So many of the skills that come up on a day-to-day basis as a cybersecurity professional can’t be measured by certifications or trainings. Not making those things a requirement for getting hired doesn’t mean you’re lowering your standards for applicants. It demonstrates that as a company, you recognize there are more important qualities in an applicant than the ability to pass standardized assessments.
Removing these expensive programs as requirements also allows for a much more diverse group to be considered for positions. Not everyone has the money, time, or resources to complete trainings and certifications.
This also goes for the types of higher education degrees companies require. It’s not feasible to think everyone will have the ability to achieve advanced degrees. Importantly, those abbreviations also don’t mean you’re hiring a well-rounded, qualified candidate.
And by the way, cyber bootcamps, certification companies, and postgraduate courses make a handsome profit regardless of how employable their students come out the other side. The industry needs to lead the conversation, or other institutions will, and it's the yet-to-be-employed who are the casualties from our lack of intervention.
As an industry, we need to stop just talking the talk about fostering diverse workplaces and actually walk the walk. It starts at the hiring process.
Change job descriptions and interview tactics to show you value passion, skills, and determination—not abbreviations. Your company will be better off for it, and so will the industry.
DRAY AGHA is senior ThreatOps analyst team lead (UK) at Huntress.