Why aren’t young people interested in cybersecurity?
As we roll into 2019 and are hit with countless articles about the cybersecurity job and skills gap, it’s a real wonder why millennials aren’t flocking to this field.
So why aren’t tail-end millennials and generation Z folks sprinting into InfoSec? Presumably, general lack of awareness in high school and on college campuses is a key issue. Unless a close friend or family member works in cybersecurity, many young people don’t have much exposure to cybersecurity outside of stereotypical hoodie-clad keyboard-hammering 20-something entertainment portrayals of hackers, well represented by Rami Malek’s Elliot in the Mr. Robot television series.
Interest vs. Consideration
To illustrate this point, in a recent survey from ProtectWise canvassing “technology-savvy millennials and post-millennials,” just 9 percent of respondents stated they are interested in a pursuing a cybersecurity career. As a point of comparison, video game development came in at 33 percent in the same study.
Alternatively, we conducted our own survey of more than 400 respondents of a similar age group in the U.S. and chose to position a similar inquiry around the term consideration: “Would you consider a career in cybersecurity?” In our minds, consideration suggested that, if presented with convincing or new information, one might be open to a new idea. Based on this semantic assumption, we anticipated seeing elevated levels of consideration.
As anticipated, nearly one-third of respondents said they would consider a career in cybersecurity—much higher than the other survey’s 9 percent. While approximately 40 percent said they wouldn’t consider a career in cyber, another 29% said that they weren’t sure. While interesting in comparison, we can’t say for certain whether this difference is significant or representative of any open-mindedness due to the fact that other career options were not presented as a control for variability.
Yet, this survey question doesn’t provide evidence into the complete picture as to why cybersecurity isn’t attracting enough young talent. Considering interest from another angle, perhaps the limited commitment in entering the field could be explained by a bad connotation or sentiment in the word “cybersecurity” and what it represents to each individual. Two-thirds of those surveyed listed the term as having a positive connotation. Another 26 percent felt “neither positive or negative” and only 7 percent felt that “cybersecurity” had a negative connotation. A good sign for cyber?
It’s not all good news. Within our dataset, we were able to break down respondents answers by gender. This is of particular relevance as the U.S. Department of Education has indicated that this fall, women will comprise more than 56 percent of students on campuses nationwide, but the current cybersecurity employment pool is only 11 percent female.
Yet, in our survey, some telling gaps emerge. Just 20 percent of women, compared to 47 percent of men, would consider a job in cybersecurity. Even more interesting, 52 percent of women explicitly stated that they would not consider a job in cybersecurity compared to 26 percent of men.
Lots of Percentages Leading to One Conclusion
So what does this survey data mean? We’ve established some evidence that interest might be low, but consideration is, well, considerable. And, fairly confidently, we have evidence that suggests that young people don’t have an intrinsic repulsion to everything dubbed “cybersecurity.” Finally, though women represent a significantly larger portion of the current and future education workforce, they are sorely under-represented when considering entering the field.
This evidence further solidifies the notion that cybersecurity has a serious marketing and awareness issue. With a median income of $89K, rock-bottom unemployment, accelerating mobility, and a wide variety of roles, young people should be beating down doors to get into cyber. But, they aren’t. These are some of the steps we can take to spark interest and change the paradigm:
Increase Awareness Early–Just as hundreds of organizations—for-profit and nonprofit—have initiated programs that encourage children to start coding, perhaps we should consider similar programs that introduce cybersecurity to children. While there are fantastic existing programs like the Air Force Association’s CyberPatriot program, many of these programs offer a barrier to entry to young people who aren’t already sold on a career in cybersecurity or related STEM field. Programs built around gamification (game-based learning) are a natural choice to explore.
Integrate Curriculum – Computer-aided instruction has been a common component of K-12 education since the 1980s, but related areas of cybersecurity are not covered in the vast majority of schools. Some schools have included course segments that promote Internet safety and general digital hygiene, but these courses, in that they are more focused on public service rather than appealing content, may actually be doing more to deter students from a career in cybersecurity than promote the professional pathway.
Educate Those Who Educate – High school guidance counselors and dedicated career and college advisors need to be informed on the value of entering the cybersecurity field so that they, in turn, can suggest the field to students. There is not sufficient evidence to suggest that counselors are actively promoting the benefits of entering cybersecurity and there is a chance that students considering STEM career choices aren’t presented with cyber falling under the STEM umbrella. In fact, another one of our survey results suggests that most students aren’t really clear on who is qualified for a career in cybersecurity.
Increase Exposure to Practitioners – Schools should go out of their way to introduce students to practitioners in the field. Whether it is a career day or a mentorship program, educators can do more to increase student exposure to role models in cybersecurity. The industry is broad and the opportunities are nearly endless so any opportunity to have a young person identify with and admire a successful practitioner would be beneficial in increasing exposure and interest.
Arm Cyber Ambassadors – Colleges and universities are supremely concerned with post-graduation job placement, and rightfully so. As mentioned, cybersecurity professionals can enter the field from a variety of disciplines. With these two points in mind, there is an intersection in which higher-education institutions are incentivized to expose ALL majors to the benefits of a career in cybersecurity. English majors can become threat intel analysts. Mathematics majors can work in cybersecurity risk mitigation. Business majors can work in incident response.
It’s not exactly clear why young people aren’t flocking to cybersecurity given all of its benefits as well as the proliferation in the daily news media. However, there are steps that can be taken to increase exposure to the field. If you’re interested in a career in cybersecurity but aren’t sure which subject area suits your personality and skill set, check out our Cyber Roles Quiz and Infographic to help you on your cyber quest.