Cybersecurity Talent Gaps Are Bigger Than We Thought—And Here’s How To Solve Them
Cybersecurity has become one of the hottest jobs over the past few years, exhibiting high wage and employment growth. However, recent research from Emsi has found that the U.S. has less than half the cybersecurity candidates that it needs to handle increasing demand.
Get started on your cybersecurity degree at American Military University.
The cybersecurity skills gap is a problem for not only organizations that cannot find the proper talent, but also the country as a whole. As the digital economy expands, safe and secure digital infrastructure is integral for maintaining economic growth and human flourishing. Malicious cyber attacks lead to stolen revenues, uncertainty, public mistrust, and a vulnerable economic and national security base.
Filling The Talent Pipeline
The U.S. Cyberspace Solarium Commission was created in 2019 to “develop a consensus on a strategic approach to defending the United States cyberspace against cyber attacks of significant consequences.” In their July report, they argued that chronic shortages for cybersecurity talent are driven “by a need for personnel that have specific cybersecurity skills and experience, but they are complicated by government hiring, training, and development pathways that are not well-suited to recruit and retain those personnel.”
Fortunately, thanks to a recent executive order by the White House in June, the federal government will begin prioritizing hires based on skills, rather than degrees. Particularly in the cybersecurity landscape where the technology is evolving so rapidly, traditional computer science and related degree programs are expensive and time intensive.
That’s where EdTech companies have cropped up to provide invaluable educational services at low cost and high flexibility. Datacamp, for example, provides arguably the best experience for learning programming languages. With an especially low price of roughly $150/year due to an unparalleled discount, you can access personalized learning resources and a digital community.
But, not everyone is going to become a cybersecurity expert. So, what can we do to promote best practices within the cyber community?
Thinking outside the box, the ICS Village, with The Wilson Center’s Science and Technology Innovation Program (STIP), Cyber Bytes Foundation, and R Street Institute, sponsored a day-long event called Hack the Capitol on September 16 that went far beyond a traditional conference with lectures where everyone sits quietly in the audience.
Aimed at raising education and awareness to Congressional staffers, think tanks, and press, the event provided an opportunity to bring different stakeholders together to learn and share with one another. These conversations are helpful for not only increasing know-how among participants today, but also inaugurating relationships that may last months if not years. That is, connecting policymakers and technical experts together allows both sides to learn from one another and understand the where to turn when questions arise.
Understanding Supply Chain Vulnerability
One of the important lessons from Hack the Capitol was that cybersecurity is much more than simply securing a device or piece of software. Digital goods and services generally contain a wide array of linkages that span across organizations and sub-industries. In this sense, we need to think of cybersecurity using a systems approach that examines the interconnectedness of all the players and events.
My recent research with Deven Desai at Georgia Institute of Technology has taken the challenge of measuring supply chain risk in cybersecurity seriously. Drawing on data on the number of exposed ports for every Fortune 500 company from Rapid7, combined with data on how much each industry contributes to every other industry from the Bureau of Economic Analysis, we developed an index of supply chain risk. For the first time, we now have a measure of cyber vulnerabilities at the firm-level.
Contrary to the conventional approach for defining critical infrastructure, which classifies sectors as more versus less important, our results suggest that professional services are the largest source of cybersecurity risk. That’s because professional services are inescapable—every sector uses them. Whether you’re a finance or energy company, you’re probably hiring consultants, information security workers, or designing compensation packages for your employees using a professional services firm.
Hack the Capitol, and other similar events, come at an especially important time for at least two reasons. First, they bring people together, ranging from technical experts to policymakers, who need each other to more effectively solve problems. Second, they provide an opportunity for experiential learning that highlights the expansiveness of cybersecurity beyond the traditional archetype that it’s just about sitting behind a computer.
To fill the cyber skills gap, we need to find ways to communicate knowledge so that it not only sticks, but also resonates and appeals to a new generation of learners who are hungry for purpose.