Careers & People

12/3/2018
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Filling the Cybersecurity Jobs Gap Now and in the Future

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

At the beginning of the year, the World Economic Forum (WEF) released its annual Global Risks Report, in which the organization outlined the greatest risks to businesses around the world in 2018. Unsurprisingly, cyberattacks and data breaches both ranked in the top five.

The report is simultaneously doubtful that its findings will have any effect on the current cybersecurity skills gap, which is estimated to result in 3.5 million unfulfilled cybersecurity jobs by 2021. The bottom line is that cyberattacks continue to increase in scope and frequency, and we simply don't have the manpower to address them.

This is a critical moment, and now is the time for us to act. Enlisting the next generation of skilled cyber professionals, as well as training existing employees, will help us build stronger defenses and restore confidence among Americans worried about their — and our nation's — cyber safety.

The Issue at Hand
If demand for cybersecurity talent continues to increase, then we must strengthen our commitment to educating and training society in this domain as early as possible.

Luckily, today's young adults are increasingly aware of and interested in cybersecurity jobs. At the same time, there's been an increase in the number of cybersecurity-related courses and degrees offered at universities. In fact, some universities are collaborating with the private sector to build a new curriculum that more directly meets workforce need.

The bad news is that on-the-job training is scarce, mostly as a result of limited budgets and unclear roles and responsibilities. If organizations continue to fail at providing both non-cyber and cyber employees more formal training, businesses as well as policy and technology leaders agree that there will be serious implications for the world's security, safety, and economic stability.

How We Move Forward
Many employers falsely believe that those interested in a career in cybersecurity must first have a penchant for technology. The truth is, as Marc van Zadelhoff, general manager of IBM Security, pointed out in the Harvard Business Review, "unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks" are all qualities that would make anyone well suited for a career in cybersecurity. Employers must start broadening their search to include people with the right traits, rather than the right skills, in order to start closing the workforce gap.

This is particularly important for attracting midcareer professionals looking to make a career change. Many of these people exist but don't have the time or money to return to school for another degree. While their previous career path or degree may at first seem irrelevant, they are likely to bring new experiences and perspectives that would make them an ideal candidate.

Filling 3.5 million jobs by 2021, however, will require more than hiring midcareer professionals. Everyone today, regardless of the industry or position they work in, has a digital presence and must have an understanding of how to protect themselves, as well as their employers, online. To successfully grow cyber talent across industries, we must not focus solely on those who have specific cybersecurity skills. Rather, it should be the goal of every organization to arm those working in finance, communications, product, or even HR with cybersecurity knowledge. Cybersecurity is simply too complex for there to be only one individual appointed as the expert.

Enhancing cybersecurity awareness in the workplace starts with education, beginning in elementary school and continuing all the way through college. Both parents and teachers need to encourage young children to take part in cyber challenges or enroll in programs like GenCyber, which aims to help kids understand safe online behavior, and Think Like a Programmer, Girl Scouts of the USA's new computer science curriculum.

The consequences of the cybersecurity talent gap have never been more serious; we must have a strong, informed, and ready pool of young adults capable of taking the lead for decades to come. To get there, we must encourage even more awareness and interest, enrichment activities, and career exploration incentive programs. If we do so, the improvement in closing the skills gap we're already seeing will increase tenfold.

Related Content:

John DeSimone, VP, Cybersecurity & Special Missions, Raytheon John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence, Information and Services (IIS). He is an experienced cybersecurity and technology executive working within corporate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So now we are monitoring the monitor?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20145
PUBLISHED: 2018-12-13
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
CVE-2018-12076
PUBLISHED: 2018-12-13
A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar c...
CVE-2018-18922
PUBLISHED: 2018-12-13
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
CVE-2018-18923
PUBLISHED: 2018-12-13
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
CVE-2018-19039
PUBLISHED: 2018-12-13
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.