HTB study finds gap in university education and hiring criteria with cyber roles

New research conducted in the UK and US reveals that over three-quarters (78%) of cybersecurity and IT professionals believe a traditional university education in cybersecurity is not doing enough to prepare graduates for the modern workforce. Meanwhile, nearly two-thirds (64%) of cyber industry professionals say current recruitment processes inadequately assess candidates' practical skills. 

This is according to a new study called ‘Securing the future of cybersecurity: From classroom to every career stage’ from Hack The Box, a leading cybersecurity upskilling, certification, and talent assessment platform.  

Higher education needs to adapt to modern threats 

The research highlights a gap between the essential practical skills required to combat modern cyber-criminals in the workplace and the expertise cultivated within university education. An overwhelming 90% emphasize the need for cybersecurity and computer science graduates to be prepared with hands-on, practical experience before their first role. 

Yet, over three-quarters of respondents express concerns about university education meeting this requirement, a worry that rises to 83% in the UK. The study highlighted that amongst all surveyed groups, those entering the cybersecurity field at ages 18-24 felt most strongly that traditional education isn't fully equipping them for the workforce.

Haris Pylarinos, CEO and co-founder at Hack The Box, says: “Universities worldwide excel in laying the groundwork for cybersecurity careers. However, the game has changed in the industry. Cybercriminals don’t play by the rule book and are, therefore, always one step ahead. University curriculums need to adapt by prioritizing hands-on learning experiences focused on real-world criminal techniques, concurrently instilling the hacker mindset in students - the next generation of cybersecurity professionals -  fostering the ability to think like attackers and increasing their creativity and engagement while enhancing their proactive and reactive approach to the various cybersecurity challenges. It's particularly concerning that our research shows recent graduates are entering the workforce unprepared. This underscores the need for a change in the education system that will help rebalance the scales in favor of professionals.”

Red tape and outdated recruitment processes plaguing the industry

A similar pattern occurs within businesses' assessments, with 64% asserting that existing recruitment processes inadequately assess candidates for their practical skills in addressing ever-evolving cyber threats. 

Yet, when surveyed, cybersecurity professionals clearly prioritize practical skills and experience over traditional education for newcomers entering the industry. Specifically, they place greater emphasis on cybersecurity-specific certifications (47%), followed by relevant work experience (42%), practical experience gained from CTFs or hacking competitions (41%), and self-taught initiatives (36%). University degrees are ranked as of the least value for them when it comes to assessing cybersecurity and IT talent for a role.  

Untapped talent pool waiting in the wings 

The emphasis on conventional learning methods is acknowledged as a contributing factor to the industry's talent shortage. In fact, 80% of global professionals attribute the primary entry barriers in the field to favoring degrees over real-world, practical experience.

Pylarinos continues: "Our industry grapples with its most significant global shortage, currently at 4 million. Traditional recruitment processes only fuel this problem, creating red tape for capable individuals waiting in the wings to fill the gap. Relying solely on university degrees is no longer effective; assessments must equally emphasize testing candidates against real-world threats. Companies valuing practical experience and embracing talented, ethical hackers with hands-on experience will be best placed to succeed.”

Reshaping recruitment 

The study highlights key areas the cybersecurity community feels need improvement within current talent processes. For example, 48% of cyber professionals want to see closer collaboration with recruitment and HR teams, and 46% advocate prioritizing relevant hands-on experience over formal degrees. Additionally, 39% suggest integrating practical assessments into interviews.

As a result, Hack The Box calls for a change in university education and recruitment processes, with practical learning and assessments as the cornerstone of education and talent strategies. 

Methodology Hack The Box commissioned an independent market research company, Censuswide, to survey a sample of 3,000 IT and cybersecurity professionals in the UK and the US between the dates of 20th October and 30th October 2023. Unless stated otherwise, all figures were drawn from this poll.

DOWNLOAD THE REPORT