The InfoSec industry is short handed, and we all know it. The question is what are we doing about it. Seriously, we have a community that is pretty welcoming. That is all fine and good, but have we not thought the process through enough. What happens when we are not here? With how fast things change, and come up, how are we getting people to want to get into our industry?
I look at our industry and am worried. We all know about the skills shortage, the amount of job openings, and how insecure everything is. We keep saying security is a process, not a destination and that is true. The issue though is we are focused on the here and now, at least most of us are. Those that are forward thinking, looking for the next issue, are only looking at technology. There is a bigger crises, and that is who will take over from our generation? Yes, we see people in their twenties at the conventions, but seriously look at how many there are. Who will take over from them?
The way I am seeing it, if we really want to be about security, we have to nurture the next generation. Think about it, how many times do people in our industry say it takes passion and a desire to learn to be part of the world of InfoSec? How many times do people in our industry brush off degrees, some of the certs, and say you need a cert that will run you $6000 and experience? How much of that can we actually impart on those that cannot afford a SANs class, or let alone a computer?
There are organizations out there such as Hak4Kidz who are aimed at the teen and pre-teen and are awesome about inspiring the next generation. Even with that though, how many slip through the cracks? How many do not have parents that can see it, or are able to pay for their children to attend these conferences? I recently talked with someone from Boys and Girls club and it got me thinking about all this. I was told how much these children loved it when they were being shown a little on how games were programmed. The interest in technology that they showed. Inner city youths who are poor, have to share a computer with the family if they are lucky, show interesting in the technology field. Now ask yourself, how many of these children will slip through the cracks, and how many innovations will be missed because of that.
We as a community need to start taking a long hard look at this. there are groups, Boys and Girls Clubs, Boy Scouts, Girl Scouts, Girls Inc., and many others that we can get in touch with and work out some sort of program. It might just be a one time thing, going in and showing them how to be a bit more secure, show them what some of the tricks are and how it can affect them. Sure we might only get a few per group, but think about it, that is a few more that will be interested in securing the future. The teen and pre-teens that show interest need to be mentored. If we really are about securing all the things, don’t we have to include the future? Isn’t that part of the scope, to make sure that we have enough people behind us for when we retire or are gone?