Transforming the multigenerational cybersecurity workforce

two people working over a shared computer

Image via Unsplash

What do companies like Uber, Rockstar Games and Microsoft have in common? They’re all noteworthy names that suffered hacks from today’s smoothest of criminals: teenagers. As the digital economy grows, digital crime will inevitably grow with it. But for defensive cyber teams struggling to keep up, it might be time for a “takes one to know one” approach. As the younger generation continues to succeed in disrupting massive operations, the cyber workforce might stand to gain from enlisting this age group to improve overall defenses and tap their hacking expertise for good.

Not only did companies get hacked by younger demographics, but they also couldn’t retain the in-house talent looking to stop them. Nearly 50 million Americans voluntarily quit their jobs in 2021 in a seemingly unprecedented mass workforce exit known as the “Great Resignation.” From pandemic upheaval to low pay and lack of opportunities to go up the career advancement ladder, many professionals recently rethought their relationship to the labor market. Though the economy remains strong, and employers across the board created 263,000 jobs as of December 2022, massive layoffs have affected the tech sector across heavy hitters like Meta, Amazon, Twitter and Google.

As unprecedented levels of cyberattacks are hitting governments, Fortune 500 companies and local businesses, it might be time for the next generation to step up.

Re-balancing cybersecurity talents

Startup culture is highly skewed toward younger demographics. The “move fast and break stuff” mentality carries the perception that cybersecurity talent must be young to have the best understanding of the latest and greatest technology. This is a cliche that’s difficult to overcome. A youthful culture is different from a solutions-based culture.

However, this does not mean that industry veterans should effectively be brought out to pasture. Established cybersecurity professionals can easily collaborate with a younger and more eager workforce to leverage the fluency of new technologies, such as the cloud, to better understand loopholes and counteract legacy systems that significantly impact company security. The younger generation consistently engages with new technologies immediately. They use technology to solve problems in impromptu ways, often with little process or procedure that has been developed over time, that ensures the ability for cybersecurity teams to produce more stable solutions.

Many times this new work is novel and interesting but needs some maturity, guidance and critical thinking skills to solve complex business problems. Industry veterans can learn to walk the line between the old way and the high-speed solutions for the best SecOps team balance. The right kind of formalized training can prime a new age group and talent’s skills for good — enabling organizations to experiment with protocols that improve overall defensive strategies.

Redefining career paths

If businesses broadened their understanding of what a cybersecurity professional is, they could likely stop the cyberattacks that cause trillions of dollars of damage every year. Due to the constantly changing labor market, younger professionals that could fulfill cybersecurity needs tend to start their careers elsewhere. Only 38% of Gen Z and millennials got their start in IT, meaning the entry point for cybersecurity technology solutions is changing.

There is no need for an overly specialized amount of talent in the workforce. This does not mean the answer is to take away the expertise of cybersecurity professionals. This is about capitalizing on the problem of innovation and technical debt for cybersecurity democratization. Using these skills to create many simple but effective controls is better than a large complicated control. The rapid development of simple solutions with external talent coming into the cybersecurity sector creates new iterative paths.

Final thoughts

Weak legacy cybersecurity leaves organizations vulnerable. Breaches, data loss and regulatory penalties are just some of the problems plaguing companies of all sizes at the moment. Organizations must rethink talent acquisition by looking for the next generation of minds out there to support the robust array of cybersecurity technologies to combat all new security issues. The right innovative mindset and technical capabilities create solutions needed for next-generation cyber threats.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

Jeff Costlow is the CISO at ExtraHop.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.