Hewlett Packard Enterprise Co.
, doesn’t believe in the cybersecurity talent gap. Instead, he says, the problem is more of an experience gap.
Professional organizations such as the International Information System Security Certification Consortium, or (ISC)2, estimate that around 2.72 million cybersecurity professionals are needed globally. Around 600,000 positions in the U.S. alone are unfilled, according to industry surveys.
Yet those jobs often come with stiff, and sometimes unreasonable requirements. Top employers regularly ask for years of experience, advanced degrees and numerous professional certifications, which some chief information security officers are starting to believe masks the true potential of existing workforces.
After joining HPE in March 2021 from the CISO role at Unilever PLC, Mr. Ford started a program that actively seeks out candidates who may be passed over because they lack the experience required to land entry-level jobs in the field, who are viewing cybersecurity as a new career path or who may find it difficult to gain employment. This includes people working in unrelated fields such as driving a school bus or acting, those who ran restaurants that closed during the coronavirus pandemic or the recently incarcerated, he said.
“We all know someone who simply needed an opportunity. And if you look at this shortage of qualified employees and this need that we have for an opportunity, we put the two together and came up with the Career Reboot Program,” he said.
Over a six-month intensive course, candidates in the program are paid while learning the nuts and bolts of cybersecurity work by embedding with various cyber functions within HPE, taking on project-based work and being mentored by company staff. During the course, they apply for jobs within the company. Mr. Ford said this approach not only benefits the candidate but also HPE, in that the hope is those who go through this course will then stay at the company long-term, in an environment where cybersecurity professionals are frequently poached by other companies.
The first cohort of five participants, most of whom joined in the past few weeks, includes
Born in the U.K., Ms. Oyenuga spent her early childhood in Nigeria before moving to the U.S. at the age of 12. After graduating from the University of Pennsylvania and later attending Insead, a graduate business school based in France, until 2003, she spent her first career in marketing, eventually working for
British American Tobacco
PLC in Lagos and a number of agencies.
The crossroads came for Ms. Oyenuga when she decided to take time off to start a family. While her plan was to take a couple of years off, she ended up raising two daughters over a decade. When she was ready to re-enter the workforce, she found she wanted something else.
“I wanted to do something new that I was passionate about and I gave serious thought also to what kind of role model I wanted to be for my daughters,” she said.
She said that cybersecurity became a leading choice of career for her, given her proximity to the federal government while living in Virginia and the stories she had read about the number of cyber professionals that the industry needed. After taking a virtual course to see if she had a taste for the subject, she heard about the HPE program and was one of over 100 applicants for the first cohort.
Since joining in March, she has worked with staff members in areas such as business resilience and global security. She has also worked on projects related to vulnerability assessments and joined the women’s group at the technology company.
“We as a team of apprentices very much feel that we are the foundation, and this program will be what we make it. So we want to pay it forward,” Ms. Oyenuga said.
For Mr. Ford, the program has its genesis in his own background. At 16, he said, he joined the U.S. Army, where one of his first postings was to South Korea, assigned to categorize floppy disks. The work was unglamorous, he said, but it exposed him to cybersecurity as a career path.
From there, he joined the Pentagon’s first Computer Incident Response Team and after leaving the military, served as CISO for companies such as pharmaceuticals giant
“It’s the military model: We can train you,” he said, describing his new program at HPE. “I wasn’t as successful as I’ve been in cybersecurity because I was born with the knowledge. I had to learn it, everyone has to learn it,” he said.
The program at HPE is one of several initiatives launched by the private sector in recent months to tackle a growing perception that the U.S. is lagging behind other countries in establishing a pipeline of trained cybersecurity workers. Increasingly, companies and government agencies are considering more diverse pools of candidates, along with those who don’t have traditional four-year degrees in engineering or computer science.
“We’re talking more and more about maybe you don’t need a four-year college degree. Maybe we have to invest more in apprenticeships because this practical experience becomes so important,” said
chief of staff at the Cybersecurity and Infrastructure Security Agency, during a panel discussion at the RSA Conference in San Francisco this month.
At the conference, technology companies and venture-capital firms in San Francisco announced plans to raise money to fund cybersecurity education at Bay Area colleges for a year, while in August 2021 various major companies committed resources to improving cybersecurity training after a White House meeting.
Mr. Ford said that HPE is planning for the next cohort of candidates, and that a greater sample size over time will determine how effective the program is. The ultimate validation, he said, will be if one day a graduate ends up in his job. For his part, he hopes that his peers at other companies will replicate what is being done at HPE.
“We could keep going down this path of taking talent [from other companies] but I would much rather create talent,” he said.
Write to James Rundle at email@example.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8