In this third week of Cybersecurity Awareness Month, the focus is Explore. Experience. Share. with an emphasis on Cybersecurity Career Awareness Week led by National Initiative for Cybersecurity Education (NICE). To understand how the security industry can get involved and continue to do our part in narrowing the growing skills gap, I spoke with Megan Sawle, VP of Research & Marketing at Infosec.

Here are insights from Megan on what this week’s theme means to her and tips for job seekers and hiring managers.

Q. What does this week’s theme Explore. Experience. Share. mean to you?

A. This week’s theme represents an important step toward understanding the universe of cybersecurity and how it impacts us personally and professionally. If you’ve ever purchased a new, seemingly unique car—only to later see that same model nearly everywhere you go—you already know what philosopher Aldous Huxley meant by the phrase: “The more you know, the more you see.”

Those in cybersecurity will tell you one of the best ways to outsmart a cybercriminal is to understand how they think and operate. This is why cybersecurity education and awareness are so important. By exploring how cybersecurity tools like spam filters and safe browsing can protect you—and be broken—we learn how to use best practices to our advantage alongside mindsets like Zero Trust to keep ourselves safe at work and home. The more you know about cybersecurity, the more you see—from phishing emails and malicious websites to social engineering attacks.

Q. What is the connection between Cybersecurity Awareness Month and Cybersecurity Career Awareness Week?

A. Connecting Cybersecurity Awareness Month with Cybersecurity Career Awareness Week starts with linking shared cybersecurity experiences with cyber career exploration. I experienced my first memorable cybersecurity incident shortly after graduating high school in the early 2000s. Someone hacked my World of Warcraft account and sold my inventory for gold. If you’ve ever played WoW, you already understand how this particular experience left a lasting impact on how I would operate online in the future. It also, incidentally, later led me into a cybersecurity career. 

I often wonder why I had not learned this lesson in high school. Despite my interest in information technology and computer programming languages, my high school advisors encouraged me to pursue a career in art or teaching. To this day, I’m grateful I didn’t follow that advice. Having conversations with students early in their academic careers is an important step in filling the cybersecurity talent shortage we face now. Everyone graduating high school or college should be encouraged to explore a career in cyber.

Q. Considering the overarching theme of Do Your Part. #BeCyberSmart., what does “do your part” mean for job seekers as well as hiring managers?

A. For job seekers, it means taking proactive steps to learn everything they can about information technology and cybersecurity. It also means understanding how cybersecurity is much more than just 0s and 1s. Despite the best security controls, attackers continue to breach systems. When preparing and applying for cyber roles, job seekers who keep the human element in mind are often better equipped to defend organizations from attack. They also may be better equipped to help business leaders understand why cybersecurity strategy deserves board-level attention.

For hiring managers, this means getting creative when it comes to recruiting, hiring and retaining cyber talent. New research from InfoSec Institute shows 92% of hiring managers are regularly challenged to fill open cybersecurity positions at their organizations. Because unfilled cybersecurity positions represent a real business risk, it’s time for cybersecurity hiring managers to consider alternative ways to fill these open roles. This could include working closely with local colleges to establish internship programs, helping existing employees reskill into cybersecurity roles or removing unnecessary job requirements like four-year degrees and non-inclusive language from job descriptions.