Why Employers Should Embrace Competency-Based Learning in Cybersecurity

There is a growing movement toward increasing the use of competency and skills-based education and hiring practices in both the public and private sectors. For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls upon the Federal Government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position”—resulting in “merit-based reforms that will replace degree-based hiring with skills- and competency-based hiring.” Similarly, the Principles for Growing and Sustaining the Nation’s Cybersecurity Workforce emphasizes the importance of expanding the pool of candidates by discontinuing the use of degrees as a mandatory requirement for jobs and revising job postings to be more transparent around the skills needed to perform and thrive in the role. While employers and education and training providers are getting increasingly on board with a shift toward prioritizing cybersecurity competencies and skills, getting the two ecosystems to work together to close the education-to-hiring gap continues to be a challenging and slow-moving mission.

Competency-based education allows students to verify their skills and earn credentials by demonstrating what they know instead of spending a required amount of seat time in class to accumulate credit hours. With every competency assessed, students understand the value of their effort against targeted job roles and when armed with this intelligence they can build their careers in real time while also continuing to attain high-value credentials. Often, when students enroll in a degree or certificate program, they have already acquired a significant work history related to their field of study. Competency-based education gives credit where credit is due, allowing students to use prior knowledge and professional experience to accelerate in their program and qualify for employment opportunities. This model is particularly ideal for adult learners, who often enroll in programs with different levels of knowledge and experience, as well as a wide variety of preferred approaches to balancing school and work.

Employers must actively invest in their workforce to maintain competitive teams. That increasingly means deeper and more strategic partnerships with higher education—or with new education and training providers that are willing to be part of the solution. Competency-based education and hiring is a more objective, equitable and efficient way to connect today’s jobseekers with available career pathways through a shared skills language. While more traditional degrees are still a powerful engine of social mobility, they’re not the solution to every talent supply chain challenge. We must embrace new routes to opportunity including short-duration, on-the-job, and apprenticeship programs that can be expanded rapidly and stack into greater and greater degrees of value.

Employers will also need to shift the paradigm of how they hire. The significant staffing shortage relative to the volume of talent available necessitates casting a wider net. Speed to hire and availability of candidates are two primary drivers. Employers are shifting their focus to transferable capabilities to close both gaps. In some cases, moving away completely from requiring academic degrees and building in-house training opportunities to meet the specific technology needs allows for a wider pool of talent in a timelier manner.

Many recruiters and hiring managers now avoid a “checklist” approach for qualifications in favor of evaluating applicable, transferable interests and capabilities. Certifications or degrees are foundational and highly valued, but the competencies can also be equally as important as employers evaluate how candidates have applied life lessons and demonstrated soft skills in their everyday life. If they can demonstrate a capability to learn, many employers are more agreeable to invest in training.

One consideration to increase interest and to bridge the gap between employers and job seekers is to ensure that job requirements include more inviting language and marketing of the cybersecurity opportunities. With the pivot to competencies and skills-based hiring, ensuring prospective candidates avoid self-selecting out of the application process is a first step. Therefore, it is important to encourage job seekers to understand how relevant and applicable their current skills and experiences are, even if they don’t have specific “cybersecurity” credentials or experience.

In evaluating candidates, it’s important for employers to look at how they utilize assessments in the interview process. These assessments should occur early in the process and reflect what someone might do on the job. One example, when hiring a Technical Support Engineer, is to have the assessment simulate a ticketing queue to observe how someone operates with efficiency, or a security research assessment tool might look at how someone worked through a problem, not just if they “got it right.” It would also be important to assess teamwork and collaboration, looking at how hiring teams and candidates can work on small challenges together to gauge both technical and soft skills at the same time.

Broadening our understanding of what competencies and general skills qualify a person to step into a cybersecurity job can help all employers by allowing them to take a broader view of the talent pool. Additional investments will be needed to develop talent in-house, including coaching and mentoring from within the business. Increasing collaboration and partnerships between employers and education and training providers will allow us to transform learning and modernize talent management to meet today’s cybersecurity workforce needs.