The rapid increase in global demand for skilled cybersecurity practitioners presents many similarities in the medical field a century ago when illnesses, treatments, and medical procedures evolved faster than training and education for practitioners. Unlike the medical community 100 years ago, today the cyber industry has access to numerous technologies that can fast-track educating, training, and recruiting a well-qualified cyber workforce. Yet, we still face a cybersecurity workforce gap.
While recent advancements in technology can help solve the global cybersecurity workforce shortage, several crucial factors to closing this gap still exist:
- Well-defined entry points and subdisciplines.
The industry can start by increasing the awareness of what a career in the field looks like. This lack of awareness limits many young people from being exposed to the field and pushes them toward careers they better understand. We need to create well-defined entry points and subdisciplines people will embrace. Entry points can look like technical (or non-technical) cybersecurity competitions, internships or apprenticeships, afterschool clubs and programs, conferences and summer camps. These experiences can help reduce the intimidation barrier for people interested in cyber careers by offering them an opportunity to explore the field, become more familiar with tools and tasks involved in cybersecurity work, and learn firsthand whether or not the field makes sense for them. Subdisciplines can break down the generalizations of work roles in cybersecurity into more accessible academic and career pathways, such as penetration tester, SOC analyst or threat hunter/researcher. Breaking down defined career paths offers the needed structure for them to envision a future role in the field.
- More dynamic, hands-on teaching methods.
The constantly evolving and highly complex nature of cybersecurity poses unique challenges to the status quo when it comes to educating and developing the next generation of cybersecurity pros. We must create engaging and sticky learning experiences, incite passion for lifelong learning, and encourage new and diverse students to explore and pursue cybersecurity. And while educators have long been dedicated to creating opportunities for students, the industry needs to drive a paradigm shift in how teaching and learning cybersecurity happens.
Teaching methods that rely on lectures, PowerPoint presentations, rote memorization, and other stale and static approaches do not adequately prepare individuals for work for this field. Being a cybersecurity professional demands an ability to understand and perform hands-on, technical work. Immersive learning experiences in real-world environments are imperative to producing well-qualified cybersecurity talent.
- Cybersecurity talent identification and aptitude assessments.
In 1943, Katharine Briggs and Isabel Briggs Myers developed the Myers-Briggs Type Indicator (MBTI) to help identify career preferences for women entering the workforce to fill shortages during World War II. In 1945, the MBTI was first used by the George Washington Medical School to screen potential candidates for an aptitude in medicine. Today, approximately 89 percent of Fortune 100 companies use MBTI to hire prospective employees. We need to replicate this concept of testing a person’s personality-specific competencies to roles in cybersecurity.
My own professional work efforts follow the Myers-Briggs approach by uniquely applying similar personality-based research to cybersecurity using the NIST Cybersecurity Framework and the NICE Cybersecurity Workforce Framework. The Cyber Aptitude Typology Indicator (CATI) developed by our company identifies an individual’s cyber personality type by looking at one’s natural tendency to gather and process information, and make decisions. This new method of cyber assessment predicts a person’s cyber aptitude and suggests work roles they may find to be a more natural fit.
Moreover, complementing cyber personality types with subdisciplines in cyber caters to varying intrinsic preferences for information gathering, communicating findings, and brainstorming on solutions. A better understanding of this, combined with the knowledge that everyone has their own personal learning styles, will enhance the development of learning content and environments that support both individuals entering the field and those who are upskilling their current knowledge and competencies.
Today, organizations face profound threats from cyberattacks. The threat landscape continues to mount while millions of cyber-related job openings remain unfilled. Cyber offers great challenges and high rewards, but it’s a field that can seem daunting to academic instructors, corporate hiring managers, and potential cybersecurity professionals. By reviewing decades of lessons learned from MBTI and the potential of cyber aptitude assessments, we can create new learning environments that serve to identify, teach, train, and continue to evolve practitioners in cybersecurity. This approach will create a dedicated cadre of cyber professionals who can meet the current and future needs of the field.
Laura Lee, vice president, cyber training, By Light Professional IT Services, LLC