Careers & People

12/3/2018
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Filling the Cybersecurity Jobs Gap Now and in the Future

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

At the beginning of the year, the World Economic Forum (WEF) released its annual Global Risks Report, in which the organization outlined the greatest risks to businesses around the world in 2018. Unsurprisingly, cyberattacks and data breaches both ranked in the top five.

The report is simultaneously doubtful that its findings will have any effect on the current cybersecurity skills gap, which is estimated to result in 3.5 million unfulfilled cybersecurity jobs by 2021. The bottom line is that cyberattacks continue to increase in scope and frequency, and we simply don't have the manpower to address them.

This is a critical moment, and now is the time for us to act. Enlisting the next generation of skilled cyber professionals, as well as training existing employees, will help us build stronger defenses and restore confidence among Americans worried about their — and our nation's — cyber safety.

The Issue at Hand
If demand for cybersecurity talent continues to increase, then we must strengthen our commitment to educating and training society in this domain as early as possible.

Luckily, today's young adults are increasingly aware of and interested in cybersecurity jobs. At the same time, there's been an increase in the number of cybersecurity-related courses and degrees offered at universities. In fact, some universities are collaborating with the private sector to build a new curriculum that more directly meets workforce need.

The bad news is that on-the-job training is scarce, mostly as a result of limited budgets and unclear roles and responsibilities. If organizations continue to fail at providing both non-cyber and cyber employees more formal training, businesses as well as policy and technology leaders agree that there will be serious implications for the world's security, safety, and economic stability.

How We Move Forward
Many employers falsely believe that those interested in a career in cybersecurity must first have a penchant for technology. The truth is, as Marc van Zadelhoff, general manager of IBM Security, pointed out in the Harvard Business Review, "unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks" are all qualities that would make anyone well suited for a career in cybersecurity. Employers must start broadening their search to include people with the right traits, rather than the right skills, in order to start closing the workforce gap.

This is particularly important for attracting midcareer professionals looking to make a career change. Many of these people exist but don't have the time or money to return to school for another degree. While their previous career path or degree may at first seem irrelevant, they are likely to bring new experiences and perspectives that would make them an ideal candidate.

Filling 3.5 million jobs by 2021, however, will require more than hiring midcareer professionals. Everyone today, regardless of the industry or position they work in, has a digital presence and must have an understanding of how to protect themselves, as well as their employers, online. To successfully grow cyber talent across industries, we must not focus solely on those who have specific cybersecurity skills. Rather, it should be the goal of every organization to arm those working in finance, communications, product, or even HR with cybersecurity knowledge. Cybersecurity is simply too complex for there to be only one individual appointed as the expert.

Enhancing cybersecurity awareness in the workplace starts with education, beginning in elementary school and continuing all the way through college. Both parents and teachers need to encourage young children to take part in cyber challenges or enroll in programs like GenCyber, which aims to help kids understand safe online behavior, and Think Like a Programmer, Girl Scouts of the USA's new computer science curriculum.

The consequences of the cybersecurity talent gap have never been more serious; we must have a strong, informed, and ready pool of young adults capable of taking the lead for decades to come. To get there, we must encourage even more awareness and interest, enrichment activities, and career exploration incentive programs. If we do so, the improvement in closing the skills gap we're already seeing will increase tenfold.

Related Content:

John DeSimone, VP, Cybersecurity & Special Missions, Raytheon John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence, Information and Services (IIS). He is an experienced cybersecurity and technology executive working within corporate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8939
PUBLISHED: 2019-02-19
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
CVE-2019-8935
PUBLISHED: 2019-02-19
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.