Cybersecurity Worker Shortage & What We Should Be Doing About It
Posted: June 22, 2016 / Author: Dror Liwer
Let’s face it. Cybersecurity professionals are a rare commodity, and the demand for qualified workers in this field is, by many measures, at an all-time high. With more than one million cybersecurity job openings to fill this year, executives and hiring managers are scrambling to find, and retain the right resources to safeguard our networks and enterprises.According to a recentmarket report, cyber attacks can cost global businesses $400 to $500 billion per year, with substantial costs attributed to post-attack damage and recovery from disruptions in business operations.Rebuilding from these attacks puts an undue strain on retail, financial, corporate and government entities to regain their losses, restore their reputations, and prevent and mitigate future attacks.Why the shortfall?Firstly, not all agree that there is indeed a shortfall.Tech company layoffs indicate that there are more qualified workers than there are open positions. Still, with a seemingly never-ending cycle of cyber-attacks, there’s no denying the recent shift in focus to obtaining more cybersecurity professionals, and the numbers support claims of a shortage.On the flip side, theCisco 2015 Annual Security Report warns that the worldwide shortage of information security professionals is at one million openings, even with cyberattacks and data breaches increasing each year.[Tweet "In the U.S., more than 209,000 cybersecurity jobs are unfilled,"] and postings are up 74 percent over the past five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics. By 2019, the demand is expected to rise to six million globally. As a result, executives and universities need to devise creative strategies and collaborate to combat this labor epidemic.Hiring managers and executives across all industries grudgingly admit that they cannot find suitable candidates to fill open positions, and a number of factors contribute to the shortage of qualified professionals.Cybersecurity expert Ira Winklerdisagrees with the widely-held thought that there’s a shortage of skilled workers. Instead, he believes plenty of people graduate from cybersecurity programs but they lack the technical chops for not just entry-level security positions but any computer-related entry-level position. Instead of earning a specialized degree in cybersecurity, Winkler recommends cybersecurityaspirants first get a job doing general computer work to learn how to administer and configure a computer system so they can eventually understand how to effectively secure it. Still, many experts believe that specialized training for future cybersecurity professionals needs to start even earlier: in college. A Call for Colleges to Teach CybersecurityChristopher Young, vice president of Intel's Security Group, believescybersecurity isn’t a priority in U.S. colleges and calls for his industry to reach out to academia to explain the importance of reconfiguring curriculum to focus on cybersecurity training. “We just have to get after this problem,” he said. “Students will tell you that even if you're a technical major in college, cybersecurity isn't a core part of the curriculum.”Educators such as Northeastern University’s David Kaeli agree that cybersecurity has to be taught but should be integrated with other subjects, regardless of the area of study and not just in the technical realm. “Security has to be a topic that’s covered, whether you’re teaching a digital design course or you’re teaching a programming language course or an operating course,” Kaeli toldPBS NewsHour. As a result, Northeasternoffers cross-disciplinary degrees in cybersecurity as well as scholarships for students who serve two or three years in federal, state and local government cybersecurity jobs. Also, the university’s Research Institute for Homeland Security gives students an opportunity to solve real cybercrimes in the programs it offers.Similarly, Britain’s Engineering and Physical Sciences Research Council (EPSRC) funds programs such as Royal Holloway’s Centre for Doctoral Training (CDT) in Cyber Security. Through a multi-million pound EPSRC grant, CDT has partnered with industry leaders like IBM, McAfee, Thales, Vodafone and Logica in an effort tofoster a cohort of new security warriors whose job will be to protect the global computing ecosystem of tomorrow.Government Initiatives Aim to Fill the GapWith much discussion about a cybersecurity job shortage, it would seem that hackers have the upper hand, but the war against cybercrime is far from over.In the U.S., President Obama has increasedfederal cybersecurity funding for the 2017 fiscal year by $5 billion, making cybersecurity a top priority and matter of national security. In addition, the White House will soonhire its first Chief Information Security Officer (CISO), and $3.1 billion has been allocated for upgrading technologies and networks across various federal agencies.Britain’s government is on a similar path with its “Cyber Safe” initiative for cybersecurity startup businesses. In an effort to promote the U.K. cyber security industry,this “first of its kind” program will give entrepreneurs the skills they need to develop, test and validate the commercial viability of their ideas and transform them into businesses.Rent-a-Professional Until Help ArrivesUntil students are old enough to enter the workforce, other solutions are needed. For example, cyber-staffing firms with professionals “for rent” are on the rise, providing the much-needed supply to meet the ever-increasing demand. IBM offers its seasoned professionals via its CISO-as-a-service, IBM Security Services. Positioned on-site or virtually, a strategically placed IBM employee can serve as CISO for short-term or multi-year assignments. Basically, the CISO is “on loan” for as long as a company needs them.Internships and apprenticeships, such as those offered throughVirginia’s Department of Labor and Industry are also viable options that will allow business to grow their security-based workforces. The Virginia program offers state funds to companies to offset cybersecurity training, providing up to $1,000 per year per registered apprentice, or $10,000 per company.Until the one million vacant cybersecurity positions are filled, recent events predict that cybercrime will only continue to increase. A strong attempt to draw more qualified professionals by industry, government and academia hopefully will eliminate the shortfall. But if your organization will be in need of cybersecurity professionals before then, it’s time to think outside the box until the cavalry arrives.