Council Post: Solving The Cybersecurity Talent Crisis Demands Public-Private Sector Collaboration
Global Resident Chief Information Security Officer (CISO) for Proofpoint.
The cybersecurity industry has been raising the alarm about the talent shortage for many years. The gap continues to widen, and according to the Cyberspace Solarium Commission’s CSC 2.0 Project, “the cybersecurity community is out of time.”
In 2017, (ISC)2 forecasted the shortage of cybersecurity professionals would reach 1.8 million by 2022. However, the number has surpassed that projection, as (ISC)2 now estimates the gap at 2.72 million. The future appears even bleaker. Aging Gen-X and Baby Boomers make up about half of the overall workforce, which means we’re bracing for a massive retirement wave within the next decade.
The situation has reached a crisis point, especially as the digital ecosystems grow more complex and the threats become more sophisticated. As the World Economic Forum (WEF) noted, “growing cyberthreats are outpacing societies’ ability to effectively prevent and manage them.” Solving this immense problem will take everyone’s involvement, requiring a concerted, strategic effort from both the public and private sectors.
It is great to see that workforce development is a priority topic in Washington. In July, the White House hosted the National Cyber Workforce and Education Summit, which focused on such topics as building a pipeline of untapped talent and greater investments in cyber education. One initiative announced at the event would create cybersecurity apprenticeships in the private sector. This is a great example of how the government and the industry can work together to close the gap—but we still have a long way to go.
Creating Inclusion And Improving Diversity
The cybersecurity industry, like many other institutions, has a diversity shortage. The field is predominately caucasian and male, with low employee counts from minority, underserved and underrepresented communities at most companies. This is where each company needs to do more: rethink what it means to be a security professional, challenge degree requirements, do more diversity hiring and make sure your workplace fosters inclusion.
Some ways to improve diversity are through such strategies as adopting diversity-driven employment practices and expanding cybersecurity leadership within your organization. Companies need not wait for a government program to promote inclusivity. This is something that security leaders can spark by using their political capital in their own organizations.
One major barrier to entry that the industry has created is the requirement for a college degree, which is also true for all knowledge work environments. We need to rethink the skill set required for a role, shift our mindset about what it means to be “eligible” to work in a cybersecurity profession and stop relying on a “paper” degree.
For those individuals who do wish to pursue a college education, community colleges are stepping up to offer new, more accessible cybersecurity training programs—and the industry is throwing its weight behind them. In California’s Bay Area, for example, nonprofit cyber training company NextGen Cyber Talent Inc. is leading an effort to infuse $1 million from venture capital firms and technology companies into cyber education at local community colleges. This is a great example of how the industry is working together to solve some of the most pressing workforce challenges.
Attracting More Women To The Field
Women comprised 47% of the U.S. civilian labor force in 2020, yet only 26% of computer-related occupations. The picture is similar in the federal government, where women represent 45% of the overall workforce but less than 30% of the IT workforce.
Hiring bias and pay inequality—along with the lack of female role models, leaders and advancement opportunities—could also play a role in discouraging young women from pursuing a career in the cybersecurity field. Women have to work much harder both to get hired and to advance their careers—which perhaps explains why 52% of women in cybersecurity hold postgraduate degrees, compared to only 44% of men.
Various organizations are striving to close the gender gap. The Executive Women’s Forum offers mentorship, leadership and scholarship programs to advance and develop women working in the information security, risk management and privacy fields. The Forte Group provides career development and advocacy for women executives in cybersecurity and newcomers. And others, such as CybHER, seek to develop an interest in girls at the primary education level. These are examples of how industry leaders can put their heads together to elevate women in cybersecurity. But individual companies and government agencies must join in providing growth opportunities for women within their own workplaces.
Sparking Interest At An Early Age
The interest in a career path starts with children as early as elementary school, and by middle or high school, many students will have made their decisions. Capturing their interest at an early age is one of the most effective ways to influence future generations of cybersecurity workers.
It is extremely important to implement the cybersecurity curriculum at the K-12 level, but that is not the only way to foster children’s interest in cybersecurity. We need to have more role models who can inspire these young minds, especially more women and minority leaders. Even at the individual level, each of us—teachers, parents and other influential adults—can plant the seed and grow the understanding among young people about the importance of cybersecurity and how that career path can make a difference in our world and society.
The Time To Act Is Now
Building a holistic strategy for cyber workforce development will require a great deal of effort, resources and discussions. It is encouraging that this is a hot topic at many cyber events, including the 2022 National CISO Policy Conference, an annual event held by the National Technology Security Coalition (NTSC) focused on national cybersecurity legislative and policy issues.
Indeed, the talent crisis is a national security problem. Currently, 63% of surveyed organizations report having unfilled cybersecurity roles and 62% have understaffed teams. As industry veterans with decades of experience retire, how are we planning to protect our organizations and our critical infrastructure?
No company or government agency can solve the problem alone—and neither can the public or private sector if they work independently. Only public-private collaboration can make a change and fill the shortage of cybersecurity skills.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?