The Best Path to Cybersecurity Careers: Conferences, Certifications or College?

This subject is a part of my dissertation and a chapter I wrote for the Refractive Thinker. From my research what I found is that there is a mismatch between what employers want in a cybersecurity professional and what is available. If you look at job postings, especially for government contract jobs, there are education requirements, certification requirements and in some cases experience requirements. For the majority of the available jobs, the candidate would have to meet these requirements before they are considered for a job. Hiring managers can't hire them, even if they are proven cybersecurity professionals if they don't meet the requirements of the contracted position. Each contract is different so there could be a grace period to allow new employees to finish college or take a certification exam, but in general, the candidate has to come to the job already qualified. Conferences are good for networking. Networking is essential. I've learned that it's not always what you know or who you know, it's about who knows you. Here is a link to the book if you are interested in my interpretation of the problem and a few solutions.
https://www.amazon.com/dp/B0718Y9B4Y

The biggest difference with IT to other sciences is that IT changes so rapidly that there is no way to stay current. A college degree lays a sure academic foundation but staying current means constant learning in the field with conferences and certifications.