There are two very real problems in cybersecurity today that you may or may not have seen in the headlines, reputable periodicals, or even your LinkedIn feed. There just aren’t enough skilled security professionals to go around. How could that be, when we are frequently inundated with requests for mentorship from people who are trying to break into the field? To be frank, organizations simply aren't hiring entry-level information security professionals. They all want someone with demonstrated skills and experience to help secure their information environments.
The solution might be older and simpler than we think. Apprenticeships have been around for hundreds of years – even in the United States. There are records of apprenticeships in New England as early as 1640, where Thomas Millard worked and received on-the-job training from William Pinchon. European apprenticeships go back even further, especially in the stonemason and blacksmith trades. It didn’t end there, with skills trades like plumbing, carpentry, electrical, and even butchery lasting well into the late part of the 20th century before seeing decline. Throughout history, we have been able to find creative ways to help bridge skills gaps through on-the-job training programs. The information security field can see all the benefits of early-day apprenticeships, where training, experience, and certification separated amateurs and hobbyists from trusted professionals.
The hardest part about starting an apprenticeship program is getting started. Human resources, recruitment, and other staffing processes will differ from more traditional employment. Fortunately, there are government programs in place to assist organizations with implementation, such as the Department of Labor’s ApprenticeshipUSA and various state-run programs. These programs also help find ways to subsidize costs and raise awareness. Even more benefits might be available by offering apprenticeships to veterans, those with disabilities, and recent college graduates.
If your organization is finding difficulty keeping the information security workforce charged, or if you are looking for ways to increase your team without breaking the bank, please consider giving back to the entire information security community by starting an apprenticeship program.
Steve Higdon has been working in the information security field for over ten years, providing support and consultancy to both public and private sector organizations. Steve can be reached via email at firstname.lastname@example.org and on Twitter at @SteveHigdon.