By Dr. Darren Death, Vice President of Information Security, Chief Information Security Officer, ASRC Federal
With today’s security gap and current landscape, the necessity of organized, cohesive, and sufficiently staffed cybersecurity teams cannot be emphasized enough. The availability of potential cybersecurity workforce personnel isn’t keeping pace with the demand, and many experts blame it on the lack of interest in cyber education. An (ISC)2 workforce study conducted annually to assess the size of the current cybersecurity workforce and the existing talent shortage found that there is still a need for more than 3.4 million security professionals, an increase of over 26% from 2021’s numbers. Why is this critically important? Because the best cybersecurity programs start with people, not technology. Sophisticated tools used in a vacuum will not create a resilient cyber architecture.
Our federal government has recognized this gap, and since the Executive Order in 2021, it has taken steps to prioritize our nation’s infrastructure and the workforce that protects it. This year has seen a sudden influx in cybersecurity strategic guidance, with the Administration releasing its National Cybersecurity Strategy and National Cybersecurity Strategy Implementation Plan and the DOD releasing its cyber workforce strategy all within five months of each other. The acceleration of policies and implementation plans comes at a crucial time when the U.S. needs to better establish and sustain its cyber, intelligence, and IT workforce. The threat landscape is quickly evolving with more complex cyber-attacks like the ones we have seen at SolarWinds and Log4J.
These numerous initiatives are setting the right path to providing government agencies with the guidance to efficiently address ongoing cyber workforce needs. Still, they must understand it will take time and require partners to help achieve their security workforce goals. We can do more at the contractor level to accelerate cyber education and workforce development. Singled out by the DoD Cyber Workforce Qualification Program, private companies, academic organizations, and nonprofits have an opportunity to guide the success of our future workforce and training from the start of education.
Commercial companies and government contractors are uniquely positioned to help build our cyber talent pipeline, and I understand that it is overwhelming to identify where to start. As in all public and private sector enterprises, we are on one team when it comes to defending our national security, starting with our people. As part of my LinkedIn series, I will focus my second article on how industry and the public sector can jointly attract and retain our cyber workforce.
In alignment with recent cyber and workforce policies, enterprises can take the following steps to build our cyber workforce:
Lean on Education Through Fellowships and Internships
Enterprises have committed to hiring and educating a diverse workforce, and a great tactic to start is providing hands-on experience. Companies can provide students with internship and apprenticeship opportunities that allow them to gain practical experience in real-world cybersecurity settings. Not only does this enable organizations to identify and hire top talent quickly, internships assist students in bridging the gap between theory and practice.
Creating clear pathways for students and working professionals is critical for individuals to be successful in entering the cybersecurity industry and envisioning their careers. Organizations can develop programs that encourage professional development and upskilling. Offering advanced training and certification programs will improve employees’ current skills, satisfaction, and confidence in their positions.
Build the Pipeline Through Third Party Organizations and Higher Education Institutions
Universities, colleges, and nonprofits are hubs of talent and innovation. These accredited organizations generate graduates with the skills and knowledge to meet the growing demand for cybersecurity professionals. These partnerships will allow companies and the government to tap into a pool of cybersecurity candidates.
A great example is the ACT-IAC Cybersecurity Community of Interest, where we partner with educational institutions to support student learning. In this partnership, we work with academic institutions to bring problems facing the government and contracting community. This relationship allows students access to real-world problems while furthering research on important topics for the government.
By cultivating these relationships, enterprises can also help increase the opportunities for students and underrepresented communities to gain the experience and resources they need to learn and connect them to companies. When we take these steps to recruit talent through third parties, we widen the lens for potential talent and make cybersecurity job positions more accessible.
Cybersecurity roles are in demand, and organizations have heavily relied on salaries to attract and retain talent. As needs have quickly grown, enterprises in the private and public sectors are balancing resources and competing for talent. During this year’s DAFITC conference, U.S. Air Force CIO, Venic Goowine, stated that bringing civilians into the DOD’s Cyber Excepted Service program with competitive salaries is key to closing the skills gap. Cyber professionals are well compensated in the private sector, but this level of compensation should translate in the public sector.
While this problem cannot be solved overnight, organizations can take the first step in conducting a serious compensation review and work to meet the demands of the talent marketplace. As salary or job title are top factors in positions, evaluating benefits and workplace flexibility are also key drivers in attracting the best applicants.
The evolving cyber field faces challenges daily, and our current skills shortage requires an immediate solution. Our industry and government leaders take this need seriously, but we can work together to attract and retain talent better. Building a better workforce can influence the passion for cybersecurity and establish rewarding careers. With increased availability and access to skilled cyber professionals, organizations can better strengthen their security posture and proactively work to identify and mitigate technical and programmatic/mission risks.