Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

5/9/2019
02:30 PM
Tom Weithman
Tom Weithman
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Close the Critical Cybersecurity Talent Gap

If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.

Companies are facing an immediate and critical shortage of trained cybersecurity workers at a time when threats of all kinds are on the rise. This shortfall doesn't discriminate based on industry, company size, or geography. When it comes to not having enough cybersecurity talent to keep infrastructure safe, everyone is in the same boat.

Take the Washington, DC, metro region, for example. The area has one of the largest groups of cybersecurity startups in the country, with firms forming to serve both the private sector and government. Yet, according to a recent study conducted by CyberSeek, the area also suffers from some of the highest concentrations of unfilled cybersecurity jobs in the entire nation.

There are several steps that employers in the DC area can take to help mitigate this critical shortfall. And because the problem is not unique to Washington, though it is exaggerated there, those same lessons can be applied across the nation.

Look for Talent in New Places
In the short term, a winning strategy would involve targeting undergraduate and community colleges. Many students are unsure of what they want to do for a career. If students are still early enough into their academic paths, there would be fewer hurdles to jump in terms of taking the necessary classes to graduate with useful cybersecurity degrees. By targeting these students, it could lead to an increase in available talent for hire. While this won't completely eliminate the problem, it could slow down its progression with an infusion of new talent.

But we can go back even earlier in the talent pipeline. Promoting cybersecurity as part of the K–12 curriculum is critical because this will be a universally needed skill set well into the foreseeable future. Foundational K–12 courses could build up skills children will need to thrive in an increasingly digitally transformed world, and would be helpful regardless of their ultimate career path. For example, classes could take the form of logic and critical-thinking courses, and would shepherd talented students into either college or the often-overshadowed two-year trade schools.

And let's not forget about talented military personnel who are leaving the service. Any members of the military on their way back into civilian life would be grateful to have a good career in cybersecurity or information technology after being discharged. While the military doesn't generally train their IT professionals to do everything that their civilian counterparts do, it does offer all of the fundamentals. Between that training and the military's characteristic discipline, it makes working with and increasing the skills of veterans a much easier task in most cases. Mixing in discharged veterans with green students can yield surprisingly strong results in cybersecurity.

Think Outside the Box
Traditional thinking and approaches have not worked, and the cybersecurity talent gap is only getting bigger. It's clear that an out-of-the-box strategy is required. This includes looking at candidates who have similar skill sets and educational backgrounds but who will require some mild to modest retraining. This could include finding individuals with backgrounds in analytics, statistics, and general computer science. Some certifications and classes would likely also be needed, though the payoff would be significant.

A few state and local governments are starting to embrace this kind of thinking. Several states sponsor programs that help place recent graduates with some cybersecurity skills, though not necessarily full degrees, with companies in rural settings, where the shortage of IT professionals is even more acute than most metropolitan areas. Although those workers may need additional training, getting boots on the ground could make all the difference for places with almost no professional cybersecurity presence.

Creative ideas also could involve incorporating emerging technologies. For example, at-home and distance learning could be used to help train employees on critical cybersecurity skills. Or some of the shortfall in manpower can be mitigated by employing artificial intelligence (AI) platforms to tackle the more rudimentary cybersecurity threats. While AI technology today has a long way to go, when paired with automation and orchestration, it can do a good job eliminating lower-level threats, narrowing the cybersecurity talent gap from the other side by reducing the scope of the problem.

Finally, the use of cloud technology and software-as-a-service (SaaS) offerings for protection can reduce the scope of threats. SaaS allows cybersecurity to be used remotely and as needed, freeing up organizations to concentrate on what they do best and leaving cybersecurity to contracted professionals.

Make Something Happen
Doing the same old things won't solve the cybersecurity talent problem. If we don't change our ways, the problem will keep getting worse. It's clear that novel thinking and new techniques are required.

Bringing in talented professionals from places they are not normally recruited, looking at the problem across all demographics, being willing to spend resources on training employees who have basic cybersecurity knowledge or who seem predisposed to learning it, and tapping into emerging technology help combat threats using fewer human resources are just some of the ways this problem might be successfully confronted. This field is too important for us not to fix because it touches industry, government, and even individual citizens in increasingly large ways.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Tom Weithman formed CIT GAP Funds in 2005, which has gained national recognition as one of the nation's most active early-stage venture funds and a premier provider of capital to cybersecurity startups. CIT GAP Funds has provided early funding to early-stage cybersecurity ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/13/2019 | 2:22:23 PM
Re: K-12 to close the CyberSecurity gap
This is wonderful and should be encouraged.  Degrees should also be more accessible but that is a tough one because the subject itself is almost impossible to self manage and learn - and most of us do not have a few thousand in change in our pocket for a CIISP degree and course.  We need a better entrance ramp.  And IT itself should get more respect in the C-Suite than outsourcing here and there and hiring young and dumb.  We need to educate a new class of young and smart.  THEN we are making real progress and accept our mature and smart at the same time.  Experience counts heavy on this one. 
TamaraShoe
50%
50%
TamaraShoe,
User Rank: Apprentice
5/9/2019 | 3:07:21 PM
K-12 to close the CyberSecurity gap
This article was music to my ears.  We have been growing the CyberPatriot program across Michigan for the last four years and truly beleive these students will fill the talent gap in Cybersec.  We went from 20 students the first year to over 700 students playing in an ethical virtual cyberdefense game from Nov-April each year!  We are doing all we can to expose these great kids to the many pathways into a cybersec career!  Many thanks for this well written article.  T
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.