How to fill the massive cybersecurity workforce shortage
Cybersecurity skills are in growing demand, but decreasing supply. Key takeaways from an event Passcode hosted in Washington about closing the skills gap.
Michael Bonfigli/The Christian Science Monitor
As many as a million jobs in cybersecurity remain unfilled around the world – but somehow, the massive shortfall in skilled talent hasn’t made it any easier to break into the field, especially for women, millennials, and people of color.
That challenge has led the government, schools, and companies to think outside the box in efforts to bring on new talent. Top officials from the Department of Homeland Security have traveled to hacker conferences such as Black Hat and DEF CON to recruit talent. In January, Vice President Joe Biden and Energy Secretary announced a that the federal government would budget $25 million to train students at historically black colleges for cyber jobs. There are also a slew of degree and certificate programs available for people hoping to jump into this often high-paying field.
Those efforts are a start, but they aren’t likely to fix the deficit of cyber professionals in the near future.
On Wednesday, Passcode and the National Cybersecurity Alliance (NCSA) hosted an event in Washington featuring officials from the Department of Homeland Security and companies such as Raytheon and Symantec talking about ways to address the skill shortfall in both the government and private sector. The full video of the event is available here.
Here are three things we learned:
1. Creativity is key
One way to bring in new talent at the student level: Create fun challenges, not just homework. Arizona State University, for instance, gives students the opportunity to engage in team hacking competitions, poke around the Dark Web, and engage in other sorts of behavior that could typically be considered mischief.
Curiosity is a sign of great things to come, said Nadya Bliss, director of the school’s Global Security Initiative, which offers programs in cybersecurity at the undergraduate, graduate, and PhD level. "If [a student] actually [starts out] as a hacker, that may actually lead to someone who does very sophisticated problem solving," Ms. Bliss said. "[That] elevates to leading a team and hacking a big project which potentially leads to a leadership position."
2. Industry partnerships help
But even though schools have gone far beyond book learning, more academic opportunities haven’t made the workforce more diverse. A study commissioned by Raytheon and NCSA released earlier this week shows a significant gender gap in terms of cyber education among a random sample of young adults aged 18 to 26 in a dozen countries. More than 74 percent of women polled didn’t think they had enough opportunities to study cybersecurity, compared to just 57 percent of men.
Cecily Joseph, vice president for corporate responsibility and chief diversity officer at Symantec, which offers several pipelines that train students and young professionals, acknowledged that the company couldn’t hire everyone it trains in those programs. Symantec only has a limited number of slots, Ms. Joseph said, so it needs industry to scoop up some of that talent and make sure the newly qualified workers get jobs.
"We’re not going to be successful without industry being a partner along the way," Joseph said. "Because it's other companies that are providing internship opportunities, it's nonprofits that are our training partners, providing training and curriculum guidance along the way."
Diversity can also be improved, according to Lisa Foreman Jiggetts, the founder of the Women’s Society of Cyberjutsu, a nonprofit designed to get women into cybersecurity jobs, by finding alternative means of hiring, such as mentorship and training programs.
3. Trust is essential
Hiring hackers isn’t as simple as it sounds. To work at the Department of Homeland Security or a big contractor such as Raytheon, technologists need to get through extensive background checks, adding to the recruiting headache for both sides.
"[The] majority of our cyber professionals have at least a top secret security clearance," said Darren Burton, vice president of Human Resources at Raytheon. "So to be able to find people that have the skills, and also have the kind of ethical behavior and the ability to be able to get the kind of clearances we need makes it that much more difficult." Even though there are opportunities to do government work outside of the cleared space, Burton acknowledged that they can be few and far between.
To build trust, Ben Scribner, director of the Department of Homeland Security’s National Cybersecurity Professionalization and Workforce Development program, said both the government and contractors need to engage with tech-savvy youngsters before they’re drawn into black hat hacker communities. That could mean doing outreach when in middle school and high school, before the allure of joining a hacker community takes over.