Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Adam Benson
Adam Benson
Connect Directly
E-Mail vvv

A Patriotic Solution to the Cybersecurity Skills Shortage

Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.

A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."

That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.

The demand for good workers is there, the supply of workers is not. According to CyberSeek, the supply is very low. How low, you ask? The national supply/demand ratio for all workers to job openings is almost 5, but the national average for cybersecurity jobs is almost 2.

Additionally, CyberSeek reports there are more than half a million unfilled cybersecurity jobs in the United States waiting for qualified individuals. Putting that in perspective, if every active member of the United Auto Workers union left the assembly line today to work in security jobs, we'd still be 100,000 workers short of filling the workforce gap.

It's not going to be easy in this election cycle. It seems the candidate who says some version of "that job that you know how to do isn't going to last" is the person who loses. But maybe there is another way to approach this issue that might resonate with a public needing to consider new options? Perhaps Americans might listen to a message of opportunity rather than failure?

Rust Belt workers have reason to be frustrated by politicians and corporations that have quit on them. It's been long theorized, and now commonly accepted, that middle class workers are either unwilling or lack the time, money, or confidence to take on new skills. A majority of 800 managers surveyed by Harvard Business School in 2018 shared that sentiment. But 11,000 "lower-income and middle-skills" workers in 11 countries told the researchers something entirely different. Harvard found workers were "more eager to embrace change and learn new skills than their employers gave them credit for."

Cybersecurity offers some workers a chance to be more than just a cog in the machine — a chance to be on the front lines of the tech revolution … and to be one of the good guys at that. Being on the right side of history is no small thing. There are Americans losing their places in factories, hotels, restaurants, and shopping malls who come from long lines of families that stood up when called upon by their country. There are also new Americans and second-generation Americans eager to show their love of America. If they knew reports of online crime to the FBI are up 400% since the start of the pandemic and that cyber-threat actors from foreign nation-states are targeting the healthcare and research facilities searching for COVID-19 treatments, they might be eager to join the fight.

And they need to know retraining can be cost efficient and more attainable than ever before. Craig Newmark, the founder of Craigslist, has made significant donations to multiple nonprofits offering free cybersecurity training for veterans and women, two segments vastly underrepresented in the security industry. Newmark helped fund the first class of the Sacramento-based program "100 Women in 100 Days." That program's creator, Carmen Marsh, had five times that many apply for spots in the program — with half of the spots claimed just hours after she launched. Two-thirds of the first class graduated, and nearly half are working in internships now. Marsh has a grant from the city of Sacramento for her next class. She'd like to take her program across the country … if she just had the budget.

Currently, the Senate has two bills that would direct much-needed funding to create apprenticeship programs. S. 1466, the Cyber Ready Workforce Act, would provide grants to the Labor Department to support registered apprenticeship programs in cybersecurity. S. 2775, the HACKED Act, would provide critical workforce training, including financial assistance to security education–focused regional alliances or partnerships. Unfortunately, the GovTrack website gives each bill only a 2% chance of being enacted — even though both have bipartisan support.

It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing). We need more than just the usual Washington mumbo-jumbo like "this has to be a public-private partnership to create a jobs program" or "we're repurposing human capital for a new century." It's time to invest in humans to make the technology we depend on better, smarter, and safer.

Now is the moment to take to your Twitter and LinkedIn accounts, not just to share with the friends you have but reach out to the next colleague you haven't met yet. Tell your story. Tell them about the opportunity. Tell them to vote. Tell them to ask their companies to consider new possibilities. Tell them the country, perhaps even the civilized world, needs them now.

Your actions will send workers a very simple message: We need reinforcements in this fight. We want you!

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Adam Benson is a senior vice president at Vrge Strategies, a Washington, DC-based public affairs firm. Benson has written security research papers and worked with both corporate and nonprofit cybersecurity clients. Previously, he was press secretary for former Congressman ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-17
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
PUBLISHED: 2021-05-17
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x8000201...
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook wit...
PUBLISHED: 2021-05-17
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.