This October will mark the eighth annual celebration of cybersecurity month at SAP and the 20th annual cybersecurity awareness month in the U.S.
This cybersecurity month is especially noteworthy because the Biden-Harris administration recently recognized SAP in its newly announced National Cybersecurity Workforce and Education Strategy (NCWES). Developed with companies, academia, non-profits, and U.S. government bodies, the NCWES aims to reinforce cybersecurity as a top priority and address short- and long-term cyber workforce gaps. The cybersecurity industry is not only important to upholding national security, but to leading in a digital economy where our increasing reliance on technology will only foster a more complex cyber threat environment.
Persistent Pipeline Problem
As noted in a White House fact sheet explaining the new strategy, the U.S. has a persistent cyber talent pipeline problem that has continued to grow – with more than 750,000 cybersecurity jobs vacant in 2023. And it’s not just the U.S. that faces such a talent gap. According to Cybersecurity Ventures, there’s been a 350% increase in cybersecurity job vacancies globally from 2013 to 2021. In 2023, the number of unfilled cybersecurity jobs lands at a whopping 3.5 million globally. And the disparity between the workforce supply and demand is predicted to remain through at least 2025.
It’s a crisis, confirms Nora Clark, program lead for the Global Security Early Talent program at SAP. “The need is there…Attacks are always happening though people may not realize because they’re going on in the background…Every employee is a cybersecurity defender and can influence company security and compliance.” But for young professionals, it can be nearly impossible to start a career in cybersecurity, she explains. Many positions require years of prior experience. Not many universities offer degrees in cybersecurity, and there’s a large learning curve that’s hard to overcome without support.
That’s why Clark was charged with the task of creating a program at SAP to fill the need for early talents in the cyber space.
Global Security Early Talent Program at SAP
Inaugurated in June 2022, the two-year Global Security Early Talent program offers young professionals entry into the cybersecurity space at SAP through rotations with company security divisions such as Global Cyber Defense and Design, Physical Security, and Risk and Compliance; team workshops; and mentorships. Candidates who successfully graduate from the program are offered placement on a permanent team at SAP.
Clark chose to have the program span two years because cybersecurity has many applications and the knowledge may not transfer across teams. Two six-month rotations allow candidates to gain their footing and one 11-month rotation consists of completing a project with a cyber team at SAP. “This is why our program is designed differently than other programs,” she says. “People say it’s really hard to gain the knowledge and then apply it in a short amount of time. That’s why we provide the Global Security Early Talent candidates learning opportunities, mentorships, and more to support them in their cyber career journey.”
As a real testament to the initiative’s mounting success, candidates now have 43 different rotations to choose from. “I’ve thoroughly enjoyed the opportunity to rotate across various security teams, which has allowed me to delve deep into different security topics and build out my network,” Jacob Winemiller, Global Security Early Talent program participant, says. “As an early talent in this program, I’ve had the opportunity to work on interesting projects and contribute to meaningful initiatives. From day one, my experience has been nothing short of amazing.”
But the program is about more than just gaining the technical knowledge to survive in cybersecurity – it also focuses on developing soft skills like storytelling, presentation skills, and networking. “When we talk about the program, we’re not just talking about being technically skilled in cyber. We’re also looking to see if they are going to be our next leaders, the next experts in the security industry,” Clark explains. Adam Santilli, Global Security Early Talent program participant, confirms: “As trainees, we are encouraged to develop both our soft and hard skills. The opportunity to do that while being a part of three different teams has given me a unique view on security issues today. I have also formed personal and highly valued relationships throughout this process. They have helped me expand my comfort zone and develop my interpersonal skills.”
Setting an Industry Standard
When designing the program at SAP, Clark struggled to find information about early talent cybersecurity programs at other companies to learn from. “When we started this program, there were seemingly no other early talent cybersecurity programs out there. This type of cybersecurity program for people coming fresh out of college is unique.” Indeed, SAP was the only foreign entity recognized in the Biden-Harris administration’s NCWES announcement.
Clark hopes that with the recognition from the U.S. government and more information about the Global Security Early Talent program out there, more companies will establish early talent cybersecurity initiatives and work together to combat the industry’s workforce crisis. “In security, it only works if we communicate with each other,” she says, talking about both the many security teams across SAP and the cyber industry at large. “We all have the same issues and we all want to tackle the same thing. [With the program at SAP] we want to make sure the next generation of security experts have a tight-knit community where they can reach out to each other.”
Diversity is just as important as communication. It fosters fresh ideas in any industry, but in cybersecurity specifically diversity helps when addressing threats. Clark explains: “There has to be diversity because our adversaries are also diverse and we don’t know where they’re coming from or what their background is.” Likewise, the NCWES stresses the importance of empowering those currently underrepresented in the cyber workforce.
As a large, global company, SAP has a responsibility to prioritize cybersecurity – for itself and its ecosystem. When you add in the workforce crisis and the need for early talents to that equation, it becomes a no-brainer. “We’re continuing to build our program and support the cyber force,” Clark says. “Ultimately, we want to see how we can also help others.”
Gillian Hixson is an integrated communications specialist at SAP.