All modern IT administrators are focused on the importance of cybersecurity. For businesses, ensuring the integrity of networks and protecting business data is a top priority. But in the public sector all is not good. Government entities rely heavily on computing but there isn’t enough talent available to properly secure public computer systems.
The US Department of Homeland Security recently voiced deep concerns about the shortage of cybersecurity talent and the problems this will present for both the governmental and public sectors if it persists. Every day that this situation continues is potentially one day closer to a major event that will be hugely disruptive. In this blogpost we’ll look at this apparent lack of cybersecurity talent and what’s needed to safeguard our nation’s IT infrastructure.
The DHS Position
Keeping Americans and American-owned business safe at home is what the DHS does. Currently, AI-fueled systems are the frontline defense for public computer networks, but these need human IT experts to work optimally. The Assistant Director of the Cyber Security and Infrastructure Security Agency (CISA), is Jeanette Manfra. She’s spoken out strongly on what the consequences of the talent shortage. She says ‘It’s a national security risk that we don’t have the talent…We have a massive shortage that is expected to grow larger’.
The Skills Gap
The basic issue is that demand for cybersecurity professionals is higher than ever. Any shortage presents a problem, and the worse it is, the greater the threats. The Center for Cyber Safety and Education has provided some figures, and they’re alarming. They say that there are more than 1.5 million cybersecurity jobs that can’t be filled and that by 2021 this number will swell to 1.8 million. The effects are already evident – in both the public and private sectors there have been a number of serious data breaches.
Why is there a Shortage?
There’s one obvious way to explain the cybersecurity talent shortage. Demand outstrips supply, so cybersecurity professionals can pick and choose where they work – and private companies pay better. This is definitely a factor, but it actually doesn’t explain the situation. Actually, it’s all about incentives. In other words, it’s really about the nature of the job.
Think about it. It’s not a job many people want. It’s a bit like being a police officer or a garbage collector. It’s a thankless and unglamorous job, but absolutely essential to keep everything in order. It’s also a high stress job and no-one gets recognition for doing it well. It’s only when things go wrong, when the cybersecurity expert can be recognized for all the wrong reasons. It’s not a great incentive to do this kind of work, is it?
Shrinking Educational Opportunities
Here’s the irony: cybercrime costs us trillions of dollars per year. At the same time, training opportunities for cybersecurity experts are being reduced. It used to be that for-profit colleges were the main providers of IT training, but they’ve recently been closed.
Millions of ethical hackers have stepped into the training gap, working as consultants and constantly checking systems for security vulnerabilities that cybercriminals can exploit. They create free coursework and there are organizations now that make it widely available. They provide tools like Hacker 101, Cyber Aces, Google Gruyere, among others. What they do is teach people how to hack – but with the best intentions. They are part of active efforts by cybersecurity companies to recruit a new wave of talent and promote cybersecurity expertise.
There are other initiatives too. Jeanette Manfra has spoken about how CISA is developing curricula to target learners at grade and secondary school level. There’s also a new focus that borrows from the way big tech operates, which is designed to promote recruitment and maximize retention. That addresses the problem mentioned above – the lack of incentives to specialize in the field of cybersecurity.
Another way to provide incentives is through government subsidies for training costs. Manfra sees this as a way forward, with funding for training provided for people who are willing to spend some time working in the public sector – even if they move on to work in the private sector later on. There’s another bonus to this plan, which is breaking down the public : private divide. As Manfra says, it would allow CISA to ‘build a community of people with shared experience’. With such a community, costs would eventually stabilize, with benefits business – and ultimately everyone.
One thing’s for sure: cybercrime is here to stay. Making sure that your own networks and IT infrastructure are properly maintained, monitored and secured is essential. So is staff training, so employees can protect the digital assets that your business relies on. Come back to our blog for great tips and updates on meeting your cybersecurity needs.