The Myth of the Cybersecurity Archetype

There are false perceptions about who can become a cybersecurity professional. They stem from the myth of the cybersecurity archetype. Some people think all cybersecurity professionals are a guy named Chad, who got a degree in electrical engineering from Stanford. He worked as a systems administrator for a couple years, then as a network engineer for a few more, before becoming a SOC analyst. Chad comes from a very technical, hands-on background and learned the soft skills required of cybersecurity professionals later.

This archetype is dangerous, because it’s limiting. What about Luis, a lawyer who discovered after law school that he doesn’t actually like being a litigator? What about Samantha, a high school graduate with a passion for technology? What about Oti, who studied international affairs before discovering cybersecurity as a career opportunity?

Don’t let the myth of the cybersecurity archetype discourage you. It is after all, a myth.

Some cybersecurity professionals have similar backgrounds to Chad. However, cybersecurity is a wide career field and there are also professionals with backgrounds similar to Luis, Samantha, and Oti.

We can’t let the myth of the cybersecurity archetype dictate, who we target in recruitment. According to (ISC)2 in 2019, there was a shortage of 3.12 million cybersecurity professionals globally. There was a shortage of approximately 376,000 professionals in North America alone. The industry is not going to fill that shortage solely by pursuing a bunch of people like Chad. It simply doesn’t scale.

We also can’t let the myth of the cybersecurity archetype dissuade quality candidates from pursuing careers in cybersecurity. That diversity of experience and perspective is exactly what the field needs. When everyone has the same background, cybersecurity teams are less imaginative and can have big blind spots. Candidates with backgrounds similar to Luis, Samantha, and Oti (or any other variety of students and career changers) are exactly what the industry needs to fill its shortage.

If you don’t have that Stanford electrical engineering degree or years of networking experience, that’s okay. Your resume doesn’t need to read like Chad’s to pursue a cybersecurity career. Don’t let the myth of the cybersecurity archetype discourage you. It is after all, a myth. Cybersecurity has plenty of professionals from a variety of backgrounds. We need to continue to promote that diversity of experience, if we’re going to have any change to closing the talent gap.