It’s
no secret that our cybersecurity industry today suffers from a yawning talent
gap — a statistical juggernauton track to reach 3.5 million unfilled positions by 2021. As the wakeup call spreads, we’re
seeing more cross-disciplinary
trainingsand
nurture efforts deep into the educational pipeline — from pre-K, elementaryand middle schoolinitiatives, to programs for high schooland higher education. We
just got fresh momentum from the recent White House “Executive Order on
America’s Cybersecurity Workforce,” which proclaims our collective cybersecurity talent
pool “a strategic asset that protects the American people” and in need
of “work-based learning, apprenticeships, and blended learning
approaches...for both new workforce entrants and those who are advanced in
their careers.”As
a cybersecurity education evangelist, this proclamation is at once music to my
ears and the mother of all to-do lists. That’s because the Executive Order
focuses primarily on the Why and What — meaning it’s largely up to the industry
to keep figuring out the How.
Achieving
Meaningful Workforce ChangeThe
gap between setting a priority and achieving it is never easy, but it’s getting
to be indefensible in this case. For instance, across 24 states, only 35 percent of high
schools in the US teach computer science— much less focus specifically on
cybersecurity — despite the fact that 90 percent of parents want computer
science education for their children. As
for workforce diversity goals, there’s still lotsofresearch showing women and minorities remain
stubbornly underrepresented; and this problem goes beyond just corporate social
responsibility. An overly homogenous workforce inhibits problem-solving and has even been shown — when that workforce
happens to be AI programmers — to seed bias into the performance of facial and voice recognition and broader AI/ML technologies that cybersecurity practitioners increasingly
rely on. In
light of this, the White House’s recent Executive Order is a welcome, but
partial, assist. More a compass than a road map, it lays out steps for
Cabinet-level coordination, additional research and — significantly — a
“cybersecurity rotational assignment program” for knowledge transfer between
federal cybersecurity professionals. These are steps in the right direction;
but I believe there are many other steps we can take.Knowledge
Transfer and Diversity are Key“Knowledge
transfer” is the underlying currency for all education, on-the-job learning and
even those enlightening watercooler conversations we may have at work; and the
insights get richer to the extent they’re cross-disciplinary, cross-cultural
and cross-gender and generational. Against
this backdrop, knowledge transfer via a rotational program for federal
employees between agencies is encouraging, but somewhat limited. To
really move the needle, we must programmatically flesh out the work-based
learning, apprenticeships and blended learning approaches alluded to in the
Executive Order. Thankfully, we don’t need to start at square one. For
instance, there’s already the DHS-sponsored Cybersecurity Education
Training Assistance Program (CETAP)and the cross-sector Global Cyber Alliance. And we see targeted efforts to support not
just race and gender diversity, but also to recruit veteransinto cybersecurity jobs and to promote
“neurodiversity” for those with autismand other differing abilitieswho bring unique and useful skills to the
job. A
Shared Industry MissionI’ve
hopefully shared enough examples to show that progress accelerates whenever we
coordinate a variety of efforts around a shared mission. And I’m a firm
believer that this shared mission is something that every cybersecurity firm
and learning institution must embrace at the organizational level. As
a learning platform, my own company has been especially passionate in
partnering with nonprofits like the Women in Security and Privacy, Women’s Society of Cyberjitsu, Melwood’s neurodiversity abilITprogram, and
others with donated memberships, tiered services discounts and other incentives
to ease curriculum access for these groups. We also work closely with the Cybersecurity Forum Initiative (CSFI)to fill the federal cyber-workforce gap by
delivering education and training to some 100,000+ cybersecurity and cyber
warfare professionals across the government, military, private sector and
academia. This
shared workforce mission is something we should all take to heart and take with
us into that next strategic planning company off-site. There are
tons of ways to shape your organizational
priorities for a stronger workforce: from wider recruitment and deeper community
involvement, to robust on-boarding, continuous learning and upskilling support
for employees. Regardless
of your particular approach, every organization has a role to play in closing
the cyber-workforce talent gap as an industry-wide problem in need of an
industry-wide response.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
