Cybersecurity breaches and cybercrime have been recognized as an area of immense risk for at least five years. Organizations ranging from the government to corporations have had data compromised or stolen. Currently, cybercrime alone is a business estimated by $445 billion, according to the Harvard Business Review. Technology news reveals that the average company deals with 200,000 attempts against security daily.

The number of incidents and their breadth is triggering concern that there are not enough qualified people to be the white hats: cybersecurity professionals who block security breaches, develop better security, monitor systems, and develop policy and educational programs to fight a threat that is likely only to grow bigger. The concern is very real. The HBR estimates that cybersecurity worldwide will have over 1.5 million jobs unfilled by 2020 — only two and a half years away.

Developing the No-Collar Job?

There are multiple issues that have led to the weakness in filling the cybersecurity position pipeline.

The first is the relatively narrow qualifications and fields in which cybersecurity firms look. A Washington Post survey several years ago noted that more than three-quarters of advertised cybersecurity jobs in the Washington D.C./Maryland area (which is to cybersecurity as Silicon Valley is to computers), required a bachelor’s degree. Many of the required degrees, the HBR points out, are in computer science. Only 17% of cybersecurity jobs required just a high school diploma; 4% required master’s degrees.

The second is a lack of knowledge of the field as a career. The Washington Post reported that a whopping 82% of people 18 to 26 years old had never had counselors or anyone else mention cybersecurity as a potential career while they were in high school.

The HBR article suggests that the cybersecurity pipeline could be filled by nontraditional as well as traditional means. The job requires curiosity, the ability to problem-solve, attention to detail, and ethics. Not every cybersecurity job requires computer skills or advanced education.

One specific solution is the formation of the “no-collar” job: neither blue- nor white-collar, but organized around specific expertise that could be found in a community college or certification programs, augmented with continuous learning on the job.

The “no-collar” job could cast a wide net: people seeking to change careers as well as people just graduating and looking for a career with job security.

Roughly 20% of current cybersecurity hires are from the “no-collar” pool.

Building a Cybersecurity Pipeline

The HBR further suggests that companies move beyond situation hiring and toward building consistent outreach, knowledge, and what it terms building a “cybersecurity ecosystem” as part of their business strategy. Companies can partner with government, colleges, high schools, and middle schools to make sure that young people know what the field is. Mentorship programs can help.

Mentorship programs and other support networks are also important for new hires. Rotate assignments so that people know what is available and their skills can be assessed appropriately.

Cybersecurity breaches and cybercrime are major threats now and will continue to be so in the future. While not all cybersecurity positions are filled now, moving the activity to recruit no-collar positions and building a pipeline of interest in this growing field can eliminate the problem of undercapacity.