Cyber attacks are increasing at an alarming rate, but the skills and quantity of cybersecurity professionals aren’t. That’s a big problem, according to U.S. officials.
At a hearing last week of the Research and Technology Subcommittee of the House Science, Space & Technology Committee, officials and industry experts said cybersecurity jobs aren’t being filled due to a lack of skills and inadequate education.
Chairwoman Haley Stevens (D-MI) in her opening statement commented on the lack of computer science education in K-12 and the low numbers of women and minorities in the industry.
“Part of the reason cybersecurity issues are so prevalent is that the demand for cybersecurity professionals far exceeds the supply of those individuals,” she said.
Stevens cited a study by Cyberseek — funded by the National Initiative for Cybersecurity Education (NICE) — that suggests there are over 500,000 job openings in the U.S.
“That means nearly one in three cybersecurity jobs goes unfilled,” she said.
— Rep. Haley Stevens (@RepHaleyStevens) February 12, 2020
Globally, the numbers tell a more dire story.
According to (ISC)2, the world’s largest nonprofit association of cybersecurity professionals, the current cybersecurity workforce of about 2.8 million needs to more than double, as the global gap is about 4 million.
The association said in November that the U.S. cybersecurity workforce was at 804,700, but still 500,000 professionals short.
This should be troubling information for all managed service providers and device makers as there are expected to be more than 34 billion connected devices by 2025, giving hackers and data thieves an even bigger target.
IBM is working to tackle that issue, including with programs designed to target new workers without college degrees. The company partners with more than 200 educational institutions to bring cybersecurity education to the next generation of workers, said Sonya Miller, the company’s human resources director for enterprise and technology security.
IBM also offers an apprenticeship program where young workers can learn the skills they’ll need without the burden of student loan debt.
That seems to be working, Miller said.
“Nearly 20% of our security hires since 2015 were new collar workers,” she said.
“By not tapping into underutilized sources of talent across the country and supporting and nurturing it, we are doing a disservice to everyone and not securing ourselves as well as we could.” – Ms. Sonya Miller of @IBM
— Science Committee (@HouseScience) February 11, 2020
Chairwoman Stevens said there should be other pathways to a cybersecurity career, and NICE Director Rodney Petersen agreed. NICE, part of the National Institute of Standards and Technology (NIST), already offers support and programs between government, educators and the private sector.
Peterson said the organization is embarking on a new five-year strategic plan that will work to enhance cybersecurity career discovery, transform the learning process and modernize talent acquisition in the field.
One way to modernize talent acquisition is hands-on learning experiences, said Joseph Sawasky, president and CEO of Michigan-based Merit Network, Inc.
The company has developed a cybersecurity practicum called the Michigan Cyber Range that features a simulated city where cybersecurity leaners can test their skills against a cyber attack.
However, finding qualified cybersecurity teachers and trainers is equally as hard as finding rank-and-file workers, Sawasky said.
“Many organizations are only one cybersecurity position away from a major disaster,” he said. “It’s essential that we all work together to develop and grow this now critical part of the U.S. workforce.”