Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Adam Benson
Adam Benson
Connect Directly
E-Mail vvv

A Patriotic Solution to the Cybersecurity Skills Shortage

Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.

A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."

That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.

The demand for good workers is there, the supply of workers is not. According to CyberSeek, the supply is very low. How low, you ask? The national supply/demand ratio for all workers to job openings is almost 5, but the national average for cybersecurity jobs is almost 2.

Additionally, CyberSeek reports there are more than half a million unfilled cybersecurity jobs in the United States waiting for qualified individuals. Putting that in perspective, if every active member of the United Auto Workers union left the assembly line today to work in security jobs, we'd still be 100,000 workers short of filling the workforce gap.

It's not going to be easy in this election cycle. It seems the candidate who says some version of "that job that you know how to do isn't going to last" is the person who loses. But maybe there is another way to approach this issue that might resonate with a public needing to consider new options? Perhaps Americans might listen to a message of opportunity rather than failure?

Rust Belt workers have reason to be frustrated by politicians and corporations that have quit on them. It's been long theorized, and now commonly accepted, that middle class workers are either unwilling or lack the time, money, or confidence to take on new skills. A majority of 800 managers surveyed by Harvard Business School in 2018 shared that sentiment. But 11,000 "lower-income and middle-skills" workers in 11 countries told the researchers something entirely different. Harvard found workers were "more eager to embrace change and learn new skills than their employers gave them credit for."

Cybersecurity offers some workers a chance to be more than just a cog in the machine — a chance to be on the front lines of the tech revolution … and to be one of the good guys at that. Being on the right side of history is no small thing. There are Americans losing their places in factories, hotels, restaurants, and shopping malls who come from long lines of families that stood up when called upon by their country. There are also new Americans and second-generation Americans eager to show their love of America. If they knew reports of online crime to the FBI are up 400% since the start of the pandemic and that cyber-threat actors from foreign nation-states are targeting the healthcare and research facilities searching for COVID-19 treatments, they might be eager to join the fight.

And they need to know retraining can be cost efficient and more attainable than ever before. Craig Newmark, the founder of Craigslist, has made significant donations to multiple nonprofits offering free cybersecurity training for veterans and women, two segments vastly underrepresented in the security industry. Newmark helped fund the first class of the Sacramento-based program "100 Women in 100 Days." That program's creator, Carmen Marsh, had five times that many apply for spots in the program — with half of the spots claimed just hours after she launched. Two-thirds of the first class graduated, and nearly half are working in internships now. Marsh has a grant from the city of Sacramento for her next class. She'd like to take her program across the country … if she just had the budget.

Currently, the Senate has two bills that would direct much-needed funding to create apprenticeship programs. S. 1466, the Cyber Ready Workforce Act, would provide grants to the Labor Department to support registered apprenticeship programs in cybersecurity. S. 2775, the HACKED Act, would provide critical workforce training, including financial assistance to security education–focused regional alliances or partnerships. Unfortunately, the GovTrack website gives each bill only a 2% chance of being enacted — even though both have bipartisan support.

It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing). We need more than just the usual Washington mumbo-jumbo like "this has to be a public-private partnership to create a jobs program" or "we're repurposing human capital for a new century." It's time to invest in humans to make the technology we depend on better, smarter, and safer.

Now is the moment to take to your Twitter and LinkedIn accounts, not just to share with the friends you have but reach out to the next colleague you haven't met yet. Tell your story. Tell them about the opportunity. Tell them to vote. Tell them to ask their companies to consider new possibilities. Tell them the country, perhaps even the civilized world, needs them now.

Your actions will send workers a very simple message: We need reinforcements in this fight. We want you!

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Adam Benson is a senior vice president at Vrge Strategies, a Washington, DC-based public affairs firm. Benson has written security research papers and worked with both corporate and nonprofit cybersecurity clients. Previously, he was press secretary for former Congressman ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...