Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

12/3/2018
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Filling the Cybersecurity Jobs Gap Now and in the Future

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

At the beginning of the year, the World Economic Forum (WEF) released its annual Global Risks Report, in which the organization outlined the greatest risks to businesses around the world in 2018. Unsurprisingly, cyberattacks and data breaches both ranked in the top five.

The report is simultaneously doubtful that its findings will have any effect on the current cybersecurity skills gap, which is estimated to result in 3.5 million unfulfilled cybersecurity jobs by 2021. The bottom line is that cyberattacks continue to increase in scope and frequency, and we simply don't have the manpower to address them.

This is a critical moment, and now is the time for us to act. Enlisting the next generation of skilled cyber professionals, as well as training existing employees, will help us build stronger defenses and restore confidence among Americans worried about their — and our nation's — cyber safety.

The Issue at Hand
If demand for cybersecurity talent continues to increase, then we must strengthen our commitment to educating and training society in this domain as early as possible.

Luckily, today's young adults are increasingly aware of and interested in cybersecurity jobs. At the same time, there's been an increase in the number of cybersecurity-related courses and degrees offered at universities. In fact, some universities are collaborating with the private sector to build a new curriculum that more directly meets workforce need.

The bad news is that on-the-job training is scarce, mostly as a result of limited budgets and unclear roles and responsibilities. If organizations continue to fail at providing both non-cyber and cyber employees more formal training, businesses as well as policy and technology leaders agree that there will be serious implications for the world's security, safety, and economic stability.

How We Move Forward
Many employers falsely believe that those interested in a career in cybersecurity must first have a penchant for technology. The truth is, as Marc van Zadelhoff, general manager of IBM Security, pointed out in the Harvard Business Review, "unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks" are all qualities that would make anyone well suited for a career in cybersecurity. Employers must start broadening their search to include people with the right traits, rather than the right skills, in order to start closing the workforce gap.

This is particularly important for attracting midcareer professionals looking to make a career change. Many of these people exist but don't have the time or money to return to school for another degree. While their previous career path or degree may at first seem irrelevant, they are likely to bring new experiences and perspectives that would make them an ideal candidate.

Filling 3.5 million jobs by 2021, however, will require more than hiring midcareer professionals. Everyone today, regardless of the industry or position they work in, has a digital presence and must have an understanding of how to protect themselves, as well as their employers, online. To successfully grow cyber talent across industries, we must not focus solely on those who have specific cybersecurity skills. Rather, it should be the goal of every organization to arm those working in finance, communications, product, or even HR with cybersecurity knowledge. Cybersecurity is simply too complex for there to be only one individual appointed as the expert.

Enhancing cybersecurity awareness in the workplace starts with education, beginning in elementary school and continuing all the way through college. Both parents and teachers need to encourage young children to take part in cyber challenges or enroll in programs like GenCyber, which aims to help kids understand safe online behavior, and Think Like a Programmer, Girl Scouts of the USA's new computer science curriculum.

The consequences of the cybersecurity talent gap have never been more serious; we must have a strong, informed, and ready pool of young adults capable of taking the lead for decades to come. To get there, we must encourage even more awareness and interest, enrichment activities, and career exploration incentive programs. If we do so, the improvement in closing the skills gap we're already seeing will increase tenfold.

Related Content:

John DeSimone, VP, Cybersecurity & Special Missions, Raytheon John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence, Information and Services (IIS). He is an experienced cybersecurity and technology executive working within corporate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9016
PUBLISHED: 2020-02-16
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVE-2020-9013
PUBLISHED: 2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
CVE-2020-9007
PUBLISHED: 2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVE-2020-9012
PUBLISHED: 2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVE-2019-20456
PUBLISHED: 2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.