The good news is ISC2 – a cybersecurity industry group – has just released a new report that looks at some ways to overcome the gap.
Dan Waddell, Director of US government Affairs, ISC2, told Chris Dorobek on the DorobekINSIDER program that the security gap is not new to government – in fact, the problem has been around for decades.
The 2014 Cisco Annual Security Report estimated the worldwide shortage of skilled security professionals to approximate one million people. “That number really goes to show you the shortage that we currently have to help fill these gaps. What we found was a huge gap right now between education and the workforce,” said Waddell. “We really need to do a better job to help arm students as they come up through high school and college, so that they’re better prepared when they enter the workforce to actually go and execute and be a cyber professional.”
In 2007, US-CERT received almost 12,000 cyber incident reports. By 2009 that number had doubled, according to statistics from the Government Accountability Office. Three years later, the number of incidents had quadrupled. These days being hacked isn’t a question of if, but when, so the need for trained professionals is more important than ever before.
“Every time I look at my Twitter feed, I see a report of a new hack. But I think we can use these attacks to our advantage, because if you’re looking for a job, this is the go-to career – it has almost zero unemployment,” said Waddell. “If you need a stable career, a career as a cyber professional is incredibly hot.”
Waddell said currently there are three main gaps in cyber education:
- Competency Gap – Many cyber job applicants today lack the level of proficiency that companies need to have their cyber pros demonstrate.
- Professional Experience Gap – Applicants just don’t have the experience necessary to execute.
- Speed to Market Gap – The higher education curriculum is not being adjusted fast enough to insure an adequate pipeline of qualified individuals.
The report offers recommendations for getting past these gap areas. One example is to have students steer clear of clearances. “Agencies should decouple entry-level jobs from tasks that require a security clearance, as many applicants, such as non-U.S. citizens, may not be able to obtain a security,” said Waddell. “You can have entry level folks shadow other more senior employees to learn more before applying for the clearances.”
Another tip is to extend internships and fellowships. “The government needs to be better at creating working that is not sensitive for people to do to practice their skills,” said Waddell. “One of the challenges government agencies typically have is around pay. Government can’t pay the salaries of the private sector. But there are some other ways to combat that. Having a robust training program can also be that deciding factor that helps somebody decide to join the government versus the private sector.”
If agencies are able to emphasize training and the mission of government, they are more likely to attract career minded cyber professionals. “ISC2 has a program called Safe and Secure Online. There is a career day aspect to the program that helps get both students and teachers invested in cybersecurity jobs,” said Waddell. “Sometimes teachers don’t have the information they need to help, to give the students technology career direction. The program helps bridge that gap.”
He added, “Guidance counselors should not just push careers as just doctors and lawyers; they should also thinking about being tell their students to be a cyber pro.”