
Chris Salvatore, who is Manager of the Catalyst Cyber Accelerator Program, echoes Hasham’s belief in corporate-academic partnerships. “It’s essential to bring in not only technical skills but also entrepreneurship. Kevin and Microsoft help us make these connections. They teach and develop entrepreneurship, which is lagging right now in the ecosystem as far as cyber is concerned.”
“Programs like the Rogers Cybersecure Catalyst work very well not only for businesses, who gain access to an incredible pool of people to help fill in their talent gaps, but also for the individuals coming through our program, who would otherwise not have had the time or resources to commit to re-tooling for a career in cybersecurity,” said Hasham. “This is where you see programs like ours changing the course of people’s lives while giving businesses exactly what they need – at a time when they most need it.”