Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

02:30 PM
Tom Weithman
Tom Weithman
Connect Directly
E-Mail vvv

How to Close the Critical Cybersecurity Talent Gap

If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.

Companies are facing an immediate and critical shortage of trained cybersecurity workers at a time when threats of all kinds are on the rise. This shortfall doesn't discriminate based on industry, company size, or geography. When it comes to not having enough cybersecurity talent to keep infrastructure safe, everyone is in the same boat.

Take the Washington, DC, metro region, for example. The area has one of the largest groups of cybersecurity startups in the country, with firms forming to serve both the private sector and government. Yet, according to a recent study conducted by CyberSeek, the area also suffers from some of the highest concentrations of unfilled cybersecurity jobs in the entire nation.

There are several steps that employers in the DC area can take to help mitigate this critical shortfall. And because the problem is not unique to Washington, though it is exaggerated there, those same lessons can be applied across the nation.

Look for Talent in New Places
In the short term, a winning strategy would involve targeting undergraduate and community colleges. Many students are unsure of what they want to do for a career. If students are still early enough into their academic paths, there would be fewer hurdles to jump in terms of taking the necessary classes to graduate with useful cybersecurity degrees. By targeting these students, it could lead to an increase in available talent for hire. While this won't completely eliminate the problem, it could slow down its progression with an infusion of new talent.

But we can go back even earlier in the talent pipeline. Promoting cybersecurity as part of the K–12 curriculum is critical because this will be a universally needed skill set well into the foreseeable future. Foundational K–12 courses could build up skills children will need to thrive in an increasingly digitally transformed world, and would be helpful regardless of their ultimate career path. For example, classes could take the form of logic and critical-thinking courses, and would shepherd talented students into either college or the often-overshadowed two-year trade schools.

And let's not forget about talented military personnel who are leaving the service. Any members of the military on their way back into civilian life would be grateful to have a good career in cybersecurity or information technology after being discharged. While the military doesn't generally train their IT professionals to do everything that their civilian counterparts do, it does offer all of the fundamentals. Between that training and the military's characteristic discipline, it makes working with and increasing the skills of veterans a much easier task in most cases. Mixing in discharged veterans with green students can yield surprisingly strong results in cybersecurity.

Think Outside the Box
Traditional thinking and approaches have not worked, and the cybersecurity talent gap is only getting bigger. It's clear that an out-of-the-box strategy is required. This includes looking at candidates who have similar skill sets and educational backgrounds but who will require some mild to modest retraining. This could include finding individuals with backgrounds in analytics, statistics, and general computer science. Some certifications and classes would likely also be needed, though the payoff would be significant.

A few state and local governments are starting to embrace this kind of thinking. Several states sponsor programs that help place recent graduates with some cybersecurity skills, though not necessarily full degrees, with companies in rural settings, where the shortage of IT professionals is even more acute than most metropolitan areas. Although those workers may need additional training, getting boots on the ground could make all the difference for places with almost no professional cybersecurity presence.

Creative ideas also could involve incorporating emerging technologies. For example, at-home and distance learning could be used to help train employees on critical cybersecurity skills. Or some of the shortfall in manpower can be mitigated by employing artificial intelligence (AI) platforms to tackle the more rudimentary cybersecurity threats. While AI technology today has a long way to go, when paired with automation and orchestration, it can do a good job eliminating lower-level threats, narrowing the cybersecurity talent gap from the other side by reducing the scope of the problem.

Finally, the use of cloud technology and software-as-a-service (SaaS) offerings for protection can reduce the scope of threats. SaaS allows cybersecurity to be used remotely and as needed, freeing up organizations to concentrate on what they do best and leaving cybersecurity to contracted professionals.

Make Something Happen
Doing the same old things won't solve the cybersecurity talent problem. If we don't change our ways, the problem will keep getting worse. It's clear that novel thinking and new techniques are required.

Bringing in talented professionals from places they are not normally recruited, looking at the problem across all demographics, being willing to spend resources on training employees who have basic cybersecurity knowledge or who seem predisposed to learning it, and tapping into emerging technology help combat threats using fewer human resources are just some of the ways this problem might be successfully confronted. This field is too important for us not to fix because it touches industry, government, and even individual citizens in increasingly large ways.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Tom Weithman formed CIT GAP Funds in 2005, which has gained national recognition as one of the nation's most active early-stage venture funds and a premier provider of capital to cybersecurity startups. CIT GAP Funds has provided early funding to early-stage cybersecurity ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
5/9/2019 | 3:07:21 PM
K-12 to close the CyberSecurity gap
This article was music to my ears.  We have been growing the CyberPatriot program across Michigan for the last four years and truly beleive these students will fill the talent gap in Cybersec.  We went from 20 students the first year to over 700 students playing in an ethical virtual cyberdefense game from Nov-April each year!  We are doing all we can to expose these great kids to the many pathways into a cybersec career!  Many thanks for this well written article.  T
User Rank: Ninja
5/13/2019 | 2:22:23 PM
Re: K-12 to close the CyberSecurity gap
This is wonderful and should be encouraged.  Degrees should also be more accessible but that is a tough one because the subject itself is almost impossible to self manage and learn - and most of us do not have a few thousand in change in our pocket for a CIISP degree and course.  We need a better entrance ramp.  And IT itself should get more respect in the C-Suite than outsourcing here and there and hiring young and dumb.  We need to educate a new class of young and smart.  THEN we are making real progress and accept our mature and smart at the same time.  Experience counts heavy on this one. 
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
PUBLISHED: 2020-10-22
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
PUBLISHED: 2020-10-22
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents ...
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php