Interview with Pavlina Desheva and Bilyana Slaveykova of DOGLAR
The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations.
Conventional education and policies can’t meet demand. New solutions are needed to build the cybersecurity workforce necessary in a networked world. The deficit of cybersecurity talent is a challenge for every industry sector. The lack of trained personnel exacerbates the already difficult task of managing cybersecurity risks.
The digital transformation is unstoppable.
Today, several factors are influencing the demand for digital talent. First, there's a sharpening focus on the customer experience across industries, because customers are expecting high-grade technology support from all organizations they do business with — not only in online shopping. The nature of interactions between organizations and their customers is evolving rapidly, and that evolution will likely continue to shape the demand for labor. There's also increased attention to data mining. Employers are mining data generated both internally and externally to learn how best to design products and reach customers. So the demand for modelers with quantitative and digital technology skills is on the rise. And there's a larger premium on security. Whether it's called cyber-security, data security or technology security, innovative employees who know how to protect digital information are in demand in both the private and public sectors. And that demand will continue to increase. It’s no surprise then that technology talent at every level is in high demand.
Gartner predicted 4.4 million jobs would be created around big data and 25% of companies would have Chief Digital Officers (CDO) by 2015. Skill acquisition and development are essential for the performance and modernisation of labour markets in order to provide new forms of flexibility and security for job seekers, employees, and employers alike. Skills mismatches hinder productivity and growth and affect countries’ resilience to economic shocks. The digital transformation of the economy is re-shaping the way people work and do business. Many sectors are undergoing rapid technological change and digital skills are needed for all jobs, from the simplest to the most complex.
Cybersecurity is one of the most serious economic and national security challenges a nation faces nowadays.
As stories in the news of digital attacks against individuals and companies are becoming a common reality, the high demand globally for cybersecurity professionals keeps growing as the threat increases. Raytheon and the National Cyber Security Alliance (NCSA) commissioned Securing Our Future: Closing the Cyber Talent Gap, a survey to understand the career interests and educational preparedness of millennials (ages 18 to 26) in 12 countries around the world. Results from this year’s survey indicate that millennials aren’t acutely aware of cybersecurity job opportunities but they are generally interested. There is also a gap within the gap, with females less interested and informed about careers in cybersecurity than their male counterparts. Only 11% of the world’s information security workforce are women, according to the Women’s Society of Cyberjutsu (WSC) — a non-profit passionate about helping and empowering women to succeed in the cybersecurity field. The small representation of women in cyber is a big opportunity for them to enter a field with a severe labor shortage.
In the face of this ever-growing threat, the 2015 Global Cyber security Status Report by ISACA found that 87 per cent of organisations worldwide and IT professionals believe there is a shortage of cyber security professionals, and furthermore, only 34 per cent of these professionals believe they are prepared for a cyberattack.
A major reason for the shortage of people pursuing a career in cyber security is a simple lack of awareness, partly caused by the absence of appropriate education in universities, making it difficult for young people to see cyber security as an accessible career. Perhaps the most important step in solving the cybersecurity profession talent gap is making millennials aware of the issue and the opportunities available to them in this growing career field. Many simply do not know that the career field is an option. Globally 62 percent say no teacher, guidance counselor or supervisory adult ever mentioned the career field to them, and it becomes clear why young adults are not considering cybersecurity careers. This could be changed by partnerships with cybersecurity companies who could be enticed to offer students real-world case studies in return for the chance to meet new and emerging talent. With hard work and commitment to new talent, we will hopefully be able to nurture the innovative minds of a generation immersed in technology to protect against the growing threat from cybercriminals.
A robust security strategy requires a skilled workforce.
Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called Hacking the Skills Shortage. The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel. Given that the global cybersecurity workforce shortage is expected to reach 1.5 million by 2019, private- and public-sector officials are increasingly under pressure to find candidates with cybersecurity skills. “Cybercrime fueled a cybersecurity market explosion over the past five years, leading to one million cybersecurity job openings entering 2016. All signs point towards a prolonged cybersecurity workforce shortage through at least 2021” says Steve Morgan, founder and CEO at Cybersecurity Ventures. Respondents surveyed estimate an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020. With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. The lack of security talent is both dangerous and expensive, especially as businesses face growing threats from external internet cyberattacks. In an era when cybercrime has become a significant global threat, cybersecurity has evolved from a strictly technological challenge to a vital problem that people from diverse sectors must tackle. Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent. The challenge in finding skilled professionals can also be partially attributed to a lack of adequate training.
What should be done?
Closing the gap in cybersecurity skills requires countries to develop critical technical skills, cultivate a larger and more diverse workforce, and reform education and training programs to include more hands-on learning. Simply put, most educational institutions do not prepare students for a career in cybersecurity. Research suggests that cybersecurity education should start at an early age, target a more diverse range of students, and provide hands-on experiences and training. Countries can change this shortfall in critical cybersecurity skills by increasing government expenditure on education, promoting gaming and technology exercises, and pushing for more cybersecurity programs in higher education.
National hacking competitions provide an effective channel to identify talent and develop cybersecurity skills. Universities should seek greater relevance in this field by adding cybersecurity courses and working with industry and government to tailor curriculum. Traditional academic institutions are the primary source of initial education and training for cybersecurity professionals, but non-traditional methods may be a better way to acquire and grow cybersecurity skills. Incorporating practical learning into academic programs would better prepare cybersecurity professionals for the real world. Programs should focus on hands-on learning in the form of labs and classroom exercises to provide people with robust and practical skills in this field. Increasing the diversity of the cybersecurity workforce will also expand the talent pool. In addition, governments should consider creative ways to partner with the private sector to enhance training opportunities for students. Examples of such programs include private sector internships and co-ops for university students.
Numbers from this year’s survey indicate that millennials aren’t acutely aware of cybersecurity job opportunities but they are generally interested.
Perhaps the most important step in solving the cybersecurity profession talent gap is making millennials aware of the issue and the opportunities available to them in this growing career field. Many simply do not know that the career field is an option. Globally, 62% of the interviewed indicate that no teacher or guidance or career counselor ever mentioned the idea of a career in cybersecurity. In addition, seventy-nine percent of millennials say they have never spoken to a practicing cybersecurity professional or are unsure if they have. This lack of personal interaction with professionals also affects how much millennials know about the types of work involved in the field. The survey has shown that millennials would likely pursue a cybersecurity career if they are aware of what the job entails. This leads to the question: How do we engage millennials so a career in cybersecurity isn’t a foreign concept to them? Results from the survey indicate several ways that millennials can be engaged. Thirty-eight percent of millennials would like more information on what a cybersecurity career entails. Taking advantage of existing cybersecurity professionals through mentoring programs or simple career conversations with millennials can make a big impact.
In addition, there is a considerable gender gap between men and women and their feelings or history with cybersecurity-related issues.
According to a number of studies and interviews with employers and educators, women and minorities are underrepresented in this field. Workforce enhancement efforts should aim to create a broader pool of cybersecurity talent. When working on solutions to close the talent gap, extra steps should be taken to ensure these solutions and answers to the problem reach all millennials, regardless of gender. As shown, millennials are not receiving information about the cybersecurity profession, but the problem is even worse for females. Compared with men, 9 percent more females reported that no high school or secondary teacher or counselor had discussed cybersecurity careers as an option with them. Young men are more likely than young women to consider cybersecurity careers. Globally, men are more likely (33 percent) than women (24 percent) to consider a career where they could make the Internet more secure.
The private sector, government and educational institutions also need to work together to help inspire our next generation of innovators and cybersecurity defenders.
We’ll need millennials’ talent to protect data and devices as the world becomes increasingly connected. To prevent a worst-case scenario—technological change accompanied by talent shortages, mass unemployment and growing inequality—reskilling and upskilling of today’s workers will be critical. Apart from reform in basic education, it is simply not possible to weather the current technological revolution by waiting for the next generation’s workforce to become better prepared. Instead it is critical that businesses take an active role in supporting their current workforces through re-training, that individuals take a proactive approach to their own lifelong learning and that governments create the enabling environment, rapidly and creatively, to assist these efforts. In particular, business collaboration within industries to create larger pools of skilled talent will become indispensable, as will multi-sector skilling partnerships that leverage the very same collaborative models that underpin many of the technology-driven business changes underway today. This multifaceted approach of active collaboration between business sectors, the government and education system is required if millennials and future generations are to become the sharp, aware and talented cyber defenders our societies need.
A secure cybersecurity environment requires a robust workforce, yet currently there are not enough cybersecurity professionals to adequately defend computer networks.
Countries and companies have to act quickly to fix this problem by facilitating the entry of more people into this profession through improvements in education, workforce diversity and training opportunities. These concurrent efforts are vital to creating a more secure network environment. Developing a strong cybersecurity workforce is also critical to ensure global economic and security stability. With online breaches and attacks trending in today’s headlines, there is a golden opportunity for industry and educators to mention cybersecurity careers and generate more interest with millennials and younger generations. Educators and current cybersecurity professionals need to collaborate to develop courses, provide information about cybersecurity job responsibilities, ensure both genders are being informed, and offer mentoring and job shadowing. Millennials and the future generations would be more interested in cybersecurity professions if they had information about the many career paths and the required training.