Bridging the cybersecurity talent gap
- By Steve Kirk
- Sep 16, 2016
According to the Cybersecurity Jobs Report, there will be 1.5 million global cybersecurity openings by 2019. This shortfall is fueled in part by efforts to combat the dramatic increase in cybercrime, as well as by the constantly shifting the security landscape that makes finding qualified individuals for critical roles difficult.
The talent shortfall is a known quantity, but the solution to this crisis is unclear. Why? It’s a known unknown, as Donald Rumsfeld might say. Because the scope of the challenge is broad and growing, it requires a broadening range of skill sets that are yet unknown.
Attack methods and breaching techniques are constantly evolving, which means that finding the elusive talent to overcome today’s challenges solves the immediate problem. We know how to remediate the kind of breaches we’ve already seen, but what about the attack vectors we don’t yet know about? If the attacker’s method is unknown, then so is the threat response. The talent shortfall, therefore, is about much more than just a limited pool of security professionals. It’s about having people who can deal with the known unknowns.
How have we arrived at this current state of cyber talent shortfall? During the 1960s, there was a push to connect computer systems. Concerns that were raised about security and data protection were brushed aside to expedite connectivity. This same focus continues today: Ease of connectivity first, security second. The reality, though, is that the two are interdependent. Connectivity and security must be coordinated and scale equally. Data without protection is unreliable and dangerous, and security without data is an empty bank vault, impressive but with neither function nor purpose. The balancing the two is the ultimate goal.
Cybersecurity takes on greater importance as we encounter new unknowns. To avoid repeating history, we must nurture a culture that values both connectivity and security and support a broader definition of the talents required. Fortunately, government agencies are helping to build talent through organizations such as the National Initiative for Cybersecurity Education, which works to accelerate the availability of educational and training resources designed to improve the cyber behavior, skills, and knowledge of every segment of the population. Much work remains, however.
All agencies need a more robust cybersecurity workforce, especially those responsible for the nation’s critical infrastructure. Incapacitation or destruction of any portion of that infrastructure would have a debilitating effect on security, public safety and the economy. Technology alone can’t protect these systems. To fully secure these critical infrastructures, we need skilled cybersecurity professionals to guard against both the known threats and anticipate the unknown ones.
Because we can’t see into the future, it’s difficult to know what cybersecurity tools and skill sets tomorrow’s workers must have to be successful, Nevertheless, those entering the cybersecurity field should have a foundation in:
- A basic understanding how IT messaging works. Knowing how programs exchange messages and what data or information is included in those messages is paramount for cybersecurity professionals.
- Awareness of the cybersecurity education, trainings and workforce development across the public and private sectors.
- Appreciation of human nature and user behavior to better understand how preventable breaches such as email phishing attacks infiltrate networks.
As business, government, finance, education and healthcare become increasingly digitized, we must redouble our efforts to protect our data and networks. Without groomed professionals prepared to keep our data protected and fight the cybercrimes of tomorrow, all of our online information can be compromised and held hostage.
Government must prioritize building a strong and sufficient cybersecurity workforce. To do this, agencies must educate, build and reinforce cybersecurity in every aspect of the culture -- from casual users to those who protect data behind the scenes. The next wave of cybersecurity professionals must not only possess deep subject matter expertise but also critical thinking skills and an understanding of human behavior to defend against today’s known threats and tomorrow’s unknown ones.
Steve Kirk is vice president, Federal Solutions, at Fortinet.