In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep us safe and to raise visibility on the need for education and awareness—for everyone. With a staggering 3.4 million unfilled cybersecurity jobs, almost 70 percent of organizations report not having enough cybersecurity staff to be effective.2
And security leaders are sounding the alarm as they want to keep cybersecurity professionals equipped with the right resources to avoid burn out. Yet, this isn’t merely about technical prowess. The ideal cybersecurity workforce harmoniously merges technical expertise with invaluable soft skills. While cutting-edge technology offers part of the remedy, the heart of our defense lies in human expertise—the minds that craft strategies, wielding these tools to ward off potential cyberthreats. The gap in cybersecurity talent is a collective concern, and Microsoft is eager to support the mission to bridge this gap through educational programs that include diversity, providing guidance to security professionals and their organizations on how to be cybersmart and generative AI technology to augment the talent that prevails.
Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.
There are still a lot of misconceptions about what is required to be a successful professional in this industry.
Common fallacies that may hold people back from exploring cybersecurity careers include that only science, technology, engineering, and mathematics graduates—or college graduates in general—can get cybersecurity jobs. The industry is growing more inclusively and attracting a broader range of people, including professionals outside IT. In fact, half of employees younger than 30 join the industry with a non-IT background.3 To take on cybersecurity challenges, security teams must be as diverse as attackers in terms of background, race, and gender. As we like to say, the door is open for anyone to become a cyber defender.
“Almost everything needs cybersecurity. It’s just going to keep growing and it will never go away, so we need more people in it. To get people into cybersecurity we need to break that stigma of what the industry is about. Cybersecurity is not just coding, and we legitimately need all types of people, like psychology majors, English majors, business majors, besides computer science, because there are so many different areas you can get into” says Caitlin Sarian, also known as Cybersecurity Girl, a prominent digital influencer that joined an episode of our Secure the Job Podcast and whose main goal is to help more people understand cybersecurity and consider joining the industry.
“We need to change the security narrative from fear-filled dark tones to hope-filled, optimistic, innovative tones for several reasons. First and foremost, security is a prime driver for innovation, and it needs to inspire and empower people. If we don’t involve everyone, if we continue to think of security as exclusive and fear-filled, then we are creating barriers to entry for defenders to participate,” says Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft.
We take the cybersecurity talent gap seriously and are committed to doing our part to help close it. In 2021, we launched a national campaign with United States community colleges to skill and recruit 250,000 people into the cybersecurity workforce by 2025 and in summer 2023 we made this mission global by expanding this program to 28 countries. Furthermore, the school 42 initiative provides Microsoft Cybersecurity Curriculum and facilitates the completion of Microsoft Certification (SC900) in campuses worldwide. Additionally, with programs like Technology Education and Learning Support (TEALS) and the Last Mile Microsoft Scholarship, and partnerships with organizations such as Codepath, we’re not only taking computer science and cybersecurity learning to students, but we’re also going the full circle in providing the financial support many families need to enable students to continue their educational pathway.
However, there is still a long way to go, and we know that one way to reduce the skills gap is to bring more underrepresented groups into the workforce. One important effort we’ve been focusing on is attracting more women to the industry. Women offer diverse points of view, deep analytics and risk assessment skills, and emotional intelligence that are hallmarks for a successful cyber defender, but they represent around only 25 percent of the cybersecurity workforce today.4 In a Microsoft-commissioned survey, we learned that the reasons for this underrepresentation include gender bias, not enough female mentors and role models, insufficient education opportunities, and uncertainty about cybersecurity career pathways.5 That’s why we partner globally with projects that practice similar values and have the same commitment to diversity in cybersecurity, such as Minorities in Cybersecurity, Executive Women’s Forum, and WOMCY. In the United States, two of our main education partners, Women in Cybersecurity (WiCyS) and Girl Security, have been recently recognized by the White House’s National Cyber Workforce and Education Strategy as key players in changing the diversity landscape of the cybersecurity workforce.
“Part of the challenge is driving the message that diversity is not just about numbers. It’s about innovating security solutions that we can’t possibly conceive right now because we don’t have diverse voices in the room to yield those outcomes. When we bring first-generation college and immigrant students to the table, the effects are remarkable.”
—Lauren Buitta, Chief Executive Officer and Founder, Girl Security
At Microsoft we’ve also been using technology innovation to spread interest in cybersecurity while doing it earlier in the process, as early exposure strongly impacts career choices in the future. To help with that and to enable kids from all ages to behave safer online, we’ve developed the Minecraft Education Cybersecurity Collection, with levels that go from kindergarten to college and focus on teaching cyberskills at every level with fun, accessible lessons for the modern digital citizen, followed by learning resources.
The latest generative AI revolution has gotten plenty of people excited because of its potential to advance business initiatives, but there’s also a great potential impact of AI adoption in cybersecurity talent. Vasu Jakkal recently shared how AI can improve cybersecurity by harnessing diversity and offered other suggestions for how to encourage cybersecurity interest.6 Human ingenuity and expertise will always be a precious and irreplaceable component of security, and AI has the power to tip the scales in favor of cyber defenders by augmenting human capabilities, enabling machine speed cyberthreat detection, and fostering a stronger collective skillset of diverse backgrounds and points of view.
Among other things, generative AI also has the potential to expand the number of cybersecurity professionals and help them refine and strengthen their skills. Using AI tools in recruiting can also help “transcend biases, optimize talent acquisition, promote inclusive training and education,” and lead to more hiring of diverse candidates.7
Recognizing the increasing importance of AI skills in the global workforce, Microsoft has launched the AI Skills Initiative to enhance AI education and address emerging skills gaps. In partnership with LinkedIn, the initiative offers a Professional Certificate on Generative AI and the Generative AI Skills Grant Challenge, a collaboration with other organizations that focus on underserved communities.
There is a lot we all can do to support cybersecurity education and help narrow the skills gap. If you’re a security professional, consider being a sponsor for someone or supporting one of these many mentoring programs mentioned in this blog.
Many remain unaware of the vast opportunities awaiting them in cybersecurity, so we invite you to amplify these prospects to a broader audience. Check with your local area school if they have a TEALS program and let them know about the career path the Last Mile Education Fund offers. Amplify free cybersecurity content, training, and learning opportunities by earning a Microsoft and LinkedIn’s Career Essentials Certificate and show the wonders the Minecraft Cybersecurity education game can provide to the younger generation.
In the spirit of security being a team sport, explore our Cybersecurity Awareness Website to continue your education and to help educate your organization and community. It takes a village to make a difference in the lives of others and to support our cybersecurity professionals who tirelessly keep us safe. It is vital that no matter what role we play in our workplace, family or community, we all become a cyber defender.
To learn more about cybersecurity best practices and educational opportunities, visit our Cybersecurity Awareness Website.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Microsoft Digital Defense Report 2023, Microsoft.
2Cybersecurity Workforce Study, ISC2. 2022.
3Attracting Young Talent to the Growing Cybersecurity Industry, JonesPR. May 13, 2020.
4Empowering Women to Work in Cybersecurity Is a Win-Win, BCG. September 7, 2022.
5Results based on March 2022 IWD Survey commissioned by Microsoft in partnership with WE Communications.
6How AI can improve cybersecurity by harnessing diversity, according to Microsoft Security’s Vasu Jakkal, Dan Patterson. August 25, 2023.
7The Power of AI to Enhance Diversity in Security: Strengthening Defences through Inclusion, LinkedIn. July 2, 2023.
Source: Microsoft Security