Closing the federal cyber skills gap is undoubtedly one of government’s most pressing issues. With attackers becoming smarter, faster and more powerful, agencies need the best and most creative cyber analysts to defend the networks and endpoints that process and store some of the world’s most sensitive data.
A recent study revealed that 74% of organizations said they were affected by the worsening effects of the skills gap. Beyond that, most cybersecurity managers surveyed admitted they have fallen behind in providing training to their security teams. This problem is not limited to the private sector.
Federal agencies are struggling to keep up with a flood of new types of attacks, especially as the majority of the government’s workforce continues to telework. And often the federal government serves as the “farm team” where newly trained employees enter the cybersecurity workforce, spend a few years supporting their agency, then migrate to the private sector. There have been splintered and siloed efforts to deal with these challenges, but not a comprehensive effort to address them.
Building A Holistic Approach
Closing the skills gap will take an integrated, public-private, whole-of-nation approach that starts in primary school and extends through upskilling current employees and reskilling those interested in joining the cybersecurity workforce. It covers a diverse set of both technical and non-technical skills and providing enough talent to close the 3- million-person-plus cybersecurity shortfall won’t be easy.
In fact, it will take collaboration among stakeholders — from employers, educators, government and industry — to create adequate opportunities and fill this pipeline.
- Rethink Hiring – Cyber leaders must change their hiring approach. Prioritizing diversity in race, gender, age, and, crucially, life experiences, allows for a diversity of perspectives that are essential in this field. My colleague Fortinet Chief Information Security Officer Phil Quade recently put it this way: “A vibrant cybersecurity workforce fuels our nation’s innovation and growth, bolsters our critical infrastructures and safeguards government services.” Analysts from diverse backgrounds — for example, those who studied social sciences rather than computer science — bring immense value to security teams through differing perspectives. Veterans are another underutilized group. Former service members have a strong work ethic, attention to detail and are successful in fast-paced, high-stress environments — all skills needed in the next generation of cyber defenders.
- Make Connections, Maximize Value – Every organization involved in cyber training and hiring needs to understand the important role it plays. From those offering training programs to the businesses and agencies who are looking for talent and every step in between, stakeholders should offer support and guidance through each stage of the process. By understanding the hiring and talent development ecosystem as a whole, each organization can make the most of its role in the pipeline.
- Give Everyone a Fair Shot – It’s essential to provide free or low-cost training for those who can’t afford a traditional cyber education. Not all cybersecurity jobs are technical, and not all require four-year college degrees. We cannot meaningfully leverage the diversity of talent and potential in the U.S. if accessibility to cyber training is limited to those who can afford it or who can take the time to go through formal academic training. Beyond that, free and low-cost training can be the gateway for someone on the fence about a career in cybersecurity. Lowering or eliminating the financial barrier to entry is essential to building the cyber workforce we need.
- Start Cyber Education Early – A practical understanding of the basics of cybersecurity should be introduced to students as early as possible. If cyber hygiene is treated as a foundational part of our everyday lives, then the children of today will grow up thinking of cybersecurity the same way we think of wearing seatbelts or locking our front door.
Closing the cyber skills gap will not be simple or easy. It will take a comprehensive, holistic plan that stretches into every sector and every industry because bolstering the cyber workforce means more than just hiring analysts. It means diversifying the types of talent and socializing cybersecurity as a career as early as possible. It means connecting every organization and agency to better define their roles in the process. And it means rethinking everything we know about what it takes to defend against the next generation of attackers.
Jim Richberg is public sector field CISO at Fortinet. He formerly served as the National Intelligence Manager for Cyber in the Office of the Director of National Intelligence, where he set national cyber intelligence priorities.
This article was originally published on June 7, 2021.