Demand for skilled professionals currently outweighs supply and the growing sophistication of cyber adversaries coupled with our progressively inter-networked enterprises will cause demand to continue to increase. Effective technology solutions are needed to protect infrastructure and automation can help humans to do what they do best: analyze, understand, anticipate and respond to security incidents. But technology is only a tool; security requires having the right people with the right capabilities on the job. Organizations must identify their cyber needs and locate the people with the right skills and qualities to meet them.
Getting in front of the cybersecurity talent shortage requires the full partnership of organizations across all sectors. Immediate and long-term steps that can be taken to build and grow the cybersecurity workforce include (but are not limited to):
Defining the Work and the Workforce
• Understanding the skills and traits required by the job (e.g., a combination of the required technical skills and knowledge and also traits like agility, innovation, and flexibility).
• Supporting a common nationwide knowledge of what cybersecurity work entails and a consistent language to describe the encompassing roles and knowledge requirements (e.g., the National Cybersecurity Workforce Framework).
• Ensuring human resource representatives and IT hiring and job managers understand and share the same framework of cybersecurity needs.
Growing the Pipeline
• Increasing the supply of cybersecurity talent through outreach and public partnerships and partnering across sectors to support programs in universities, high schools, and even earlier in the education process.
• Broadening the search beyond the normal recruiting environments (e.g., cyber competitions, universities offering cybersecurity degree programs).
• Developing new approaches to identifying available talent, including looking for it in non-traditional places and settings (e.g., events such as DEF CON, Black Hat briefings, smaller hackathons and meetups).
• Considering “out of box” questions and interviews that do not follow a standard format (e.g., engaging talent in simulations or presenting sample cybersecurity challenges).
Creating Unique Learning Opportunities
• Sharing resources within and between organizations; sharing information to support the anticipation of attacks rather than responding.
• Improving the quality of the cybersecurity workforce and developing leadership skills in capable workers; supporting it with the right technology.
Talent challenges will define the foreseeable future of the cyber community. Organizations that equip themselves to get ahead of these issues will position themselves for success. If we as nation can prioritize building a strong cyber talent base then our cybersecurity community will have a much better chance at reducing future threats.