- MK Palmore worked in the FBI for 22 years and has been a director in Google's CISCO for about three.
- He told BI that cybersecurity roles are in high demand and there's a shortage of talent.
- Cybersecurity roles are needed across all business verticals and they're here to stay, Palmore said.
This as-told-to essay is based on a conversation with MK Palmore, a director in Google Cloud's office of the chief information security officer. This essay has been edited for length and clarity.
I'm a director in Google Cloud's office of the chief information security officer.
I've been at Google Cloud now for about three and a half years and Palo Alto networks before that. Before that I had a long and very extensive career in the US federal government comprised of 22 years in the FBI and another five years in the United States Marines.
Cybersecurity is one of the most dynamic career fields in the industry right now across all business variables.
Every company needs cybersecurity professionals. You will find a preponderance of us engaged in the technology space. You'll find cybersecurity leaders and practitioners working for agricultural companies, trucking companies, logistics, operations, and certainly in financial services.
When you become a cyber security professional and you develop the skills, you basically make yourself the go-to person or persons across all business industries. For those of us who have been trained and do have professional experience, because there are such small numbers of us, we've kind of had the lion's share of the opportunities presented to us.
I've been a particular observer of both threat landscape issues and issues related to the cybersecurity workforce for about 10 to 15 years now. I've seen the relative importance of the role of cybersecurity practitioners gain tremendous traction in all circles as we start to recognize the importance that our digital footprint and digital technology needs have on our ability to operate around the world.
The information that we exchange is so important from a privacy standpoint that the protection of information and the assets for which the information traverses has become a huge priority for businesses around the world.
As an entity, we want to make sure that we're positioned to help folks and protect these assets and the information that they have.
Cybersecurity demand isn't being met
One thing is clear: there are hundreds of thousands of positions open here in North America, probably more than a million globally. As industry importance continues to rise, the availability of talent continues to be a bit of a challenge across all industries.
What we're seeing right now in the industry is that we can't bring folks in fast enough. That means we're a little bit behind in terms of filling the pipeline with viable candidates.
There's no clear direct path into cybersecurity unless you are one of the rare people who has actually majored in the newly available cybersecurity majors in our educational system. Computer science, of course, has been around for a number of years but even that doesn't provide you a direct line to cyber security positions.
Most cybersecurity professionals have started their careers as IT professionals and at some point transitioned over. But, the fact of the matter is there still aren't enough people to feed the robust pipeline or open positions that we have.
Ideally, a candidate would be someone that has done the academic work associated with it or they gained certifications across the cyber security spectrum and have combined some level of practical experience. It doesn't have to be a ton, but there is a prejudice toward people who have hands-on experience.
The challenge with our industry is that hands-on experience portion can be a bit of a challenge to get for new entrants. That's where the gap continues to increase in terms of available candidates.
As an industry, we have to take a step back and start planning and making changes so that we're prepared for the challenges of the next three to five years, which means we need to make an investment in that pipeline.
We have a team called Grow with Google and some of the other teams internally here that pay particular interest to what people need to learn in a future state, and we invest time in building out courses, certificates, and opportunities for people to learn.
It's a field that's here to stay
I believe that cybersecurity roles will continue to flourish in terms of their relevance for a decade-plus to come.
We haven't even gotten to the point where we're talking about cryptographic challenges. In terms of post-quantum computing, cybersecurity is going to be relevant for a very, very long time.
People who decide early on in their careers to invest in it will benefit — and even if they choose to veer off into things like operations, marketing, or other aspects of business, all they gain from a cybersecurity standpoint will make them better business leaders.
I am certain that somewhere out there, there's a CEO-in-waiting who happens to come from a cybersecurity background because they understand the importance and role that technology plays in their ability to deliver business results.