Securing the Cyber Workforce
When we think about cybersecurity threats, we typically align them with financial institutions, government, or large commercial organizations. While these large targets often have the best cybersecurity systems, they are still falling victim to hackers, even with their security systems in place. In fact, the Federal Bureau of Investigation reported almost 300,000 cybersecurity crimes in 2013 alone, causing more than $525 million in losses.
Companies today have grown to expect cybersecurity attacks: more than half of information technology professionals in U.S. businesses say they expect attacks, but only 44 percent believe their organizations are actually prepared for such attacks.
At last month’s National Initiative for Cyber Education Conference in San Diego, California, Ben Scribner, Program Director of the Cybersecurity Education and Awareness Branch at the Department of Homeland Security, suggested what other experts have also purported: the next world war will be fought in cyberspace, if it isn’t already underway.
In addition to the systems and structures that protect against these looming and growing cybersecurity attacks, we need trained personnel to operate and understand these systems to ensure a robust defense. As more organizations have begun recognizing and addressing cybersecurity threats, the demand for cybersecurity talent has skyrocketed, and demand will only continue to increase.
Yet, we’re not prepared.
Young technology companies are particularly vulnerable and must make addressing this personnel need a top organizational priority. Most startups collect some element of personal data, which is often considered an asset, but if not managed appropriately can make the company a target, quickly turning their data into a liability. This reality should make all of us invested in whether companies – large or small – are equipped with the right personnel to secure our personal data.
Unfortunately, startups often overlook the need for data protection, or they recognize the challenges that cyber threats present, but simply hope to address them later due to resource demands or capital and funding scarcity. This situation is only compounded by the fact that large organizations are often more sophisticated at recruiting and attracting talent, leaving a limited number of available cybersecurity talent to be hired. While the number of cybersecurity job postings has increased rapidly over the last few years, the talent to fill these positions still falls short. In the Washington, D.C. region alone, a 35-percent increase in openings represented over 23,000 jobs in 2013. Today, more than 235,000 cybersecurity positions exist nationally and make up 10 percent of all IT openings.
The number of cybersecurity positions outpaces other IT positions three-to-one, and the challenge is that there are too few skilled people available or in the pipeline to meet the demands. The process of filling open positions has become unbearably lengthy, taking roughly 24 percent longer to fill than any other IT posting and 36 percent longer than job openings in other industries. The gap will only worsen as cybersecurity threats and demands rise.
If we don’t start to address our cybersecurity workforce challenges soon, we may never be sufficiently skilled to protect against the significant and growing global cybersecurity threat. How can we quickly and effectively prepare a workforce with the skills to meet the cybersecurity demands of today’s private and public sectors?
Building the Cybersecurity Workforce
First, we have to create widespread awareness of the types of cybersecurity jobs and the necessary skills and credentials for those jobs. People need to know that cybersecurity is a desirable and viable career option. A number of organizations, such as GenCyber and the National Cyber League, are trying to capture the excitement of working in the field in order to steer young people toward cybersecurity careers.
Reducing the barriers to entry for individuals to acquire the skills and credentials needed for successful cybersecurity jobs would also help greatly. We should clearly outline the requisites while reducing the time and money costs associated with acquiring these skills. Tech boot camps have been refining this model over the last few years and continue to grow in the U.S. and abroad with success in both student enrollment and job placement upon completion.
The reality is that without knowing the requirements, creating a meaningful career pathway is extremely difficult. The National Capital Region Cyber Security Task Force, for example, is a group of private, public, and non-profit organizations that have come together to develop a regional approach to address the cybersecurity employment challenge in D.C. The mission is threefold:
- Define job skills required for cybersecurity success.
- Develop clear career pathways.
- Increase awareness of existing programs and resources for folks interested in becoming cybersecurity professionals.
Additionally, employers need tools to evaluate talent that will allow them to rely less on traditional proxies such as the four-year degree. Employers have generally relied on traditional college degrees but are now expressing frustration with them. More than 50 percent of employers claim that graduates don’t have the necessary skills to fill their open positions.
To fill this gap, companies are developing innovative solutions to help employers assess available talent based on in-demand skills. Using these assessments, we at SkillSmart help to expedite the skills development of a workforce to meet industry needs and ensure a qualified pipeline of talent well into the future.
As the demand for qualified cybersecurity professionals grows as threats continue to multiply, we must work to ensure that the cyber talent pipeline is on track. Through spreading awareness of cybersecurity career paths, reducing the barriers for entry, and helping employers best evaluate job candidates, job seekers and employers will both benefit, as will all of us knowing our personal data is safe and sound.