At RiskSec NY: Sandra Sargent, cybersecurity lead at The World Bank; Rick Doten, chief of cyber and information security at Crumpton Group; and Teri Robinson, executive editor of SC Media.
At RiskSec NY: Sandra Sargent, cybersecurity lead at The World Bank; Rick Doten, chief of cyber and information security at Crumpton Group; and Teri Robinson, executive editor of SC Media.

It's a "dire situation" for recruitment in the cybersecurity field, said Sandra Sargent, cybersecurity lead at The World Bank, speaking at a morning panel at RiskSec NY on Tuesday.

The challenge, she said, is that six million jobs are globally left unfilled in the cybersecurity field. Her prescription was to offer better incentives. "What can you offer," she asked the audience of IT security professionals gathered for the conference and expo, sponsored by SC Media.

The solution lies in not poaching but collaborating with the private sector and academia, she said.

The greatest shortage in security personnel is in Africa and Southeast Asia, Sargent said. Meanwhile, she pointed to the very targeted training that starts in elementary school in Korea and Israel as prime examples of how investments in human capital pays off in cyber readiness.

Co-panelist Rick Doten, chief of cyber and information security at Crumpton Group, added that the problem with recruiting capable personnel in the United States is competition. Rather, he pointed to re-training programs in the U.K. in which people are screened for the "right personality" and then trained to fill positions in cybersecurity.

It matters less that a person has some job totally removed from IT security, he said, adding that certs and education could prove irrelevant. What's vital is that the candidate asks a lot of questions and is capable of figuring things out. With those attributes and some training, they're suitable for positions in the field, he said.

Sargent pointed to positive developments in the U.S., particularly National Science Foundation (NSF) grants for security and primary school foundations, and the fact that 200 universities have been accredited by the National Security Agency (NSA) and the Department of Homeland Security (DHS) as Centers of Academic Excellence in Cybersecurity.

Doten agreed that these two-year programs train the cybersecurity workforce instilling drive and desire, not just prepares someone to push a button to print out a report.

Aptitude, personality and drive are more important than what degree a person might have, Doten emphasized. He also stressed that the right candidate must be someone who is willing to keep learning.

"The landscape is continually changing," he said.

Sargent agreed that her ideal candidate must bring excitement to the role, adding that she also likes to see an ability to learn teamwork.