To find out, Tessian released the Opportunity in Cybersecurity Report 2020. Based on interviews with over a dozen practitioners from some of the world’s biggest and most innovative organizations (including Google, KPMG, and IBM), survey results from hundreds of female cybersecurity professionals, and quantitative research from the Centre for Economics and Business Research, we revealed that:
While we examined the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field, we were recently introduced to a different perspective.
HackerOne released The 2020 Hacker Report earlier this year and, on April 21, Tessian welcomed Ben Sadeghipour, the platform’s Head of Hacker Education, to present the key findings from the report during one of our Human Layer Security Virtual Roundtables.
The message was simple: Hackers can (and do) help bridge the cybersecurity skills gap.
Now, by combining highlights from The 2020 Hacker Report with our own Opportunity in Cybersecurity Report 2020, we’ve identified 3 key reasons why hackers have the potential to make a positive impact on the industry.
When asked why there’s a skills gap in the industry, 47% of those women surveyed said it’s because there’s a lack of qualified talent.
Likewise, 33% of women currently working in cybersecurity say that a lack of requisite skills was the biggest challenge they faced at the start of their career. This came behind a lack of clear career development paths (43%) and a lack of awareness/knowledge of the industry (43%).
While a greater emphasis on STEM subjects in primary/high school, more apprenticeship programs, and cybersecurity-specific curriculums at universities would certainly help, we need to look beyond formal education.
According to HackerOne’s report, “Most [43%] hackers consider themselves self-taught… since formalized cybersecurity engineering educations have yet to become common, bug bounty programs and public VDPs give promising hackers the ability to quickly learn, grow, and contribute to everyone’s increased security.”
What’s more, hackers are putting these self-taught skills to use, with 78% of hackers saying they’ve used or plan to use their hacking experience to help them land a job. On top of that, the majority of hackers (59%) say they hack as a hobby or in their free time and 27% describe themselves as students.
That means a large percentage of hackers could, in theory, transition into cybersecurity.
It’s important to note, too, that different cybersecurity roles attract different types of talent. We asked our survey respondents to identify the skills needed to thrive in different roles, and the results demonstrate how diverse the opportunities are.
While a lack of requisite skills is perpetuating the skills gap, 51% of the women surveyed in Tessian’s Opportunity in Cybersecurity Report 2020 said that a more accurate perception of the industry in the media would encourage more women into cybersecurity roles.
Hillary Benson, Director, Product at StackRox and one of the contributors to our report summed it up nicely when she said, “People hear ‘cybersecurity’ and think of hackers in hoodies. That’s a bit of a caricature, maybe with some legitimacy to it—and that was even part of my own experience—but that’s not all there is.”
Unfortunately, this “caricature” of hackers tends to be negative as pop culture and headlines about nation-state hacking groups have conditioned us to associate hackers with criminal or solitary activity. HackerOne even commissioned a survey of over 2,000 US adults to gauge their perception of hackers.
The survey found that 82% of Americans believe hackers can help expose system weaknesses to improve security in future versions. However, a nearly identical share said they believe hacking to be an illegal activity.
But, hackers feel confident this perception is changing for the better, with:
23% of Tessian’s respondents said that a lack of role models was a challenge they faced at the start of their career, and a further 26% said that more diverse role models would encourage more women to enter cybersecurity roles. The impact of role models is even more important for the younger generations.
Hackers already have a strong community.
Katie (@Insider_PHD) was quoted in HackerOne’s report saying “The community is super encouraging. The community is super willing to help out. It’s, as far as I’m concerned, my home.”
Likewise, Corben (@CDL) was quoted as saying “Being part of the hacker community means the world to me. I’ve met a ton of people. I’ve made a ton of friends through it. It’s really become a big part of my identity. Everyone who is a part of the community is bringing something important.”
Beyond that, 15% of those surveyed got interested in ethical hacking because of online forums or chatrooms.
The bottom line is: Mentorship is important. Role models are important. Community is important. Unlike cybersecurity professionals – specifically female cybersecurity professionals – hackers have these things in abundance.
Data has become valuable currency and ransomware attacks, phishing scams, and network breaches are costing businesses and governments billions every year. And now, with new security challenges around remote-working and a marked spike in COVID-19-related phishing attacks, cybersecurity is more business-critical than ever before.
While we should continue encouraging gender diversity in cybersecurity, we should also encourage other types of diversity as well. The field is wide open for a range of educational and professional backgrounds…including hackers.
Challenge perceptions, make an impact.
So, what is cybersecurity actually like? It depends on your role within the field. And contrary to popular belief, the opportunities available are incredibly diverse.
To learn more about how the 12 women we interviewed broke into the industry, read their profiles.