A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."
That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.
The demand for good workers is there, the supply of workers is not. According to CyberSeek, the supply is very low. How low, you ask? The national supply/demand ratio for all workers to job openings is almost 5, but the national average for cybersecurity jobs is almost 2.
Additionally, CyberSeek reports there are more than half a million unfilled cybersecurity jobs in the United States waiting for qualified individuals. Putting that in perspective, if every active member of the United Auto Workers union left the assembly line today to work in security jobs, we'd still be 100,000 workers short of filling the workforce gap.
It's not going to be easy in this election cycle. It seems the candidate who says some version of "that job that you know how to do isn't going to last" is the person who loses. But maybe there is another way to approach this issue that might resonate with a public needing to consider new options? Perhaps Americans might listen to a message of opportunity rather than failure?
Rust Belt workers have reason to be frustrated by politicians and corporations that have quit on them. It's been long theorized, and now commonly accepted, that middle class workers are either unwilling or lack the time, money, or confidence to take on new skills. A majority of 800 managers surveyed by Harvard Business School in 2018 shared that sentiment. But 11,000 "lower-income and middle-skills" workers in 11 countries told the researchers something entirely different. Harvard found workers were "more eager to embrace change and learn new skills than their employers gave them credit for."
Cybersecurity offers some workers a chance to be more than just a cog in the machine — a chance to be on the front lines of the tech revolution … and to be one of the good guys at that. Being on the right side of history is no small thing. There are Americans losing their places in factories, hotels, restaurants, and shopping malls who come from long lines of families that stood up when called upon by their country. There are also new Americans and second-generation Americans eager to show their love of America. If they knew reports of online crime to the FBI are up 400% since the start of the pandemic and that cyber-threat actors from foreign nation-states are targeting the healthcare and research facilities searching for COVID-19 treatments, they might be eager to join the fight.
And they need to know retraining can be cost efficient and more attainable than ever before. Craig Newmark, the founder of Craigslist, has made significant donations to multiple nonprofits offering free cybersecurity training for veterans and women, two segments vastly underrepresented in the security industry. Newmark helped fund the first class of the Sacramento-based program "100 Women in 100 Days." That program's creator, Carmen Marsh, had five times that many apply for spots in the program — with half of the spots claimed just hours after she launched. Two-thirds of the first class graduated, and nearly half are working in internships now. Marsh has a grant from the city of Sacramento for her next class. She'd like to take her program across the country … if she just had the budget.
Currently, the Senate has two bills that would direct much-needed funding to create apprenticeship programs. S. 1466, the Cyber Ready Workforce Act, would provide grants to the Labor Department to support registered apprenticeship programs in cybersecurity. S. 2775, the HACKED Act, would provide critical workforce training, including financial assistance to security education–focused regional alliances or partnerships. Unfortunately, the GovTrack website gives each bill only a 2% chance of being enacted — even though both have bipartisan support.
It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing). We need more than just the usual Washington mumbo-jumbo like "this has to be a public-private partnership to create a jobs program" or "we're repurposing human capital for a new century." It's time to invest in humans to make the technology we depend on better, smarter, and safer.
Now is the moment to take to your Twitter and LinkedIn accounts, not just to share with the friends you have but reach out to the next colleague you haven't met yet. Tell your story. Tell them about the opportunity. Tell them to vote. Tell them to ask their companies to consider new possibilities. Tell them the country, perhaps even the civilized world, needs them now.
Your actions will send workers a very simple message: We need reinforcements in this fight. We want you!
- 7 Tips for Employers Navigating Remote Recruitment
- Remote Work Could Help Cybersecurity’s Diversity Problem – But Will It?
- Cybersecurity Leaders: Invest In Your People
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.