9 Reasons to hire an InfoSec candidate without experience: Focus on skillset vs. experience

March 31, 2020  |  Daniela McVicker

This blog was written by an independent guest blogger.

$37-$145k jobs for InfoSec specialists without experience. Hiring immediately.

This is what a simple internet search has to offer for people looking to get entry-level jobs in Information security (InfoSec), or cybersecurity. It seems like a good deal, considering that the requirements for candidates are much lower compared to many other jobs.

But hold on a second, why are employers willing to pay so much money to someone who has little or no experience?

There are at least nine legit answers to this question.

Below, I’m going to describe these reasons to help employers understand why hiring InfoSec candidates without experience is a good idea.

9 Reasons to hire an InfoSec candidate without experience

1. Talent shortage

There’s a shortage of skilled InfoSec professionals in all industries, which leaves valuable data more vulnerable to cyberattacks (and keeps companies looking for talent).

Surveys and studies suggest significant shortages already. According to iSC Cybersecurity Workforce Study 2019, for example, the global cybersecurity workforce gap is about 4.07 million.

iSC cybersecurity workforce study

The report suggests that the current cybersecurity workforce needs to increase by 62 percent to meet the needs of businesses.

That’s why organizations and businesses are taking the initiative by reducing the barriers to enter the field for young specialists.

2. Cyberattacks are becoming more frequent and successful

The global cost of cybercrime in 2018 alone was estimated to be over $45 billion, and this amount rises every year. Three kinds of attacks - ransomware, spoofing/BEC, and spear-phishing - have seen the most increase, says AT&T Cybersecurity report.

increase in attacks

Besides, the attacks are becoming more sophisticated and successful (according to AT&T):

  • The average cost of a one successful cybersecurity accident involving data loss increased from $4.9 million to $7.5 million
  • 88 percent of cybersecurity professionals have reported an increase in threats in the past year
  • Cybercrime is becoming commercialized, meaning that criminals sell attack components on the dark web
  • A person without coding knowledge can now launch and relaunch a sophisticated cyber-attack thanks to tools and code sold online.

3. The requirement to have a degree isn’t regulated by anyone

Unlike fields like medicine where one must have a degree to practice the profession, InfoSec entry-level specialists can freely begin their careers without one. The risk of being outcompeted by those with an academic degree in cybersecurity is lower compared to other fields.

For one, a lack of a degree in cyber-security doesn’t affect the salary.

According to the 2020 Cybersecurity Salary Survey, 55 percent of individuals working as a cyber “security analyst/threat intelligence expert” without a degree earn between $51K and $90K.

salaries with no academic degree

Credit: 2020 Cybersecurity Salary Survey

This finding was similar across many other professions, including penetration tester, network security engineer, security/cloud architect, and security director, says the survey.

4. Certification is almost just as good as a college degree

A certificate serves as a good option to prove one’s knowledge in cybersecurity. Nowadays, a cybersecurity certificate is given to people who have successfully completed an educational program, offered at both the undergraduate and graduate levels.

With the lack of manpower in the industry right now, just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job,Forbes quoted a VP of a major cybersecurity firm, as saying. “Those that are proficient will rise rapidly.”

So, one doesn’t really need to go to college and get a degree to prove their expertise. However, getting just any certification won’t do the job, either. One needs to pass an exam and learn the latest cybersecurity tools and technology to improve their position in the labor market.

5. Anyone can learn Cybersecurity online

There’s a lot of reliable online courses on cybersecurity available, so anyone can get good knowledge without going to college and getting a degree. They range from very basic programs involving simple tasks like security checks and website reviews to advanced, graduate-level courses.

Organizations as serious as the National Science Foundation (NSF) agree that having a degree isn't mandatory.

In government, there’s a real need around cybersecurity. You don’t necessarily need a bachelor’s degree in computer science,” Vic McCrary, chair of NSF’s Task Force on the Skilled Technical Workforce, said. “What we want is to get some of those white hat hackers working with our intelligence agencies and securing data.”

6. Quality beats experience

Across a wide range of cybersecurity positions, professionals with little experience receive equal salaries to those with many years of experience.

This is one of the main findings from the 2020 Cybersecurity Salary Survey. Accordingly, employees who worked in the field for 3 years or less can earn as much as their counterparts with 5 years of experience.

Employers are hiring and incentivizing entry-level cybersecurity specialists when they meet their goals, whether during the training program or in the workplace,” says Jim Duncan, an IT Specialist from All Top Reviews. “And this trend is likely to stay for a long time.

7. You can get access to talented candidates with a college program

Many companies already have programs and agreements with colleges and universities to hire the best-performing participants. The purpose of these programs is to introduce students to the profession and help them gain important real-world cyber experience.

Many participants of college cybersecurity programs eventually go on to fill entry-level positions in companies. This way, businesses reduce the impact of talent shortage, as they teach students the skills they need to keep their data safe.

8. Hiring an entry-level specialist is better than losing data

If there’s no InfoSec system in place, chances that you’ll lose valuable data increase, therefore, the costs for your business could be way higher.

As mentioned above, cyber-attacks are getting more frequent and sophisticated, so businesses need to look for fast ways to up their security. Hiring certified entry-level specialists could be a quick and effective way to achieve this goal.

9. Be more reliable and get more customers

Having effective cybersecurity protection means responding appropriately to customers’ concerns. According to Marketing Dive, nine out of 10 U.S. online shoppers worry about personal data security and 34 percent also don’t trust companies with digital privacy.

So having a robust cybersecurity strategy could help to build an image of a trustworthy business. As personal data security becomes a tremendously important value proposition in modern business, companies investing in cybersecurity should have a better chance to reduce the impact of cybercrime on their reputation.

The bottom line

These are the nine reasons why companies are willing to invest in hiring InfoSec employees with little to no experience.

With the talent shortage and cyber-attacks continuing to hurt businesses, they will look for more ways to improve their cybersecurity strategies. Since entry-level specialists have already proven their worth, hiring them is becoming a major goal for many recruiters.

Share this with others

Get price Free trial