Cy Says Blog & Podcast

Finding a New Path

Elliott Thompson had already spent years working in logistics management in the United States Air Force. His background was one of precision, coordination, and efficiency—traits crucial for the work he did daily. After his service, Elliott found himself facing a familiar question that many veterans experience: what's next? He held a Bachelor's degree in Management, which was certainly valuable, but he yearned for a new direction. He wanted something challenging, dynamic, and relevant to the evolving needs of today’s world. When Elliott discovered CyberUp, a program that provides accessible cybersecurity career pathways for veterans, he saw an opportunity to pivot toward a promising career in cybersecurity.

Elliott chose CyberUp not only because he was curious about cybersecurity but also because he needed a new career path—one that catered to his experience and the challenges of transitioning from military to civilian life. He valued that CyberUp’s programs specifically supported veterans, offering them a chance to not just retrain but to thrive through apprenticeships and hands-on opportunities.

Navigating the Transition

Elliott began his journey with CyberUp through their LevelUp Training program, immersing himself in the world of cybersecurity over the course of several months. The training helped him build foundational knowledge, and Elliott appreciated the structured approach it provided. He did, however, see room for more hands-on learning, suggesting that additional labs could be an excellent addition to the curriculum. His feedback was a testament to his desire to actively engage with every learning opportunity, eager to apply his skills practically, and make the most of his training.

Elliott’s determination paid off when he landed an apprenticeship at Centene Corporation as a reporting analyst. His new role focused on analyzing portfolio management processes and supporting budgeting decisions. For Elliott, it wasn’t just a new job—it was a place to bring together all the skills he’d developed: problem-solving from his Air Force days, data analysis from his training, and a desire to be a part of something bigger.

Challenges and Perseverance

The journey wasn’t always easy. Elliott faced a number of personal challenges while working to complete his required certification, an important milestone in his career progression. He experienced delays in taking the exam, both due to technical issues and personal circumstances. Despite these setbacks, Elliott remained focused, rescheduling his exam multiple times and even adjusting his plans to take the test closer to where his mother lived so he could balance his professional responsibilities with personal commitments. The process tested his patience, but it also underscored Elliott's resilience—a trait he had cultivated in the Air Force and now brought to his burgeoning cybersecurity career.

Throughout the apprenticeship, Elliott also had to navigate the challenge of proving his technical skills and establishing his place within his team. Initially, he encountered technical issues and struggled with integration, but he didn't let these challenges deter him. Instead, Elliott demonstrated his capabilities through consistent effort, engaging in all aspects of his role, and showing that he could adapt and grow.

Elliott's manager and team lead noticed his determination. Midway through the apprenticeship, discussions about extending his contract started to surface, and the possibility of being hired full-time became a realistic goal. Elliott worked hard to balance these expectations, his ongoing certification process, and the personal hurdles life threw his way. He learned that effective communication with his team was key—keeping them informed about the delays he was experiencing and managing expectations regarding his progress.

A Milestone Achievement

At the end of his apprenticeship, Elliott's persistence paid off when he was offered a full-time position with Centene. Reflecting on his journey, Elliott recognized the importance of not underestimating his own qualifications. He came to realize that the skills he had developed in the Air Force and during his apprenticeship were highly valuable, even if they weren't all purely technical. He learned that showcasing a wide range of skills—problem-solving, adaptability, teamwork—was just as critical as the technical knowledge he had worked so hard to build.

Paying It Forward

Elliott’s experience at CyberUp had a profound impact on his view of mentorship and community. He credits much of his success to the supportive network he built—mentors who offered guidance, teammates who provided encouragement, and a community that understood the unique challenges of transitioning to cybersecurity. Elliott decided that once his apprenticeship was over, he wanted to stay involved with CyberUp, offering mentorship to new apprentices. He believed that sharing his story, along with the lessons learned about perseverance, adaptability, and communication, could help others navigate their own paths.

He advises future apprentices to embrace every opportunity that comes their way, to stay involved, and to not give up when faced with difficulties. Building connections, Elliott says, is crucial—not just for professional opportunities but also for personal growth and support. He encourages apprentices to highlight the diversity of their experiences, understanding that technical skills are just part of what makes a great cybersecurity professional.

A New Future

Today, Elliott Thompson stands as a testament to the transformative power of CyberUp’s mission to create accessible career pathways. From his time in logistics management in the Air Force to becoming a full-time cybersecurity professional at Centene, Elliott’s story is one of resilience, adaptability, and growth. He’s a reminder that career transitions, while challenging, are entirely possible with the right support, dedication, and willingness to learn. As he looks toward the future, Elliott is committed to continuing his professional development, mentoring others, and helping to make the cybersecurity industry a place where everyone, regardless of their background, can find their place and thrive.

Isaac Parle’s journey into cybersecurity began with a drive to serve others through his work. He saw cybersecurity as a field with opportunities for learning and growth, and CyberUp’s apprenticeship program provided an entryway. With little technical experience at the start, Isaac committed to improvement. He used YouTube tutorials, study groups, and online resources to prepare for his first certification exam, Network+. CyberUp’s support helped him secure an apprenticeship in a company that encouraged both interaction and learning, even in a mostly remote environment. Between virtual trivia nights and Slack channels where coworkers connected, Isaac found himself part of a community that kept him engaged.

The company’s flexible approach allowed him to work remotely while also going into the office a few days each week, which helped him ease into his new role. This experience gave Isaac insights into how remote companies operate, and he learned early on the importance of work-life balance. To maintain a boundary between work and personal life, he adopted the habit of closing the door to his home office at the end of each day. To deepen his industry knowledge, he also followed cybersecurity news through newsletters, Reddit, and a cybersecurity Discord server.

Growing as an Apprentice

The first half of the apprenticeship came with personal challenges, including moments of self-doubt and imposter syndrome. Like many new to cybersecurity, Isaac sometimes questioned his place in the field. But his commitment to improvement and mentorship from CyberUp helped him push through. Reflecting on these moments, Isaac found that people skills and approachability helped him build relationships and gain insights from others on his team.

As Isaac progressed through his apprenticeship, his role expanded. Initially, he focused on help desk tasks, but as he gained skills, he began to support projects, configuring systems and handling integrations. Each assignment provided a chance to understand the field more deeply, and he gained confidence as he learned. By his sixth month, he had started working on system configurations, getting hands-on with cybersecurity operations.

Reaching a Milestone in the 12th Month

At the end of his apprenticeship, Isaac achieved a significant milestone: he was offered a full-time role as a junior systems administrator. This role brought more responsibilities, such as overseeing GitHub organizations and configuring systems. His path from help desk support to junior systems administrator reflects the growth he achieved during the apprenticeship and his commitment to learning at every stage.

Advice for Future CyberUp Apprentices

Looking back, Isaac shared advice for future apprentices entering CyberUp’s program. He noted that imposter syndrome is common, especially for those new to cybersecurity. He reminded aspiring professionals that everyone starts from the beginning, and while the field may seem daunting, perseverance and openness to learning make all the difference. He emphasized the value of people skills, saying that kindness and approachability help build good working relationships and lead to new learning opportunities.

He also found that a growth-oriented mindset was essential for overcoming challenges. Starting with little technical knowledge, Isaac built his skills gradually, proving that each step forward matters. His journey highlights that resilience and a dedication to learning are vital in cybersecurity.

Staying Involved and Looking Forward

Now a CyberUp alumnus, Isaac plans to stay connected with the community by joining the alumni network on LinkedIn and subscribing to the alumni newsletter. He sees this as a way to keep up with industry trends and improve his skills. Looking ahead, Isaac is ready to keep learning and make cybersecurity his lifelong career.

Isaac Parle’s story reflects the impact of CyberUp’s apprenticeship program. From a newcomer to a junior systems administrator, his journey shows the support and growth CyberUp fosters. As he continues in cybersecurity, Isaac’s experience will inspire others entering the field, showing them that with commitment and guidance, a promising future awaits.

As we face rapid technological change and increasing job market demands, one thing has become clear: traditional hiring models are failing us. The workforce is shifting, industries are evolving, and yet, many companies continue to rely on outdated hiring practices that prioritize degrees over skills. The consequences of not embracing skills-based hiring are more frightening than we realize, with far-reaching impacts on businesses, employees, and the economy at large.

Here’s why ignoring this shift can create a real nightmare:

The Talent Shortage Will Worsen  

One of the scariest outcomes of sticking to degree-based hiring is the growing talent gap. The cybersecurity industry is already facing a shortage of skilled professionals, with hundreds of thousands of unfilled jobs. Stubbornly clinging to old hiring methods creates artificial barriers that prevent qualified candidates from entering the workforce. 

By excluding people who have the skills but not the degree, companies are shooting themselves in the foot. Ignoring these candidates means businesses will continue to struggle to fill key roles, leading to operational inefficiencies, vulnerabilities, and lost opportunities. The competition for top talent is fierce, and it’s not just about fighting over those with a traditional background—it’s about looking beyond that, or risk falling behind.

Missed Innovation and Agility  

In an era where adaptability is key, failing to embrace skills-based hiring means missing out on a diverse, innovative workforce. Companies that focus only on candidates with degrees from specific institutions miss the unique perspectives and problem-solving approaches that come from individuals with nontraditional backgrounds.

Skills-based hiring opens the door to a wide range of talent, including self-taught professionals, career changers, and those from marginalized communities who may not have had access to formal education but have gained skills through other means. When we ignore this talent, we stifle innovation, limit agility, and risk becoming irrelevant in a rapidly changing landscape.

Economic Disparity Will Widen  

Skills-based hiring can play a major role in addressing inequality by opening opportunities for individuals from underrepresented and marginalized communities. However, if businesses fail to adopt this approach, the economic divide will only continue to widen.

The reliance on degree-based hiring perpetuates systemic barriers that limit upward mobility for many individuals. Those who cannot afford traditional education are left behind, even if they possess the skills to do the job. By not shifting our focus to what people *can do* versus what paper they hold, we contribute to an economic system that benefits the few at the expense of the many.

Business Vulnerabilities Increase  

The reluctance to adopt a skills-based hiring model also increases the risk of hiring underqualified individuals. While a degree may suggest a certain level of knowledge, it doesn’t guarantee the skills needed to perform well in a specific role. When companies default to degree requirements without verifying hands-on abilities, they run the risk of employing people who are not fully prepared to meet the demands of the job.

On the flip side, there are countless individuals who possess the technical skills and real-world experience needed for a job, yet their lack of formal education keeps them from getting a foot in the door. The result? Businesses are left with critical skills gaps and higher turnover rates, all while passing over the very candidates who could have filled those gaps.

Future-Proofing Requires Adaptation  

Finally, ignoring skills-based hiring puts businesses in a dangerous position in the long term. The future of work is shifting towards automation, AI, and the digital transformation of industries. Companies that are unwilling to adapt their hiring practices to focus on the skills required to navigate this new landscape will find themselves outpaced by competitors who do.

The future belongs to those who can adapt, learn new skills, and keep up with the demands of the market. If we don’t embrace skills-based hiring, we are choosing to cling to an outdated model that will leave us woefully unprepared for the future.

A Call to Action  

The scary truth is that the consequences of ignoring skills-based hiring are already being felt. Companies struggling to find talent, growing economic inequality, and missed innovation opportunities are just the beginning. We must take this shift seriously and reevaluate how we approach talent acquisition. The world is changing, and our hiring practices must change with it, or we risk being left behind in an increasingly competitive and uncertain market.

Now is the time to embrace the model and unlock the potential of a broader, more diverse workforce—before it’s too late.

October 23, 2024

St. Louis, MO – CyberUp, a nonprofit organization dedicated to closing the cybersecurity skills gap, is excited to announce Arctic Wolf, a global leader in security operations, as the official sponsor of its current cybersecurity training cohort. This collaboration emphasizes Arctic Wolf's commitment to fostering new talent in the cybersecurity industry and addressing the growing demand for skilled professionals in this critical field.

CyberUp's training program provides individuals from diverse backgrounds with hands-on experience, mentorship, and certifications needed to launch successful careers in cybersecurity. Thanks to Arctic Wolf's sponsorship, this cohort will benefit from additional resources, guidance, and exposure to cutting-edge security technologies.

“We are thrilled to have Arctic Wolf on board as our latest sponsor,” said Tony Bryan, Executive Director of CyberUp. “Their support enables us to provide high-quality training to our participants and continue our mission of bridging the skills gap in cybersecurity.”

“At Arctic Wolf, we believe in supporting the next generation of cybersecurity professionals,” said Mark Manglicmot, Senior Vice President, Security Services, Arctic Wolf. “CyberUp’s training program aligns perfectly with our goal of building a stronger, more resilient security community, and we’re proud to be part of this impactful initiative.”

This partnership reflects a shared vision between Arctic Wolf and CyberUp to expand opportunities for aspiring cybersecurity professionals and to ensure that businesses across the nation have access to the skilled talent they need to combat today’s evolving cyber threats.

About CyberUp

CyberUp is a non-profit organization dedicated to elevating the cybersecurity workforce by igniting curiosity, developing talent, and transforming career pathways. For more information, visit https://wecyberup.org.

Cybersecurity is one of the fastest-growing fields in today’s job market. With the rise of cyber threats, data breaches, and the increasing reliance on digital infrastructures, the demand for skilled cybersecurity professionals has never been higher. Yet, despite this growing need, many people—especially those from marginalized communities—find it difficult to break into the field. Traditional hiring practices, which emphasize degrees and previous experience, can leave out a significant portion of the talent pool. 

Skills-based hiring, however, offers a solution. By focusing on what candidates can do rather than where they’ve been, this approach can help individuals access cybersecurity opportunities and, in turn, help close the talent gap in the industry.

 The Barriers for Marginalized Communities in Cybersecurity

Cybersecurity roles are often high-paying and offer long-term career potential, but the path into these roles can be riddled with obstacles, particularly for individuals from underserved backgrounds. The requirement of a four-year degree in computer science or extensive prior experience can create barriers for those who haven’t had access to formal education or who may have taken non-traditional routes to gain relevant skills.

Whether due to race, gender, socioeconomic status, or geographic location—the challenges are often compounded. Many lack exposure to the cybersecurity field, may not have had access to higher education, or have experienced systemic discrimination that limits their career opportunities. This leads to a lower representation of diverse talent in cybersecurity, even as these communities possess untapped skills and potential.

 How Skills-Based Hiring Levels the Playing Field

Skills-based hiring removes many of the obstacles associated with traditional job requirements. By focusing on the actual abilities a person brings to the table—whether through formal education, boot camps, certifications, or self-taught learning—companies can uncover talent that may otherwise go unnoticed. This is especially critical in cybersecurity, where the demand for talent is high and the range of skills required is broad.

Here’s why skills-based hiring is essential for providing cybersecurity opportunities:

1. Bridging the Education Gap  

   A formal college degree doesn’t always reflect an individual’s true abilities in cybersecurity. Many skills needed in the field—such as ethical hacking, penetration testing, or understanding how to secure networks—can be learned through non-traditional education methods. Boot camps, online courses, and certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and others provide entry points into cybersecurity. Skills-based hiring values these experiences, allowing individuals without a degree to compete for roles that fit their actual capabilities.

2. Recognizing Transferable Skills  

   Many people in these communities have developed valuable, transferable skills outside of traditional career paths. Problem-solving, critical thinking, and the ability to work under pressure—qualities essential in cybersecurity—are often gained through life experiences, community leadership, or previous jobs in unrelated fields. A skills-based hiring approach evaluates candidates on these competencies, rather than discounting them because their resume doesn’t match a standard template.

3. Creating Pathways to High-Paying Careers  

   Cybersecurity offers high-paying jobs that can lead to long-term career growth. Skills-based hiring provides a bridge to these roles for people who have the talent but lack formal credentials. By opening up the hiring process to those who can demonstrate the necessary skills, we can provide individuals with access to careers that can change their financial futures. This opportunity for upward mobility is crucial in breaking the cycles of poverty that many groups face.

4. Building a Diverse and Resilient Workforce  

   A cybersecurity team that reflects diverse perspectives is better equipped to address the wide range of threats faced by organizations today. These communities often bring unique viewpoints and problem-solving approaches that can be an asset in cybersecurity roles. Skills-based hiring allows companies to tap into this diversity, making their teams more innovative and resilient in the face of ever-evolving cyber threats.

5. Addressing the Cybersecurity Talent Shortage  

   The global shortage of cybersecurity professionals is well-documented, with some estimates suggesting millions of unfilled positions worldwide. Many of these roles remain vacant because traditional hiring practices limit the pool of qualified candidates. By embracing skills-based hiring, companies can not only fill these positions but also provide opportunities to those who are eager to enter the field. It’s a win-win scenario: companies gain skilled professionals, and individuals gain access to meaningful, well-paying careers.

 Why Now Is the Time to Embrace Skills-Based Hiring in Cybersecurity

The cybersecurity industry is at a critical juncture. The threats we face are growing more complex, and the demand for talent is increasing exponentially. Embracing skills-based hiring can help address both of these challenges by creating a more inclusive, diverse, and capable cybersecurity workforce.

This is particularly important as we see a greater push for social equity across industries. Providing opportunities for individuals through skills-based hiring not only helps fill the cybersecurity talent gap but also promotes broader societal change by addressing systemic barriers to employment.

 Conclusion

Skills-based hiring is not just a trend—it’s a necessary evolution in how we approach talent acquisition, especially in fields like cybersecurity. By focusing on the skills and potential of candidates, rather than their formal education or prior experience, we can open the doors of opportunity to individuals who have the talent to succeed but have been held back by outdated hiring practices.

At CyberUp, we believe in the power of skills-based hiring to create a more equitable and diverse cybersecurity workforce. It’s time for the industry to recognize that potential can come from anywhere, and by embracing this approach, we can not only strengthen our teams but also create lasting career opportunities for those who need them most.

Let’s build a cybersecurity future that is inclusive, diverse, and focused on what truly matters: skills.

As we look toward the future, one thing is abundantly clear: the workforce is evolving, and so must the way we approach talent development. Companies need a forward-thinking strategy to ensure that their employees are equipped with the skills required not only for the present but also for the jobs of tomorrow. But how can businesses build these critical skills in their future workforce? The answer lies in a multi-faceted approach that focuses on continuous learning, practical training, and forward planning.

1. Adopt a Skills-Based Hiring Approach

One of the most impactful changes companies can make is shifting away from degree-based hiring practices and embracing a skills-based model. This approach opens up the talent pool to a more diverse range of candidates who possess the practical skills needed for the job, regardless of whether they have a formal education in that area. By focusing on what people *can* do, rather than what they've learned through traditional routes, companies can attract candidates who are not only capable of thriving in the current landscape but are also adaptable to future challenges.

A skills-based approach allows businesses to target workers who may have gained expertise through boot camps, certifications, or hands-on experience in other fields. It also encourages hiring for potential—seeking out individuals who may not check every box on a job description today but have the capacity to learn and grow into new roles over time.

2. Invest in Lifelong Learning Programs

The rapid pace of technological change means that workers need to continually refresh their skills. Companies should recognize that learning doesn’t stop once an employee is hired; instead, it’s a career-long journey. To stay competitive, businesses must offer ongoing opportunities for employees to upskill and reskill, particularly in fields like cybersecurity, artificial intelligence, and data science, where the demand for talent outpaces supply.

Creating a culture of lifelong learning involves providing access to internal training programs, online learning platforms, and even external certifications. Some of the most forward-thinking companies have also started partnering with educational institutions and boot camps to provide employees with cutting-edge training. This kind of investment not only enhances individual career growth but also strengthens the company’s overall workforce.

3. Leverage Apprenticeships and Internships

Another effective way to build skills in the future workforce is through apprenticeships and internships. These programs allow individuals to gain real-world experience while learning valuable skills. They also serve as a pipeline for companies to identify potential future full-time employees.

In the cybersecurity field, for example, apprenticeships offer a unique opportunity to develop hands-on expertise in areas like network defense, incident response, and threat intelligence. Employers benefit from having a new generation of professionals who are ready to hit the ground running and make meaningful contributions early in their careers.

Internships can also be an avenue for students and young professionals to explore different career paths, build foundational skills, and gain insights into industry practices. Companies that are proactive about creating structured and mentorship-driven internship programs can establish a strong talent pipeline while enhancing their own training capabilities.

4. Foster a Culture of Innovation

Innovation doesn’t just happen at the top; it needs to be encouraged and nurtured at every level of an organization. By creating an environment where employees feel empowered to explore new ideas, collaborate across departments, and take calculated risks, companies can develop the skills needed for the workforce of the future.

Encouraging cross-functional collaboration helps break down silos and exposes employees to new perspectives, ultimately fostering creativity and problem-solving. Innovation labs, hackathons, and team-driven projects are just a few ways to cultivate this mindset and build the critical thinking skills that will be necessary in the evolving job market.

5. Promote Soft Skills Alongside Technical Expertise

While technical skills are essential, they are not the only factor companies should focus on when building a future workforce. Soft skills such as communication, critical thinking, adaptability, and teamwork are equally important and often harder to develop.

The workforce of tomorrow will need to navigate complex, multidisciplinary challenges, making these skills a key differentiator. Companies can help employees strengthen their soft skills by offering workshops, coaching, and real-time feedback through peer reviews and mentorship.

6. Emphasize Diversity and Inclusion

Diversity is not just a checkbox—it’s a business imperative that drives innovation, creativity, and success. To truly build a skilled workforce for the future, companies must embrace a diverse range of voices, perspectives, and experiences. This means creating more inclusive hiring practices, providing equal access to learning and development opportunities, and ensuring that all employees feel valued and heard.

By fostering an inclusive culture, companies can tap into the full potential of their workforce, bringing in individuals who can think differently, solve problems creatively, and contribute in unique ways.

Conclusion

Building the skills of the future workforce requires a deliberate, forward-thinking strategy that emphasizes both technical expertise and soft skills, fosters lifelong learning, and promotes inclusivity. By adopting a skills-based approach to hiring, investing in continuous development, and creating opportunities for innovation and collaboration, companies can ensure they are not only prepared for the challenges of today but are also building a workforce that is adaptable and resilient for whatever the future may bring.

At CyberUp, we’re passionate about developing the next generation of cybersecurity professionals and ensuring that companies have access to the talent they need to stay competitive. If we want to secure our digital future, we must invest in the workforce today.

Employers are recognizing the necessity of taking a skills-based hiring approach, in fact, LinkedIn’s Future of Recruiting Report found that 73% of recruiting professionals say hiring based on skills is a priority. Skills-based hiring is gaining momentum, and organizations are removing the degree requirement, but it’s not enough to power your Talent Acquisition strategy.

 Traditional Hiring Practices

This approach often prioritizes formal education and certifications. These credentials indicate a candidate’s knowledge, but they don’t always reflect their practical skills or ability to adapt to real-world scenarios and challenges. Using this practice alone will limit your talent pool and exclude candidates who may possess the skills but lack formal qualifications. 

Skills are the New Currency

Skills-based hiring focuses on candidates' abilities to perform specific tasks. Focusing on these tasks/skills can have significant advantages:

• Broader Talent Pool - Ability to tap into a diverse range of candidates, including those who are self-taught or have gained experience through non-traditional means.
• Better Job Fit - Skills-based assessments can accurately predict the candidate’s ability to succeed leading to better job performance.
• Adaptability - In fast-paced fields like cybersecurity, where threats and new technology are constantly evolving, skills-based hiring ensures that employees have the most current and relevant skills.
• Retention - 93% of apprentices are retained after completing the program according to apprenticeship.gov.

Innovating the Hiring Process

HR can play a pivotal role, here’s where to start:

• Develop a Skills Ecosystem - create a comprehensive list of skills/core competencies required for various roles within the organization.
• Design a Skills Assessment – Implement practical assessments such as coding challenges, case studies, or task simulations to evaluate ‘real-world scenarios.
• Pilot Program – Select a specific department or role to implement, this allows for easier monitoring and quick pivots according to the data you discover. Tip:  Start with a high-impact area like infosec/cybersecurity, due to the growing demand for skills and ever-changing requirements there is significant ROI potential.
• Executive Buy-In – Gaining executive support is crucial. Use data, involve key stakeholders early in the process, present data-driven insights, and align this program to the company initiative.

HR’s role in driving skills-based hiring initiatives is crucial for the future success of organizations. By innovating the hiring process, securing executive buy-in, implementing supportive policies, and piloting effective programs, HR can ensure that the organization attracts and retains top talent, ready to meet the challenges of tomorrow. Budgeting for FY2025 is right around the corner, there is no better time to bring this initiative to your organization than now.

Companies are facing an increasing number of cyber threats, and the ability to find the best talent in this field continues to be harder. Traditional hiring practices, which often prioritize degrees and certifications, can hinder a company's ability to quickly and effectively fill these roles. Skills-based hiring, which focuses on the actual competencies and abilities a candidate brings to the table, has emerged as a critical strategy for companies looking to build stronger cybersecurity teams.

Here’s why skills-based hiring is crucial for companies when hiring cybersecurity talent.

1. Addressing the Talent Shortage

The cybersecurity talent shortage is well-documented. In 2023, the global demand for cybersecurity professionals reached record highs, and projections suggest this demand will continue to grow. Relying solely on candidates with specific degrees narrows the pool of eligible applicants and exacerbates the hiring challenges companies face. A skills-based approach widens the candidate pool by focusing on what individuals can do rather than where they’ve studied. This shift allows companies to tap into a broader talent base, including self-taught individuals, those with certifications, and candidates from non-traditional educational backgrounds.

2. Faster Hiring Process

In a field as dynamic as cybersecurity, time is often of the essence. Cyber threats don’t wait, and neither can your company’s defenses. Traditional hiring processes, especially those that place heavy emphasis on degree requirements, can be slow and inefficient. Vetting candidates based on their demonstrated skills allows companies to streamline the hiring process, cutting down on the time it takes to fill critical roles. Instead of focusing on pedigree, companies can quickly identify candidates with the exact skill sets needed to address their cybersecurity challenges.

3. Adaptability to Changing Threats

The world of cybersecurity is constantly evolving, with new threats emerging every day. As such, the ability to adapt and learn on the job is essential for cybersecurity professionals. A skills-based hiring approach focuses on candidates who have demonstrated their ability to adapt, solve complex problems, and stay up to date with the latest cybersecurity trends. By prioritizing skills over formal education, companies can hire individuals who are not only equipped to handle today’s challenges but also prepared for the future.

4. More Diverse Teams

Skills-based hiring promotes diversity by removing barriers that disproportionately affect certain groups. Traditional hiring practices, such as requiring specific degrees from certain schools, often exclude candidates from diverse socio-economic backgrounds. Skills-based hiring levels the playing field, allowing individuals from various backgrounds to compete based on their abilities rather than their educational pedigree. Building more diverse teams is crucial for cybersecurity, as diverse perspectives lead to more innovative problem-solving and stronger defenses.

5. Increased Retention and Engagement

Hiring employees based on their skills often leads to higher engagement and job satisfaction. When candidates are hired for roles that match their skills, they are more likely to feel valued and motivated to succeed. This is especially important in cybersecurity, where the work can be high-pressure and demanding. By focusing on what employees can do, rather than traditional credentials, companies are more likely to retain top talent and reduce turnover.

6. Filling Critical Skill Gaps

Cybersecurity is a broad field, with various sub-specialties ranging from network security to ethical hacking and incident response. Not all cybersecurity professionals need the same set of skills, and traditional degree programs don’t always prepare students for specific roles within a company. Skills-based hiring allows employers to focus on the unique needs of their organization and hire candidates with the precise skills required to fill those gaps. Whether it’s hands-on technical experience or proficiency in using specific cybersecurity tools, skills-based hiring ensures that the right people are in the right roles.

7. Future-Proofing Your Workforce

Cybersecurity threats and technologies are evolving at an unprecedented rate. Companies need employees who are not only skilled today but are also capable of growing with the industry. Skills-based hiring focuses on an individual’s ability to learn and adapt, which is key to staying ahead in a fast-paced field like cybersecurity. By hiring for current and future capabilities, companies can build resilient teams that are prepared to tackle emerging threats and technological advancements.

Conclusion

In a field as critical as cybersecurity, where threats are evolving every day, companies cannot afford to rely solely on traditional hiring methods. Skills-based hiring offers a more agile, inclusive, and effective way to bring talent into the organization. By focusing on the abilities and experiences of candidates, rather than rigid educational requirements, companies can build more robust cybersecurity teams, close skill gaps faster, and ultimately protect their digital assets more effectively. 

Skills-based hiring is not just a solution to the talent shortage; it’s a strategic approach that ensures businesses are prepared for the cybersecurity challenges of today and tomorrow.

In today’s rapidly evolving job market, the path to a rewarding career is no longer confined to traditional education or rigid career paths. As industries transform and technology advances, the skills required to thrive in various roles are shifting. For job seekers, especially those looking to break into new fields or pivot their careers, understanding the importance of transferable skills and the rise of skills-based hiring can be a game-changer. This is especially true in the dynamic field of cybersecurity, where the demand for skilled professionals continues to outpace supply.

The Shifting Job Market

Historically, employers placed heavy emphasis on specific qualifications, such as degrees from prestigious institutions or years of experience in a particular field. While these credentials are still valuable, they no longer hold the monopoly they once did. Employers recognize the skills an individual brings to the table can be more predictive of success than traditional qualifications alone.

For job seekers, this shift represents an enormous opportunity. Whether you’re transitioning from the military, changing careers, or re-entering the workforce after a hiatus, the skills you’ve acquired—often in seemingly unrelated roles—can be your ticket to new and exciting opportunities, particularly in the rapidly growing field of cybersecurity.

How Skills-Based Hiring Empowers Job Seekers

Skills-based hiring is an approach where employers prioritize a candidate’s skills and abilities over traditional qualifications like degrees or specific job titles. This method is becoming increasingly popular, especially in fast-growing industries like cybersecurity, tech, and healthcare, where the demand for talent often outpaces the supply of formally qualified candidates.

For job seekers aiming to enter cybersecurity, this means that your diverse background, filled with a variety of roles and experiences, can be an asset rather than a hindrance. Here’s how skills-based hiring can work in your favor:

1. Highlighting Your Unique Strengths: Instead of worrying about gaps in your resume or a lack of formal education in cybersecurity, you can focus on showcasing the skills you’ve developed throughout your life and career. This approach allows you to present a more holistic picture of what you bring to the table.
2. Opening New Doors: Skills-based hiring can help you break into cybersecurity roles you might not have considered before. For example, if you have a knack for problem-solving and have developed strong analytical skills in a previous role, you could pivot into a cybersecurity analyst position, even without a traditional background in that field.
3. Fostering Continuous Growth: When employers focus on skills, they’re often more open to candidates who show a willingness to learn and grow. This mindset encourages continuous professional development, allowing you to build on your existing skills and acquire new ones, keeping your career trajectory dynamic and forward-moving.

Positioning Yourself for Success in Cybersecurity

To fully leverage the power of transferable skills and thrive in a skills-based hiring environment, especially in cybersecurity, it's essential to position yourself strategically. Here’s how to do that with a focus on entering the cybersecurity field:

1. Deeply Understand Your Skills: Begin by conducting a thorough self-assessment to identify your transferable skills relevant to cybersecurity in your current career. For example, teachers possess a wide range of transferable skills that can be highly valuable in a cybersecurity role. Their ability to communicate complex information clearly and effectively translates well into explaining technical concepts to non-experts, a critical skill in cybersecurity. Teachers are also adept at problem-solving, often having to think quickly and adapt lesson plans to meet the needs of their students, which mirrors the dynamic and fast-paced nature of cybersecurity. Additionally, their organizational skills, attention to detail, and experience in managing sensitive information align perfectly with tasks like risk assessment, data protection, and incident response. By leveraging these skills, teachers can make a smooth transition into cybersecurity, bringing a fresh perspective and a strong foundation for success.
2. Research the Cybersecurity Market: Before you start applying, research the specific cybersecurity roles you’re interested in, such as security analyst, SOC analyst, or penetration tester. Look at job descriptions to identify the most in-demand skills and certifications, such as CompTIA Security+. However, many skills that aren't tied to formal certifications can be just as valuable as technical expertise. These transferable skills, often honed through diverse work experiences, can be just as impactful as certified technical knowledge in a cybersecurity career. This research will help you understand how your existing skills align with what cybersecurity employers are looking for.
3. Tailor Your Resume and Cover Letter: With your skills inventory and market research in hand, craft a resume and cover letter tailored to each cybersecurity job you apply for. Highlight your transferable skills prominently, using specific examples of how you've applied them in previous roles. For instance, When transitioning from the military to a cybersecurity role, emphasize transferable skills like discipline, attention to detail, and risk management on your resume. Military experience with assessing threats, responding to emergencies, and working in high-pressure environments closely aligns with cybersecurity demands. Highlight leadership, teamwork, and any technical work with communication systems or intelligence gathering to show your readiness for roles in security operations and threat analysis. Use action verbs and quantify your achievements to stand out.
4. Build and Showcase a Cybersecurity Portfolio: Cybersecurity is a field where practical skills are highly valued. Create a portfolio that showcases your work, such as write-ups on cybersecurity projects, contributions to open-source security tools, or successful completion of Capture the Flag (CTF) challenges. This tangible evidence of your skills can be a powerful supplement to your resume, demonstrating your readiness for a cybersecurity role.
5. Optimize Your Online Presence for Cybersecurity: Ensure your LinkedIn profile and other professional social media accounts reflect your cybersecurity aspirations. Update your LinkedIn headline to highlight your key transferable skills and certifications. Engage with cybersecurity content, join relevant groups, and participate in discussions to increase your visibility. Consider writing articles or sharing posts that demonstrate your knowledge and interest in cybersecurity.
6. Prepare for Cybersecurity Interviews with a Skills Focus: During interviews, be prepared to discuss your transferable skills in detail and how they apply to cybersecurity. Practice answering questions that ask for examples of how you've handled security-related issues or managed risks in previous roles. Use the STAR method (Situation, Task, Action, Result) to structure your responses, emphasizing your ability to adapt and learn quickly.
7. Pursue Continuous Learning in Cybersecurity: Cybersecurity is a field that evolves rapidly, so continuous learning is essential. Pursue certifications like CompTIA Security+, CEH, or a vendor-specific cloud certification to enhance your credentials. Online platforms like ITPro.TV, SANS, and Pluralsight offer courses that can help you build the necessary skills. This not only improves your marketability but also shows potential employers your commitment to cybersecurity.
8. Network with Cybersecurity Professionals: Networking is crucial in the cybersecurity community. Attend industry events, join professional associations like (ISC)² or ISACA, and connect with individuals who work in the cybersecurity roles you’re targeting. Informational interviews can provide valuable insights and open doors to opportunities you might not find through traditional job searches. When networking, clearly articulate how your skills are relevant to cybersecurity and the roles you’re interested in.
9. Consider Cybersecurity Volunteer Work: If you’re looking to break into cybersecurity, consider volunteering or freelancing in roles that allow you to apply your skills in a security context. This not only helps you gain relevant experience but also expands your network. For example, volunteering with CyberUp to speak with students and educate them on the importance of online safety and cybersecurity risks provides a great way to build skills while giving back to your community. 
10. Seek Feedback and Mentorship in Cybersecurity: Finally, seek feedback from peers, mentors, or industry professionals on how you’re positioning your skills for a cybersecurity career. Mentorship from experienced cybersecurity professionals can provide valuable guidance on navigating a career transition and offer insider knowledge on how to effectively market your skills to potential employers in this field.

Conclusion

In an ever-changing job market, the ability to leverage transferable skills and embrace skills-based hiring practices is crucial for job seekers, especially in cybersecurity. By positioning yourself strategically—through self-assessment, targeted research, tailored applications, continuous learning, and purposeful networking—you can open doors to new career opportunities and take control of your professional journey. Whether you’re just starting, changing careers, or looking to advance in your current field, the skills you’ve honed over the years are more valuable than ever, especially in the critical and rapidly growing field of cybersecurity.

Over the last several weeks we have shared a lot about skills-based hiring. It has been focused on the perspective of the employer and hiring manager, but there is another person involved, the applicant. Of course, they are where the rubber meets the road in the hiring process but it’s imperative to dive into the viewpoint of the potential hire. I will jump back to the employer side of things again but to help break up the monotony let’s deep dive into how an individual can control their future through skills-based hiring. 

Skills do not come in a one-size-fits-all model. There are several ways that an individual can obtain skills to obtain the job of their dreams. Some of them are free, some of them are low cost, and many have a larger price tag. Regardless of the one you choose, with a little bit of tenacity and grit, you can break into cybersecurity 100% of the time.

Free Options

1. Self-Study and Research
   1. Industry Blogs and News Sites: Regularly read cybersecurity blogs (e.g., Krebs on Security, Dark Reading) and news sites.
   2. YouTube Tutorials: Many cybersecurity professionals and educators share free tutorials on platforms like YouTube.
   3. Open-Source Tools: Experiment with tools like Wireshark, Nmap, and Metasploit in a home lab environment.
2. Hands-On Practice:
   1. TryHackMe (Free Tier): Access to a limited number of free labs and challenges.
   2. Hack The Box (Free Tier): Basic access to some of the labs and challenges.
   3. CTF Competitions: Participate in free Capture The Flag competitions hosted by various organizations.
3. Networking and Community Involvement:
   1. Join Cybersecurity Forums and Groups: Engage in discussions on platforms like Reddit, Spiceworks, or specialized forums.
   2. Attend Free Virtual Conferences and Webinars:** Many organizations host free online events and webinars.
4. Mentorship and Internships:
   1. Find a Mentor Through Networking: Reach out to industry professionals on LinkedIn or through local meetups.
   2. Apply for Unpaid Internships: Some internships might be unpaid but provide valuable experience.

Low-Cost Options

1. Apprenticeships: 
   1. CyberUp offers a 6-month pre-apprenticeship training for candidates to earn their CompTIA Security+ certification. After completion, candidates will begin their paid, on-the-job training cybersecurity apprenticeship program. 
   2. https://www.apprenticeship.gov/ - for other apprenticeship programs near you.
2. Online Courses: 
   1. Coursera, Udemy, Cybrary (Free or Low-Cost): Many courses have free options or are available at a low cost, especially during sales or with financial aid.
3. Hands-On Practice: 
   1. TryHackMe (Paid Tier): Access more advanced labs and features with a paid subscription.
   2. Hack The Box (Paid Tier): Unlock more labs and features with a subscription.
4. Networking and Community Involvement:
   1. Local Meetups: Some local meetups may charge a small fee for events or workshops.

Paid Options

1. Certifications:
   1. CompTIA Security+: Typically costs between $350-$370 for the exam.
   2. Certified Ethical Hacker (CEH): Costs around $1,200 for the exam, with additional fees for training materials.
   3. Certified Information Systems Security Professional (CISSP): Costs around $749 for the exam, with additional fees for study materials.
2. Formal Education:
   1. Degree Programs: Costs vary widely depending on the institution but can range from a few thousand to tens of thousands of dollars.
   2. Bootcamps: Intensive programs typically range from $5,000 to $15,000, depending on the provider.
3. Conferences and Networking:
   1. In-Person Conferences (e.g., DEF CON, Black Hat): Registration fees can range from $200 to over $2,000, depending on the event and type of pass.
4. Advanced Online Courses and Specializations:
   1. ITPro TV: Several options and class types with hands-on ranges that can range from $500 - $5,000.
   2. Coursera Specializations or Professional Certificates: Can range from $39 to $79 per month.
   3. Udemy Courses (Full Price): Typically range from $20 to $200 per course, though sales often reduce the price.

This isn’t an exhaustive list of options but it is a great starting point to build your skills in cybersecurity. My biggest advice is to follow these four simple recommendations to achieve your final goal, employment.

1. Determine where you want to be: There are so many options in the world of cybersecurity that you can pick a career. It can be slightly overwhelming to break down all the functions, skills, and opportunities available. The only way I have found to learn about each of these is to build a network of professionals on your side who coach and advise your journey. Through networking and mentorship, you can determine the best path and work towards the development of your training plan. 
2. Map out your learning journey: Now that you have a sense of what you want to do you need to figure out how you get there and gain those skills. Through conversations and research, you can determine the most important skills needed for the role and begin finding ways to learn them from the recommendations above. Free is always a great option but as you read, there are more than a few ways to get to the finish line here. 

• Build your network: Along your journey find new and fun ways to meet people. That can be virtual or in-person but building your community is critical to your long-term success. Find groups like OWASP, B-Sides, Defcon, ISACA, ISC², or others that meet regularly and provide professional development opportunities. These events are a great way to build advocates in roles you are interested in. 
• Pay it forward: It never feels like it happens fast enough but if you follow these rules you will eventually increase your odds of success. When you do get there remember how it happened and over to return the favor to someone else trying to break in. Bring new programs and opportunities to your work and continue to advocate for new hiring best practices. We all can acknowledge the system can use some help so join us in being part of the solution!

Now get out there and start gaining those skills! If you are someone looking to gain skills check us out or find us when you are ready to get to work. If you are a hiring company same advice, reach out and ask us how you can tap into our amazing bench of cyber-trained career transitioners! See you out there.