In order to diversify, hire, train, and retain cyber talent, multi-sector partnerships as well as creative workforce programs will be critical components.
We can’t just think about the 500,000 positions that are currently vacant across the country when considering what we need to do to develop the proper people capabilities.” NAPA’s Forum on Expanding the Nation’s Cybersecurity Workforce featured a panel discussion led by National Cyber Director Chris Inglis. “We have to think about every person who is in cyberspace,” Inglis remarked. “How do we invest in the programs that develop their professional dimensions, so that they understand as much about cyberspace as they do about the environmental concerns of our society?” “How do we invest in the programs that develop their professional dimensions?”
Ms. Diana Burley, vice provost for research at American University and a nationally recognized expert in cyber workforce education, argued that educational institutions should establish a “base level of competence” in cyber to increase societal awareness and understanding, particularly as the cyber landscape continues its expansion.
As Burley put it, “Until we as a culture move beyond the assumption that [cyber] is a fundamental skill set that all of our students need in order to function as functional members of society — until we start compartmentalizing into different job categories — we’ll always be playing catch up.”
Professor Tony Coulson of California State University at San Bernardino’s Cybersecurity Center, as well as the director of the National Centers of Academic Excellence Community in Cybersecurity, said his team is working with the federal government to address challenges in the cyber workforce by focusing on alternative approaches to recruitment.
According to Coulson, “one thing that I’ve observed in all of the partnerships and in all of my years of working with government agencies… is this inherent desire to duplicate or over-analyze, where someone sees something and says to themselves, ‘We should do that, but let’s make it in our little silo or our little kingdom,'” he explained.
Coordination and collaboration have been hampered as a result of this strategy. Colleagues and institutions seeking to collaborate with the government, according to Coulson, should build new processes and programs for preparing the future cyber workforce. This endeavor also includes associations, non-profits, the commercial sector, training and certification organizations, and others in order to promote a national, coordinated approach to cyber training and certification.
According to Costis Toregas, director of the Cybersecurity and Privacy Research Institute at George Washington University, “what is required is coordination.” In the meanwhile, we do not have a table large enough to accommodate all of these people… What we need is greater discussion of numerous industries rather than thorough dives into any one industry. There are a plethora of future benefits that can be obtained by using that particular key.”
Cyber educators and government officials are driving more understanding of the cyber landscape and workforce, according to Burley. In order to attract more varied talent and enhance inclusion across minority populations, a transformation in how the subject is marketed is needed, he says.
When it comes to understanding what it means to be a cybersecurity expert, there is often a lack of clarity. According to Burley, leaders throughout the industry should increase their ability to communicate the types of opportunities available and establish role models who reflect the variety found across the country in their respective fields.
In Burley’s opinion, “we tend to focus very much on a restricted set of those roles that, perhaps, do not attract the type of variety that we would like to see in the area.” We, as a collective, those of us who are defining the field and structuring it, should strive to be more consistent in the manner that we talk about the field, as well as the opportunities that exist and the scope of those opportunities.”
The creation of new chances by cyber educators is also assisting in the recruitment of a more varied talent pool. For this reason, Coulson and his team built a local pilot program that targeted a variety of groups and rural possibilities in order to meet talent where they were already.
The adoption of “earn while you learn” models by organizations is also a driving force behind the recruitment of new talent into the cybersecurity profession. Aside from lowering entry barriers, apprenticeships and similar programs can also be used to substitute for a college degree, in some cases completely replacing it.
According to Toregas, “the NAPA project team really dug deep into apprenticeships and other non-traditional forms of education because traditional academically oriented programs will not suffice.”
Among the federal agencies that have registered apprenticeship programs is the Department of Labor, which is beginning to place a greater emphasis on cyber-specific training programs. It is vital, according to Toregas, that senior cyber leadership, such as CIOs and CISOs, promote the widespread adoption of these solutions.
It will not be possible to achieve a better state of affairs until we actually take action and are willing to take steps that may be slightly different from what we have done in the past, said Burley. The acceptance level must be reached where we are willing to step outside of our comfort zones and use some of these solutions in order to genuinely establish a robust and resilient cybersecurity workforce and citizenry, according to the author.