It’s no secret that our cybersecurity industry today suffers from a yawning talent gap — a statistical juggernauton track to reach 3.5 million unfilled positions by 2021. As the wakeup call spreads, we’re seeing more cross-disciplinary trainingsand nurture efforts deep into the educational pipeline — from pre-K, elementaryand middle schoolinitiatives, to programs for high schooland higher education.
We just got fresh momentum from the recent White House “Executive Order on America’s Cybersecurity Workforce,” which proclaims our collective cybersecurity talent pool “a strategic asset that protects the American people” and in need of “work-based learning, apprenticeships, and blended learning approaches…for both new workforce entrants and those who are advanced in their careers.”
As a cybersecurity education evangelist, this proclamation is at once music to my ears and the mother of all to-do lists. That’s because the Executive Order focuses primarily on the Why and What — meaning it’s largely up to the industry to keep figuring out the How.
Achieving Meaningful Workforce Change
The gap between setting a priority and achieving it is never easy, but it’s getting to be indefensible in this case. For instance, across 24 states, only 35 percent of high schools in the US teach computer science— much less focus specifically on cybersecurity — despite the fact that 90 percent of parents want computer science education for their children.
As for workforce diversity goals, there’s still lotsofresearch showing women and minorities remain stubbornly underrepresented; and this problem goes beyond just corporate social responsibility. An overly homogenous workforce inhibits problem-solving and has even been shown — when that workforce happens to be AI programmers — to seed bias into the performance of facial and voice recognition and broader AI/ML technologies that cybersecurity practitioners increasingly rely on.
In light of this, the White House’s recent Executive Order is a welcome, but partial, assist. More a compass than a road map, it lays out steps for Cabinet-level coordination, additional research and — significantly — a “cybersecurity rotational assignment program” for knowledge transfer between federal cybersecurity professionals. These are steps in the right direction; but I believe there are many other steps we can take.
Knowledge Transfer and Diversity are Key
“Knowledge transfer” is the underlying currency for all education, on-the-job learning and even those enlightening watercooler conversations we may have at work; and the insights get richer to the extent they’re cross-disciplinary, cross-cultural and cross-gender and generational.
Against this backdrop, knowledge transfer via a rotational program for federal employees between agencies is encouraging, but somewhat limited.
To really move the needle, we must programmatically flesh out the work-based learning, apprenticeships and blended learning approaches alluded to in the Executive Order. Thankfully, we don’t need to start at square one. For instance, there’s already the DHS-sponsored Cybersecurity Education Training Assistance Program (CETAP)and the cross-sector Global Cyber Alliance. And we see targeted efforts to support not just race and gender diversity, but also to recruit veteransinto cybersecurity jobs and to promote “neurodiversity” for those with autismand other differing abilitieswho bring unique and useful skills to the job.
A Shared Industry Mission
I’ve hopefully shared enough examples to show that progress accelerates whenever we coordinate a variety of efforts around a shared mission. And I’m a firm believer that this shared mission is something that every cybersecurity firm and learning institution must embrace at the organizational level.
As a learning platform, my own company has been especially passionate in partnering with nonprofits like the Women in Security and Privacy, Women’s Society of Cyberjitsu, Melwood’s neurodiversity abilITprogram, and others with donated memberships, tiered services discounts and other incentives to ease curriculum access for these groups. We also work closely with the Cybersecurity Forum Initiative (CSFI)to fill the federal cyber-workforce gap by delivering education and training to some 100,000+ cybersecurity and cyber warfare professionals across the government, military, private sector and academia.
This shared workforce mission is something we should all take to heart and take with us into that next strategic planning company off-site. There are tons of ways to shape your organizational priorities for a stronger workforce: from wider recruitment and deeper community involvement, to robust on-boarding, continuous learning and upskilling support for employees.
Regardless of your particular approach, every organization has a role to play in closing the cyber-workforce talent gap as an industry-wide problem in need of an industry-wide response.