Modern field guide to security and privacy

What cybersecurity leaders say we can do now to advance the cybersecurity workforce

The cybersecurity talent shortage is no secret. Here are ways experts are working to fix it.

|
Nathan Mitchell Photography
Diane Miller, Director of Global Cyber Education & the Workforce Development Program at Northrop Grumman, addresses the cyber workforce shortage at an event in Washington.

It’s a dream scenario for any senior cybersecurity leader: given $100 million tomorrow, what would you do? 

Air Force Major General Christopher Weggeman didn’t hesitate.

Asked how he’d spend a sudden surge of new funds, the Air Force’s cyber commander told the Billington Cybersecurity Conference in Washington, D.C. last week that his request would be clear and direct: new talent and new training.

“The thing I need the most in terms of capacity is trained, ready manpower,” Weggeman said. “I need a persistent training environment … And I think this is really, really important because it’s said [that] the most critical element in cybersecurity operations isn’t silicon or copper — it’s carbon. It’s manpower.”

But just as clearly as Weggeman targeted cyber talent as his main need, so too did many other Billington attendees point to the glaring deficiencies in cybersecurity talent and then clear paths forward to fixing them.

Admiral Michael Rogers, commander of US Cyber Command, offered up a major idea around helping build a more robust cybersecurity workforce: training that doesn’t take limited talent away from the mission for six months or more at a time.

Rogers called out new training capabilities among three game-changers he’s looking for to advance the government’s cybersecurity mission.

“What are the capabilities that industry can help us with that will help us ensure an adaptive, learning workforce over time?” he asked.

In the private sector, industry experts agreed that developing more talent will move more quickly when industry leaders work together.

“We saw the issue a long time ago, that the workforce shortage is going to be a challenge,” said Diane Miller, Director, Global Cyber Education & Workforce Development Programs, Northrop Grumman Corporation.

Investing in academia, sponsoring youth cybersecurity competitions, and building broad job development programs are all admissions from cybersecurity firms that “we are all in this situation together,” Miller said. “There is no point in all of us fishing from the same pond.”

But making sure the pool of people coming into the industry is as diverse as the nation is, is something that also desperately needs work.

An industry bearing only slightly more than single-digit percentages of women and minorities is “broken,” said Bernard Skoch, national commissioner of the CyberPatriot National Youth Cyber Defensecompetition.

“I am disturbed about the gender representation in cybersecurity. If you allow young women in high school to say ‘[Cybersecurity is] a guy thing,’ you’re broken. If you allow underrepresented minorities to say, ‘That’s not for me,’ that’s broken,” Skoch said. “The specific skill sets are important. What’s far more important is attracting the right population.”

The problem is partially one of numbers, Skoch and Miller agreed: you can’t leave more than 50 percent of the population out of the field and dream of having enough workers.

It’s also one of effectiveness, Miller said, where people from a wide array of backgrounds make for more clever and nuanced solutions to problems that teams from any one discipline may never consider. 

“Cyber problems are really complex. You’re not going to fix them alone in your basement on your computer: being able to fix them in a team is important,” Miller said. “A diversity of backgrounds, experiences … need to all come together and work together to resolve those kinds of problems. We cannot leave anyone behind.” 

The fix? Get to students before they leave elementary school, Skoch said, eliminating barriers to entry from social pressure or personal perception later on.

Diverse backgrounds beyond technological chops are particularly important, said Gregory Touhill, the retired Air Force general and former Department of Homeland Security official recently named the nation’s first-ever chief information security officer (CISO).

What do top-flight cybersecurity players need? Touhill listed five “existential activities” alongside technical excellence: Critical thinking, speaking foreign languages, talent in mathematics, communication skills, and training in logic and philosophy.

“The job you’re going to have five years from now hasn’t even been invented yet,” Touhill said, “It’s important for us to teach folks about the ‘why’ as it is to teach them about the ‘how.’” 

Another key part of helping close the nation’s talent gap: don’t forget your strengths.

Those in government and those that support the nation’s cyber defenders would be wise to remember their “special gem,” as Weggeman called it: the mission.

“We develop a workforce that is passionate about our mission and our mission is our customers. People who are interested in supporting global security challenges ... are attracted to business like ours,” Northrop Grumman’s Miller said.

Leveraging those passions, Miller continued, means giving talented people opportunities for internal advancement such as research, rotations into different missions and the ability to compete, if anonymously, in global competitions.

Giving the nation’s best and brightest a path to bigger and better things within the mission of the federal government, then, remains a powerful tool toward closing the cybersecurity talent gap — and toward better cybersecurity for all.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Find more about Northrop Grumman in cybersecurity here. Follow Northrop Grumman on Twitter @NorthropGrumman and follow Cyber Patriot @CyberPatriot.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to What cybersecurity leaders say we can do now to advance the cybersecurity workforce
Read this article in
https://www.csmonitor.com/World/Passcode/Security-culture/2016/0921/What-cybersecurity-leaders-say-we-can-do-now-to-advance-the-cybersecurity-workforce
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe