Some of the Most Sought-After Tech Jobs Don't Require a College Degree

After a spate of high-profile hacks this year, companies should be hiring more workers devoted to protecting their networks, yet many aren’t. Part of the problem: There aren’t enough people who fit the bill.

Some estimates of the cyber skills shortage are striking. Cisco’s 2014 Annual Security report puts the gap in demand for professionals with relevant cybersecurity skills and the supply of those people at 1 million worldwide. In a survey of 12,000 information security specialists by the consulting firm Frost & Sullivan, 56 percent said their organization was understaffed in that department.

The shortage is reflected in other ways: cybersecurity job postings took 24 percent longer to fill than all information technology jobs and 36 percent longer than job postings overall, according to Burning Glass Technologies, a labor-market research firm.

Colleges and universities are responding by creating cybersecurity degree programs (a report by the Ponemon Institute in February came up with a list of the top ones, based on a rating of 183 schools). But even these programs can’t produce enough bodies to fill the expanding need, so some companies suggest looking below college level.

Symantec is one. The company is putting $2 million into a pilot project to train urban youth for entry-level jobs in cybersecurity. Based on a study released last year by the Abell Foundation, Symantec says more than 300,000 jobs are going begging, 20 percent of which could be filled by individuals with no college degree.

“People who graduate with a four-year degree related to cybersecurity, they’re not going into entry-level positions, they’re going straight to jobs requiring more experience,” says Marian Merritt, director of cyber education and online safety programs at Symantec. “Yet companies are desperate for the analysts who do the grunt work of cybersecurity, looking at network logs, administering systems settings, etc.”

The company has partnered with two nonprofits, Year Up and NPower, to train an inaugural cohort of 45 students spread among the San Francisco Bay area, Baltimore, and Brooklyn, N.Y.

In Brooklyn, 16 students are midway through the classroom training at NPower’s offices not far from the Brooklyn Bridge. The class includes William Malle, who used to be a guide on Mount Kilimanjaro in Tanzania and migrated to the U.S. four years ago; Alfredo Salas, a first-generation Mexican immigrant who attended high school in Queens; Devina Elmes, who worked at Macy’s before coming to NPower; and Michael Borges, a native of the Bronx, who has worked at H&R Block since NPower helped him get an internship there right out of high school. For the first group in the cyber program, NPower chose graduates of its Technology Service Corps, which provides general information technology training and finds paid internships for its students.

“The thing that intrigues me most about cybersecurity is when you get into a technical field, you don’t really picture yourself actually helping others,” Borges says. “I think this gives me the opportunity to do so.”

The group is learning security testing and ethical hacking, among other skills, in 16 weeks of classes. After that, they will be placed in 10-week internships with one of 10 companies, including TD Ameritrade, Citigroup, Marathon Consulting, and Morgan Stanley. The idea is that within a few months, these students will be ready for entry-level spots that can lead to a lucrative career, says Merritt. Symantec envisions training as many as 15,000 people a year in four years.

There’s a mismatch between the broad education you get in any college program and the realities of entry-level cybersecurity jobs, and more vocational training could meet companies’ needs better, says Doug McLean, vice president of global marketing at Seculert, a security company in Santa Clara, Calif..

“The basic ins and outs of doing the job get dictated a lot by the products you’re using, so you don’t need a year and a half of chemical engineering and mechanical engineering to use those tools effectively,” he says. “I would guess 15 [percent] to 20 percent of them don’t really require that kind of breadth.”

Cybersecurity incorporates a lot of complex technology, but it’s always been an industry that’s relatively friendly to those without a lot of formal education. Just ask Edward Snowden.