November 10, 2017 | Written by: Dr. Shue-Jane Thompson and Ian Doyle
Categorized: U.S. federal government
We live in an era in which cyberattacks are increasing in speed and scale, and their effects are growing in severity, range and cost. The fear, uncertainty and real-life implications of these breaches are felt at the individual level – and, like all things of scale, there are macro-level impacts as well.
It is estimated that cybercrime costs the global economy $445 billion each year. At the same time, we face an expected shortage of cybersecurity professionals that Frost & Sullivan estimates could reach up to 1.8 million unfilled positions over the next few years because workers lack the skills to fill those jobs. In addition, only 11 percent of cyber professionals are female. Cybersecurity is not just computer science; it is a complex domain that requires skill sets including behavioral and social science.
To help close the talent availability gap, we must rethink our approach to how we hire, inspire, train and retain the cybersecurity professionals desperately needed to defend both the private and public sectors.
One way to help close the gap is to go beyond traditional degree-centric recruiting and rethink how we evaluate skill sets and qualification criteria for cybersecurity positions. In the digital era, a diverse set of skills and experiences is necessary to combat ever-evolving cyber threats.
We need people with hard skills in computer science who also understand business, political science, data analytics and law. We also need people with “soft” skills that can’t necessarily be taught in a classroom, but can be learned through hands-on experience, industry certification programs, self-education or innovative education models that are rapidly taking hold. These abilities include an understanding and appreciation of risks, a passion for problem-solving, investigative curiosity and strong ethics.
Recognizing the need to move beyond a singular focus on college degrees, IBM is championing the expansion of new collar jobs – career opportunities where having the right mix of in-demand skills, knowledge and willingness to learn matters more than having a specific degree.
By emphasizing skills over degrees, IBM is expanding access to fast-growing cybersecurity jobs for more Americans. Since 2015, new collar cyber security professionals have accounted for about 20 percent of all U.S. hiring in IBM’s security business.
Grooming future cybersecurity professionals
While expanding the aperture with respect to hiring, raising cyber emotional IQ (EQ) and modernizing education to build a pipeline of cybersecurity professionals are equally important. To increase the number of pathways for students and mid-career professionals to build both hard and soft skills in cybersecurity, IBM is advocating for several education policy reforms. These include:
- Modernizing the Perkins Career and Technical Education Act to better align classroom education with skills required for in-demand careers;
- Expanding programs like P-TECH, the six-year high school education model pioneered by IBM that combines classroom teaching with community college education and hands-on training to better prepare students for success in college or career;
- Reforming student loan policies to promote and allow federal education dollars to pay for cybersecurity technology skills and education training;
- Growing paid apprenticeships in technology – specifically in cybersecurity; and
- Using federal work study as an opportunity for students to grow career skills.
In addition to expanding access to non-traditional cybersecurity education pathways, IBM is working to increase interest in cybersecurity programs. In working with students at Bowie State University, we’ve found that students entering college already have a mindset of what career or industry they want to pursue and enter – meaning, we need to attract individuals to cybersecurity at the high school level and earlier. Internships, for example, can foster an early interest in cybersecurity as a dynamic and exciting field.
Under a strategic academic partnership, IBM also provides free access to its security products so that students can gain hands-on experience with the latest technology to position them for success in the cybersecurity workforce.
Retaining cybersecurity talent
Cybersecurity resources are hard to attract, owing to the high demand and complex skill requirements. Once we have recruited and trained the necessary talent to tackle cybersecurity threats, it’s equally important to retain them and continue developing their skills. Access to research and development resources, lab opportunities, comprehensive training programs and social networking help keep a talented cyber workforce engaged, innovation-driven and technologically enabled.
As the field continues to evolve, we also must continue investing in our cybersecurity professionals so that they can keep pace and, as much as possible, stay ahead of new/emerging threats. The cybersecurity discipline benefits from a melting pot of skill sets, and we would be remiss to silo them into operating on their own tracks. By bringing professionals with diverse talents together and cross-training them on an ongoing basis with complementary skill sets, we can boost job performance, enhance personal growth, and better serve our clients and their clients.
Call to action
As we observe October as National Cyber Security Awareness Month, we must commit to transforming our cyber workforces by rethinking how we evaluate cyber professionals’ credentials, how we nurture and enhance their talents, and how we retain and continue to evolve their skills and knowledge. To bridge the talent gap and address the widening skills gap, the public and private sectors should pledge to re-think cyber skills requirements, promote new collar cybersecurity strategies and expand opportunities across the hiring continuum. As well, we should collectively raise cyber EQ, foster interest, and champion cyber education to bolster our cybersecurity defenses.