In
an Industry Faced with a Talent Shortage
Your Skills Gap Decade
Year 2021 left you a
skills gap decade with no one reason behind it. Globally, cybercriminals have instigated lost billions through state-sponsored hacking groups.
In 2010, the
Center of Strategic and International Studies (CSIS) deemed the U.S.
lacks cybersecurity experts. Across society, business and government.
By 2016, researchers agreed on a worldwide
gap. In a 2020’s
Coronavirus environment, remote work is extending beyond 2021.
Year 2022’s global cybersecurity workforces—industry labor pools—need 1.8 million hi-techprofessionals to operate and support
deployed systems.
Cybersecurity talent crunch has created 3.5 million unfilled
Jobs globally by 2021. In
this decade, how will you cope in a public-private, cross-sector, cybersecurity
organization?
Managing Maturity Security Levels
Private-sector security
regulations determine business’ security-level adjustments. While public regulatoryagenciesmediate
security, to amend information.
Both sectors
should maintain state-of-the-art malware status monitoring, to span current skills gaps across government, industry and academia.
In those
situations a Chief Information Security Officer (CISO) can act as a business enabler. To amplify security in the
evolving situation; get to its roots.
The Roots of Cybersecurity Skills Gaps
Increasing demand for skills is outpacing supply growth
The above sectors’ demand for skills
triples IT jobs. Each sector needs more
workforce practitioners; competition
between public and private sectors is inadequate. Demand and supply of
candidates are seldom in parallel pipeline-supply.
We’re allowing
untapped pools of skilled candidates
Available women comprise 43% of full-time labor,
approximating 20% of all cybersecurity work. Ten million returning
armed-forces, often pre-security-cleared, is a next robust resource. Geographic
“tech hubs,” normally
bachelor-degree level—as
with “mid-tech” or “new collar” jobs outside
traditional coastal hubs.
Complex employer requirements entail 50%
unqualified applicants
Top
certifications comprise five years’ experience: engineers; scientists; developers;
operators; defenders. Hybrid trades, seldom posted, work among unclear roles.
General populations unaware of
cybersecurity opportunity
Outreach is scant due to scattered
populations, while wide-open cyber career spheres await.
However…Several diversity-focused organizations and
students have emerged. Like CyberSeek‘s interactive talent maps showing graphically
supply and demand. You drill through private, public and other sectors’ data,
across all states and metro areas:
These roots also need security
fundamentals to further aid skills-gap needs.
Mastering
Cybersecurity Fundamentals
Employers
see graduates lacking cybersecurity foundations—concerning specific knowledge
sets and skills essential to employees.
These
arenas are vital technical work roles:
· understanding
computer architecture, data, cryptography, networking, secure coding principles
and operating system internals;
· proficiency
with Linux-based systems;
· fluency in
low-level programming languages;
· know common
exploitation methods and mitigation techniques;
providing shared
baseline skill sets, building specific knowledge necessary to meet employer
workforce necessities.
This
means you’ve got to build relationships with local educators. Hire
cybersecurity applicants with nontraditional backgrounds. Organizations should
consider establishing internal retraining programs, to draw from existing
talent pools
These platforms undergird all sectors.
The Greatest Needs
As an
emerging professional you need deep
technical training, to scrutinize these four fundamental cores:
· secure system design — developing infrastructure;
· incident response — managing an IT aftermath;
· tool development — implement secure configurations;
· penetration testing — simulated
cyber-attacks;
to
embody an organization’s cybersecurity system.
This short-list and best-practices can link to
public and private sectors, catalyzing high-skilled technical training programs. As of 2020, security education offered few programs.
Fortunately,
several programs are building robust pipelines for
cyber capacity.
Productive/Successful Programs
Most-Robust Pipelines
The
annual U.S. Homeland Security Cyber Challenge (USCC)
fulfills its ranks seeking the best 10 thousand U.S. networks.
Its
two complementary initiatives are the Cyber Quests online challenge series, and week-long
Cyber Camp programs for aspiring cyber professionals.
· NICCS Partners
The National
Initiative for Cybersecurity Careers Studies, in NICCS’ NICE Framework, leads cybersecurity training and workforce development.
This cybersecurity career path can be elusive; its groups and specialty areas:
·
high-level grouping of common cybersecurity functions;
·
distinct areas of cybersecurity work;
·
detailed groupings of cybersecurity work comprised of
specific knowledge,
skills and abilities;
and a backlog
to come from audiences listed in NICCS.
The National Centers of Academic Excellence in
Cybersecurity (NCAE-C) needs further
cybersecurity education, to protect critical infrastructure. This workforce
needs support through these essential skills.
The
Workforce Framework for Cybersecurity (NICE Framework) is Cyber Operations (CAE-CO) via inter-disciplinary computer science, computer
engineering, and/or electrical engineering disciplines. NICE should gather
educators, employers and cybersecurity competition providers.
Major sponsors are: CIS; CISQ; MacAfee; Google; Verizon; Deloitte; Dell-Technologies; GDIT; Trustwave; Microsoft and others.
· The
National Institute of Standards and Technology (NIST)
Apprenticeships
in cybersecurity for various stakeholders (government, employers,
intermediaries, educational partners) to build and sustain cybersecurity:
· apprenticeships in
cybersecurity-related occupations;
·
analysis
of work-enhanced learning models;
·
return
on investment;
·
apprenticeship
in ecosystem integration & scaling;
with
more approaches to create cybersecurity professionals.
New
standards emphasize instruction for computing fundamentals, engaging hands-on learning.
You and colleagues can
adopt or adapt programs.
For
NIST
Managers
NIST’s small-owner resources should convey the business
value of strong cybersecurity. As with:
· communicating about cybersecurity;
· making a board-level business-case for
effective guidelines in cybersecurity matters;
· reviewing the workforce management guidebook “Cybersecurity is Everyone’s Job;”
· the NICE working group workforce management subgroup.
NSA, DHS
and the
National Centers of Academic Excellence in Cyber Defense (CAE-CD) program is focusing on infrastructure
vulnerability. They’re pushing standards to emphasize
computing fundamentals, through a two-year education in relationships with
local educators.
NIST’s cybersecurity competition
providers work towards standardizing performance measurements.
At the same time
NIST is providing K-12 resources.
Think-Tank
Perspectives
· urgency to treat cybersecurity as a business
decision;
· while cybersecurity growth spend is slowing;
· projecting to decline to only 7% by 2023;
this
perspective tells once there was a single cybersecurity career. While now more
than 900 different cyber career profiles.
Aspen’s
principles propose pipelines, to expand and sustain the
U.S. cybersecurity labor force. Through emerging technologies, as with the
Internet of Things (IoT).
These
simplified models, with transparency, can leverage the NICE Cybersecurity Workforce Framework:
·
adjacent
technical professional skills for hiring and training;
·
launching
apprenticeship programs to train candidate pipelines at scale;
·
maximizing your
impact by partnering focus on scale;
as a major boon in training.
IBM’s CEO Ginni Rometty sees
skill-gaps through widening spaces, to extend corresponding new collars:
· community colleges;
· bootcamps;
· on-the-job learning;
· apprenticeships;
particularly
in reducing four-year degrees.
New diverse
teams can tidy-up complex challenges.
Cybersecurity Training and Skills Growth
Cybersecurity Training
In large organizations, cybersecurity training
typically involves a Board of Trustees to invest in
cybersecurity training. Growth in 2021 is in strong demand, escalating 13% from
2016 to 2026 – roughly 600 thousand new jobs.
Current circumstances
can put you in a professional or non-technical background, without a cybersecurity
or computer science degree. Often virtual training online is free, as with Cybrary and CISA resources.
Pre-med, psychology,
auto-mechanics, artists and stay-at-home moms are in cybersecurity. Surrounding
cybersecurity skills are also needed: privacy; security awareness; training;
governance; security communications; cyber law, ethics and others.
If you’re in
an organization, you can put
together cyber security training tips, as with AISN’s risk management and managed services.
Cybersecurity Skills
In a
small organization you may be techie or not. If not a techie, you can
guesstimate steps such as: Detection and Identification; Containment; Remediation;
Recovery; Assessment. Your colleagues can assess which of the five while you keep a
“security first” mindset.
The ultimate skills-gap
resolution is that of the global cybersecurity skills shortage.
Our U.S. scope here is regional and national. The national big-picture remains an inadequate pool of
skilled candidates, untapped; remaining gaps exist in the nation’s current
cybersecurity education and training landscape.
Widening
Cybersecurity Skills Pipelines
In 2021, over 4 million
cybersecurity jobs will be unfilled globally, analysts estimate.
To tighten ongoing gaps, several ‘new
collar’ roles are lengthening and widening cybersecurity pipelines:
· require a four-year degree and/or completed
high school;
· associate’s degrees;
· Cyber Challenge (USCC);
· more diverse and inclusive candidates;
· don’t require a four-year degree;
· completed high school;
· participants age 25+, completed high
school, no college;
· require some level of knowledge or
skill;
· 73 million potential candidates able
to apply to cybersecurity jobs;
Progressively,
more pipelines have the opportunity to proliferate.
Here
we’re seeing the tendrils of a cybersecurity workforce, attaining industrial
levels.
The
Future Cybersecurity Workforce
While keeping to the four fundamental cores:
· secure system design;
· incident response;
· tool development;
· penetration testing.
Automation, the next
frontier in cybersecurity: “the only way to deal with cybersecurity skills shortage.” For all
workflows, eliminating uncertainty at all steps “100% confidence in the tools.”
And the promise of future machine-speed security.
The Takeaway
·
Your
Skills Gap Decade: You’ll need to cope in a public-private, cross-sector,
cybersecurity organization
·
Managing
Maturity Security Levels: In Private-sector security regulations, you may need
a Chief
Information Security Officer (CISO).
·
The
Roots of Cybersecurity Skills Gaps: Increasing demand for skills is outpacing
supply growth.
· Mastering
Cybersecurity Fundamentals: You’ve got to build relationships with local and
regional educators.
· The Greatest
Needs: More programs are building robust pipelines.
· Productive
Programs: Via NICCS Partners and the National Institute of Standards and
Technology (NIST); an early pipeline.
· For NIST Managers: NIST’s
cybersecurity competition
providers work towards standardizing.
· Think-Tank
Perspectives: Gartner’s early research on security and risk management; Aspen pushing early for pipelines; IBM urging
most re: new collars.
·
Cybersecurity Training and Skills Growth: remaining gaps exist in the nation’s
current cybersecurity education and training landscape.