Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

02:30 PM
Tom Weithman
Tom Weithman
Connect Directly
E-Mail vvv

How to Close the Critical Cybersecurity Talent Gap

If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.

Companies are facing an immediate and critical shortage of trained cybersecurity workers at a time when threats of all kinds are on the rise. This shortfall doesn't discriminate based on industry, company size, or geography. When it comes to not having enough cybersecurity talent to keep infrastructure safe, everyone is in the same boat.

Take the Washington, DC, metro region, for example. The area has one of the largest groups of cybersecurity startups in the country, with firms forming to serve both the private sector and government. Yet, according to a recent study conducted by CyberSeek, the area also suffers from some of the highest concentrations of unfilled cybersecurity jobs in the entire nation.

There are several steps that employers in the DC area can take to help mitigate this critical shortfall. And because the problem is not unique to Washington, though it is exaggerated there, those same lessons can be applied across the nation.

Look for Talent in New Places
In the short term, a winning strategy would involve targeting undergraduate and community colleges. Many students are unsure of what they want to do for a career. If students are still early enough into their academic paths, there would be fewer hurdles to jump in terms of taking the necessary classes to graduate with useful cybersecurity degrees. By targeting these students, it could lead to an increase in available talent for hire. While this won't completely eliminate the problem, it could slow down its progression with an infusion of new talent.

But we can go back even earlier in the talent pipeline. Promoting cybersecurity as part of the K–12 curriculum is critical because this will be a universally needed skill set well into the foreseeable future. Foundational K–12 courses could build up skills children will need to thrive in an increasingly digitally transformed world, and would be helpful regardless of their ultimate career path. For example, classes could take the form of logic and critical-thinking courses, and would shepherd talented students into either college or the often-overshadowed two-year trade schools.

And let's not forget about talented military personnel who are leaving the service. Any members of the military on their way back into civilian life would be grateful to have a good career in cybersecurity or information technology after being discharged. While the military doesn't generally train their IT professionals to do everything that their civilian counterparts do, it does offer all of the fundamentals. Between that training and the military's characteristic discipline, it makes working with and increasing the skills of veterans a much easier task in most cases. Mixing in discharged veterans with green students can yield surprisingly strong results in cybersecurity.

Think Outside the Box
Traditional thinking and approaches have not worked, and the cybersecurity talent gap is only getting bigger. It's clear that an out-of-the-box strategy is required. This includes looking at candidates who have similar skill sets and educational backgrounds but who will require some mild to modest retraining. This could include finding individuals with backgrounds in analytics, statistics, and general computer science. Some certifications and classes would likely also be needed, though the payoff would be significant.

A few state and local governments are starting to embrace this kind of thinking. Several states sponsor programs that help place recent graduates with some cybersecurity skills, though not necessarily full degrees, with companies in rural settings, where the shortage of IT professionals is even more acute than most metropolitan areas. Although those workers may need additional training, getting boots on the ground could make all the difference for places with almost no professional cybersecurity presence.

Creative ideas also could involve incorporating emerging technologies. For example, at-home and distance learning could be used to help train employees on critical cybersecurity skills. Or some of the shortfall in manpower can be mitigated by employing artificial intelligence (AI) platforms to tackle the more rudimentary cybersecurity threats. While AI technology today has a long way to go, when paired with automation and orchestration, it can do a good job eliminating lower-level threats, narrowing the cybersecurity talent gap from the other side by reducing the scope of the problem.

Finally, the use of cloud technology and software-as-a-service (SaaS) offerings for protection can reduce the scope of threats. SaaS allows cybersecurity to be used remotely and as needed, freeing up organizations to concentrate on what they do best and leaving cybersecurity to contracted professionals.

Make Something Happen
Doing the same old things won't solve the cybersecurity talent problem. If we don't change our ways, the problem will keep getting worse. It's clear that novel thinking and new techniques are required.

Bringing in talented professionals from places they are not normally recruited, looking at the problem across all demographics, being willing to spend resources on training employees who have basic cybersecurity knowledge or who seem predisposed to learning it, and tapping into emerging technology help combat threats using fewer human resources are just some of the ways this problem might be successfully confronted. This field is too important for us not to fix because it touches industry, government, and even individual citizens in increasingly large ways.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Tom Weithman formed CIT GAP Funds in 2005, which has gained national recognition as one of the nation's most active early-stage venture funds and a premier provider of capital to cybersecurity startups. CIT GAP Funds has provided early funding to early-stage cybersecurity ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
5/13/2019 | 2:22:23 PM
Re: K-12 to close the CyberSecurity gap
This is wonderful and should be encouraged.  Degrees should also be more accessible but that is a tough one because the subject itself is almost impossible to self manage and learn - and most of us do not have a few thousand in change in our pocket for a CIISP degree and course.  We need a better entrance ramp.  And IT itself should get more respect in the C-Suite than outsourcing here and there and hiring young and dumb.  We need to educate a new class of young and smart.  THEN we are making real progress and accept our mature and smart at the same time.  Experience counts heavy on this one. 
User Rank: Apprentice
5/9/2019 | 3:07:21 PM
K-12 to close the CyberSecurity gap
This article was music to my ears.  We have been growing the CyberPatriot program across Michigan for the last four years and truly beleive these students will fill the talent gap in Cybersec.  We went from 20 students the first year to over 700 students playing in an ethical virtual cyberdefense game from Nov-April each year!  We are doing all we can to expose these great kids to the many pathways into a cybersec career!  Many thanks for this well written article.  T
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-01
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
PUBLISHED: 2020-12-01
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
PUBLISHED: 2020-12-01
ManageOne versions,,,, ,, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of ...
PUBLISHED: 2020-12-01
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.
PUBLISHED: 2020-11-30
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The ...