Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

12/3/2018
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Filling the Cybersecurity Jobs Gap – Now and in the Future

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

At the beginning of the year, the World Economic Forum (WEF) released its annual Global Risks Report, in which the organization outlined the greatest risks to businesses around the world in 2018. Unsurprisingly, cyberattacks and data breaches both ranked in the top five.

The report is simultaneously doubtful that its findings will have any effect on the current cybersecurity skills gap, which is estimated to result in 3.5 million unfulfilled cybersecurity jobs by 2021. The bottom line is that cyberattacks continue to increase in scope and frequency, and we simply don't have the manpower to address them.

This is a critical moment, and now is the time for us to act. Enlisting the next generation of skilled cyber professionals, as well as training existing employees, will help us build stronger defenses and restore confidence among Americans worried about their — and our nation's — cyber safety.

The Issue at Hand
If demand for cybersecurity talent continues to increase, then we must strengthen our commitment to educating and training society in this domain as early as possible.

Luckily, today's young adults are increasingly aware of and interested in cybersecurity jobs. At the same time, there's been an increase in the number of cybersecurity-related courses and degrees offered at universities. In fact, some universities are collaborating with the private sector to build a new curriculum that more directly meets workforce need.

The bad news is that on-the-job training is scarce, mostly as a result of limited budgets and unclear roles and responsibilities. If organizations continue to fail at providing both non-cyber and cyber employees more formal training, businesses as well as policy and technology leaders agree that there will be serious implications for the world's security, safety, and economic stability.

How We Move Forward
Many employers falsely believe that those interested in a career in cybersecurity must first have a penchant for technology. The truth is, as Marc van Zadelhoff, general manager of IBM Security, pointed out in the Harvard Business Review, "unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks" are all qualities that would make anyone well suited for a career in cybersecurity. Employers must start broadening their search to include people with the right traits, rather than the right skills, in order to start closing the workforce gap.

This is particularly important for attracting midcareer professionals looking to make a career change. Many of these people exist but don't have the time or money to return to school for another degree. While their previous career path or degree may at first seem irrelevant, they are likely to bring new experiences and perspectives that would make them an ideal candidate.

Filling 3.5 million jobs by 2021, however, will require more than hiring midcareer professionals. Everyone today, regardless of the industry or position they work in, has a digital presence and must have an understanding of how to protect themselves, as well as their employers, online. To successfully grow cyber talent across industries, we must not focus solely on those who have specific cybersecurity skills. Rather, it should be the goal of every organization to arm those working in finance, communications, product, or even HR with cybersecurity knowledge. Cybersecurity is simply too complex for there to be only one individual appointed as the expert.

Enhancing cybersecurity awareness in the workplace starts with education, beginning in elementary school and continuing all the way through college. Both parents and teachers need to encourage young children to take part in cyber challenges or enroll in programs like GenCyber, which aims to help kids understand safe online behavior, and Think Like a Programmer, Girl Scouts of the USA's new computer science curriculum.

The consequences of the cybersecurity talent gap have never been more serious; we must have a strong, informed, and ready pool of young adults capable of taking the lead for decades to come. To get there, we must encourage even more awareness and interest, enrichment activities, and career exploration incentive programs. If we do so, the improvement in closing the skills gap we're already seeing will increase tenfold.

Related Content:

John DeSimone, VP, Cybersecurity & Special Missions, Raytheon John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence, Information and Services (IIS). He is an experienced cybersecurity and technology executive working within corporate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19740
PUBLISHED: 2019-12-12
Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVE-2019-19746
PUBLISHED: 2019-12-12
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19748
PUBLISHED: 2019-12-12
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2017-18640
PUBLISHED: 2019-12-12
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19726
PUBLISHED: 2019-12-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from th...