4 minute read
Getting out of our own way
I have been in this industry for what feels like a lifetime: more than 20 years in both ICT and cybersecurity roles. I think my history makes me a dinosaur in the tech world: a member of the old guard. I have seen the change, how the digital world has merged with the real world. I think in years to come it will be harder to tell which is the real world and which the digital world. That idea gets my creative side humming: I come up with potential scenarios I could write about in one of my future books (a thought for another time maybe).
I started my career back in the very early 2000s with a traineeship at my local IT shop. I was naturally skilled in anything electronic. Given time I could figure out how something worked. I was stubborn and would keep digging until I understood it. Well, understand it well enough to know what it did or how I could at least get it to do something I wanted it to do. (This made me a good candidate for pentesting back then. I probably would have hired myself).
I had already completed a Certificate 3 and Certificate 4 in IT at my local TAFE after finishing school and while working as a security guard and bouncer at local night clubs (This was not something I wanted to do as a career but a means to an end). When I approached the store all those years ago, I was not concerned that I did not already have five years of experience. I did not think about needing qualifications like CISSP, CISM, OSCP or multiple degrees. I was just a young man who liked tech and wanted a job doing something I loved. Life seemed much simpler back then.
My First Shot
I had a hunger to learn new things and I just needed a start, someone who would take a chance on me, let me learn and even make a few mistakes. That someone was called Andrew. He was the man who gave me my first shot and allowed me to prove myself. It was a gift that instilled in me the desire to do the same for others: to take a chance on the next generation, to put in extra work so they could learn, make mistakes and ultimately figure out if this industry I love was the place for them.
I hear the excuse all the time from my peers in the industry: we don’t have time to teach people. We need someone who already knows how to do the job. I get that. We are all busy people. I certainly am, with all the different hats I wear. But let me put something to you: can we afford not to take the time to teach?
If, as an industry, we do not embrace the equity charter across education, employment and the workforce in general we will remain stuck in the loop we have been in for years. No one is bringing in much new talent. All we old guards in the industry are getting tired. Some are already leaving and the salary expectation of anyone with an ounce of skill or experience is massive.
Traineeships Needed
To fix this we need to return to the days when I got my first shot. We need to create a cybersecurity traineeship program. We need to be like the building trade or the electrical trade. We need to hire people and put them through a TAFE or university course as part of the first one to two years of being employed. Now, this will not be easy. It will likely be the opposite. Cybersecurity is a difficult industry to work in. We will get many people failing in the initial phase. That is okay. It is a feature of the industry, and we have no need to apologise for it.
However, we do need to create opportunities for people to start a career in cybersecurity or we will continue to see many amazing people who could have been spectacular contributors walk away because they hit too many roadblocks trying to get their start. That is a serious matter, and we cannot complain about a skills or experience shortage when we as an industry are doing nothing to fix it.
The responsibility does not lie only with the industry. New entrants need a reset on expectations. They cannot expect to gain a Certificate 4 in cybersecurity and then start work on a $100k annual salary. That is not reality. Yes, the industry pays well, and everyone deserves to make a good income, but new entrants need to earn their stripes, not be handed them on a silver platter.
When I first started I was on $20k a year, or maybe less. It was horrible money for a tough gig, but I worked hard, built my skills and quickly worked my way up from trainee to become the lead technician for the business. That was a long time ago (showing my age a little) and I am not saying starting wages should be that low, but I am saying let's not be silly about this, let's be fair to both sides, pay early career workers a wage appropriate for the skills and experience they have and give them a pathway to earn more as they grow.
Let us stop blaming everyone else, embrace the need to educate and support the next generation of cyber professionals and set fair expectations for what someone should be paid in the first phase of their career.
WHO’S WITH ME?
Let’s change the way we see the industry. Let’s be more open to new ideas and let's just give people the opportunities many of us were given.
www.linkedin.com/in/craig-ford-cybersecurity www.amazon.com/Craig-Ford/e/B07XNMMV8R www.facebook.com/AHackerIam twitter.com/CraigFord_Cyber
