by Lynn Simons, Rachel Holz, Melonia da Gama, Gill Thomas and Sean Doyle*
It’s a bold statement to be sure: that by creating a sustainable pipeline of cybersecurity talent we might change the world. Yet, it’s one we should not hesitate to investigate as we watch cyber attacks grow at an exponential rate, threaten entire infrastructures, and put human wellbeing at risk.
It is not an exaggeration to say that our livelihoods today are more digital than ever. Our critical resources, including public services, healthcare, energy, and transportation are all online. And threat actors know this. Taking down a large supply chain or critical power grid can cause significantly more chaos than cyber attacks of the past.
Despite the headlines we’ve seen over the past two years indicating a dire need for better protection against these attacks, there is still a cybersecurity workforce gap of more than 2.72 million positions. While that number has been steadily decreasing year over year, it’s simply not enough. According to the 2021 (ISC)² Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.
But no one organization can close this gap alone. No single government can fix it. No standalone institution can train enough skilled professionals. Truly making a difference in deterring and mitigating cyber threats, and defending the bodies they threaten, will require active and ongoing participation and partnership between industries, academia, and governments, competitors or not.
We are at a precipice
As Sandra Wheatley Smerdon, Senior Vice President, Threat Intelligence, Marketing and Influencer Communications, Fortinet Inc. notes, "When someone considers a career in a ’helping’ profession, their thoughts naturally turn to doctors, nurses, teachers, and first responders like police officers or emergency medical technicians. These people devote their lives to helping to keep the world safe and healthy. And although a career in cybersecurity might not be the first job to come to mind, cybersecurity professionals protect the digital world from cybercrime much the same way that police officers protect neighbourhoods." As our mental and physical wellbeing depend more greatly on the digital world, cybersecurity professionals should be considered as essential as any other protector of our lives.
Across industries, we have made immense strides in digital innovation, including building internet access in remote areas, delivering much needed medical supplies via drones, or bringing quantum computing to the mainstream. We have built great technology that now underpins human progress across economies, society, health, humanitarian efforts, and of course business. Yet, training and hiring the talent to secure these innovations isn’t keeping pace. Without great talent, you can’t create, operate, or maintain great tech.
This is where our drive to innovate is failing us, where we are failing ourselves and leaving our most important resources vulnerable. Thankfully, closing the cybersecurity skills gap is a surmountable challenge. If we do it together.
Partners in sustainability
While there are many one-off solutions in the race to close the gap, doing so in a sustainable way requires a shift in mindset from simply hiring more people today to nurturing an entirely new pipeline of talent over the long term. While today, children may not be proclaiming the desire to be a cybersecurity professional when they grow up, who’s to say that couldn’t be on the horizon?
The first step to achieving this vision is connecting the dots between early STEM education, cybersecurity career training, hiring methods, and ongoing up- and re-skilling. This may include development of early cybersecurity education, non-profit workforce development organizations teaming with companies to fill open roles; local government programmes that provide youth with access to mentorships; or free ongoing education and certifications.
As part of that effort, Salesforce, Fortinet, the Global Cyber Alliance and the World Economic Forum have created the Cybersecurity Learning Hub, which provides free and career-oriented modules that give people a route towards these in-demand roles. Not only can programmes like this provide educational resources but doing so in a democratized way can help remove barriers of expense and open access to remote learners from across the globe.
Diversity is critical
What’s perhaps even more important than closing the cybersecurity skills gap is doing so in a more inclusive way. For instance, despite the decades-long push for more female-identifying people in tech, they still make up only 25% of today’s cybersecurity workforce. And the field is also predominantly Caucasian (72%) in North America and the UK. Yet, more diverse teams are likely to drive innovation and economic growth across the board while reflecting the diversity of audiences we are trying to reach.
The multidisciplinary nature of the cybersecurity field, which includes technology, finance, risk, legal, compliance, project management, training, and communications, should be embraced for its appeal to those with diverse skills, backgrounds, and experiences. Tapping into new sources of talent and welcoming non-traditional pathways to cybersecurity careers can lead to a more diverse talent pool, which can be further nurtured through on-the-job training, professional development and networks, micro-certifications and more.
While relevant technical skills and job experience will never be completely replaced, the most important qualifications for cybersecurity professionals include strong problem-solving abilities, curiosity and eagerness to learn, strong communication skills, and strategic thinking.
The veteran population, for instance, are often well versed in the leadership, teamwork, and strategic thinking skills integral to a successful cybersecurity career, and about 200,000 of them leave US military service and return to life as civilians every year. Clearing the networking and certification hurdles for this population to join the ranks of technology companies could make a notable difference in both the cybersecurity skills gap and veteran unemployment rates.
The time is now
There has never been a better time to create a new, more diverse cybersecurity talent pool, one that includes under-represented minorities, veteran populations, young women, and those in previously untapped geographic locations. The past two years and pandemic circumstances have already increased the number of remote workers and companies willing to hire from new areas.
The next step is to work together to fully embrace bringing free education and opportunities to a wider audience, opening doors to non-traditional applicants for exciting, impactful, stable, and well-paid roles in cybersecurity.
By coming together, we eliminate the closed loop of hiring and instead enable a new generation of learners with the education, training, and opportunities necessary to not only close the gap today but sustain pathways for ongoing generations of cybersecurity professionals to protect our most precious resources.
*Senior Director, Security Awareness & Engagement, Salesforce and Cybersecurity Lead, Salesforce & Director of Marketing, Fortinet Training Institute and Director of Engagement, Capacity & Resilience Program, Global Cyber Alliance and Lead, Centre for Cybersecurity, World Economic Forum
**first published: www.weforum.org
By: N. Peter Kramer
