I have been fortunate in recent years to meet a lot of cyber security undergrads and post graduate students. They speak with passion about getting into the industry and finding their place in the future digital economy. Last Saturday I chatted to over 100 students ranging in ages and stages on their journey into the cyber security workforce. Graduates are not my usual audience having built my business working with C-level and senior information security leaders. However, my job on Saturday was to inspire our leaders of tomorrow to find ways of fulfilling their cyber security career goals.
What interested me was, in the lunchbreak, the questions I received from the people who approached me were similar. In different ways, I heard the following:
“I’ve tried networking and I still don’t have a job. Where am I going wrong?”
“How do I stand out among the 9000 students who have applied for the same summer internship as me?”.
“Do you offer interview technique coaching? Maybe that’s where I’m falling down?”
“Do you know any smaller organisations that are offering Industry Based Learning or graduate programs?”
“How can I get work experience? No one will hire me without it.”
For starters, I stood by my advice that networking can take time to bear fruit. It could take five or more years before you have an opportunity to work with/for/help someone you just met or vice versa. Networking doesn’t have to be about getting a job from that exact person you’re speaking with – it can also be about getting your name out there. Organisations looking for cyber security staff find those who are well connected, well respected and who are active in the industry to be of interest and value.
Aside from networking, I offered some advice 1:1 in answer to the above questions - All except one... I didn’t want to hazard a guess at which smaller or mid-tier organisations are offering internships or work experience. I know the banks, the big 4 consultancy houses and larger corporates have the resources to invest in our youth, train them up, make them business savvy and set them free. But are there smaller, niche players who are offering cyber security work experience in any way, shape or form? Work experience at these smaller organisations would offer graduates a completely different world view than in a large corporate. Smaller security teams take on a different look, feel and responsibility.
I can hear you thinking… ‘what’s in it for me/the organisation’? CISO/CIO’s who provide these opportunities to industry new-comers have first choice on the great talent they have nurtured when jobs do become available. The workers are passionate, motivated, innovative and their presence bolsters your current (and future) cyber security capability. Could your organisation find the capacity to provide much needed work experience programs to upskill our experts and leaders of tomorrow? If not, what are the barriers?