Helen Young Hayes
The severity and ferocity of cyber attacks are real. Ransomware, data theft, extortion and social engineering attacks continue to rise, threatening individuals and industries. Commerce and governments are responding, but it's difficult to keep up with the breakneck pace of intrusion techniques. Some industries will see a 60% increase in attacks year-over-year from 2022 to 2023, resulting in approximately 482,000 cyber-related job openings in the United States.
The need to increase the talent pool has caught the attention of the White House, which responded by removing the college degree requirement for federal cyber contractors, a bold and forward-thinking move that will broaden and diversify the applicant pool. — But to truly impact the industry, this approach must spread beyond Washington, said a hiring manager here in Colorado. — 14,400 positions available — You should be careful.
When recruiters reduce barriers to employment and broaden the pool of skilled cyber tech talent, they lower hiring costs, shorten time to fill positions, improve retention, and promote workforce diversity. Unfortunately, outdated assessment and hiring criteria have the exact opposite effect. Instead of prioritizing digital capabilities and hiring talent with new, relevant skills, the majority of entry-level tech job descriptions unwittingly bottleneck the talent pipeline by requiring applicants to have a four-year degree. At the time of writing, a search on Indeed.com for entry-level cyber jobs showed 85% requiring at least a four-year degree. More than half required applicants to have a master's degree.
Stay up to date: Sign up to receive daily opinion pieces by email, Monday to Friday
This practice hurts more than employers who need to fill critical cybersecurity jobs. College degree requirements perpetuate inequality and effectively close the door to economic success for those who cannot afford a four-year college education. The Census Bureau reports that more than 62% of Americans over the age of 25 do not have a college degree. Here in Colorado, 70% of people born here do not have a college degree, so the state relies on importing college-educated workers from other states rather than cultivating local talent. Given the clear threats posed by cybersecurity and the speed at which threats are evolving, Colorado employers should prioritize digital competency, acquired skills and certifications over a four-year degree for entry-level tech jobs. So why rely on an outdated four-year degree standard?
The benefits of inclusive, skills-based hiring go beyond greater access to cybersecurity candidates. Eliminating discretionary degree requirements allows companies to embrace diverse perspectives, work toward diversity, equity, and inclusion (DEI) goals, and provide opportunities for more Coloradans. Companies and HR executives need to be proactive and think outside the box for degrees. Luckily, Colorado has some forward-thinking organizations, and the CompTIA Workforce report shows the idea is gaining support among HR professionals.
Ardent Mills is a leading flour supplier in North America. The company has adopted a skills-based certification approach, saying, “We believe that having multiple pathways to gain technology and business knowledge skills is important to ensuring a long-term sustainable workforce. By combining different roles that don't require a traditional college degree and developing talent from a variety of backgrounds, we can better leverage diverse experiences that might not be available otherwise.”
The Colorado Governor's Office of Information Technology (OIT) also advocates for eliminating college degrees for entry-level IT jobs and building tech talent through apprenticeships. Bob Nogueira, OIT's chief human resources officer, believes that the focus on apprenticeships and skills-based hiring has allowed the state to have a collaborative and efficient interview and hiring process. — Identify candidates who can become productive members of your team faster.
Even traditional higher education institutions are seeing the value of hiring skilled talent: Metropolitan State University’s Cyber Security Center facilitates certification with hands-on experience for participants in its 15-week Cyber Fundamentals Bootcamp, giving students the opportunity to gain economic equality without a four-year degree.
Other advocates of hiring for skills over degrees include experienced information security professionals. When nonprofit ISACA surveyed its cybersecurity members, it found that the majority believe work experience, certifications and specific training courses are the most important factors in determining whether a cybersecurity candidate is qualified and positioned to succeed.
Building cybersecurity resilience requires a strong foundation and immediate action to address the current tech workforce bottleneck. Eliminating or reducing degree requirements for entry-level tech jobs and introducing skills-based credentials will broaden the talent pipeline and fill jobs faster, while improving our nation's and state's economies and communities.
With strong partnerships and a new approach that rethinks what's important, we can address Colorado's cyber talent shortage and strengthen Colorado's industry and economy against attacks.
Helen Young Hayes founded ActivateWork, a not-for-profit recruitment, training, employment and coaching organisation that provides economic mobility for talented and diverse technologists and higher education qualifications to launch their IT careers.
