DHS Worried About Lack of Cybersecurity Talent
We spend a lot of time on this blog discussing cybersecurity. Understanding the effects of full-scale cybersecurity attacks is useful, but will only motivate a person or business to do things that will work to keep their network secure. The problem is that when it comes to public computing resources, there isn’t enough being done.
The Department of Homeland Security has gone on the record several times recently about the shortage of cybersecurity talent and how it is not just a troubling trend, it is a major problem and a threat to U.S. national security. Today, we’ll take a look at some of the statements made by the DHS and talk about a couple ideas that will get young people to become interested enough in cybersecurity to want to do it for a living.
What DHS Says
The U.S Department of Homeland Security’s whole mission is to keep Americans and American-owned businesses safe here at home. As such, they have a cybersecurity division that is tasked with protecting public computing resources from theft and attack. Recently, the Assistant Director for Cybersecurity and Infrastructure Security Agency (CISA), Jeanette Manfra talked about how CISA is making cybersecurity training initiatives an important part of their professional development platform.
“It’s a national security risk that we don’t have the talent,” Manfra said. “We have a massive shortage that is expected to grow larger.”
The Cybersecurity Skills Gap
Demand for comprehensive cybersecurity has never been higher and it is becoming a very large problem. According to the Center for Cyber Safety and Education there are over 1.5 million unfilled cybersecurity jobs, which will grow to 1.8 million by 2021. With not enough people to monitor networks and fewer even to provide comprehensive training, the talent shortage is a big reason there are so many data breaches.
Reasons for the Shortage
You’d immediately think that the reason for a lack of workers in a certain sector would come from a lack of education. While not many computer science curriculums prioritize cybersecurity, in this case, lack of cybersecurity-related courses isn’t the biggest issue.
It’s the job.
Working in cybersecurity isn’t sexy. It’s a lot like being a cop or a sanitation worker, thankless, but without people willing to do those jobs, society would be chaos. This is a high stress job, that gets no recognition, and is maligned when something goes wrong. Since this doesn’t paint a picture of a job that would be in high demand, it’s no surprise that there is a shortage, and that even if they are staffed, they are short on resources.
...But Education Could Be Better
The educational opportunities are actually decreasing, even as cybercrime becomes a multi-trillion dollar per year problem. For-profit trade schools, some of the only places prioritizing information security, are going the way of the dinosaur, and curriculums at major universities haven’t transitioned as fast as cybercriminals have, leaving a big gap in IT education.
Fortunately for everyone there are approximately a million ethical hackers out there who are constantly checking systems for vulnerabilities. Instead of stealing information, these individuals typically work some type of deal to get a paycheck for telling a company about the vulnerabilities they find. Moreover, these individuals are the future of cybersecurity. As a result, there are organizations that are creating free coursework designed by these ethical hackers for a talent pool that has no choice but to grow. With tools like Cyber Aces, Hacker101, Google Gruyere, and more, there is an active attempt by cybersecurity firms to find talent that has an interest in doing these jobs.
Manfra explained that CISA is really pushing their development of curriculum for developers in grade and secondary school and, borrowing a strategy from big tech by developing workforce training procedures that are modeled with recruitment and retention in mind. Since filling these jobs are a priority, you could begin to see special incentive programs for people willing to focus on cybersecurity as an expertise.
Manfra sees government subsidy for the educational costs cybersecurity professionals pick up if they are willing to work in the public sector for a few years before they move on to the private sector. Allowing CISA to “...build a community of people with shared experience.” The more people who are on the same page, the more costs will stabilize, which will help business.
Cybercime isn’t going away, so making sure that your business’ network and infrastructure is well maintained and your staff is trained can go a long way toward protecting your business’ assets. Subscribe to our blog for more great cybersecurity articles.