The cybersecurity talent gap is undeniable. It’s also a presidential priority and well-established trend that some estimates project will reach 3.5 million unfilled positions by 2021. And it’s not just a question of numbers but also skills. A January report by the Center for Strategic & International Studies asked if cybersecurity education and training programs are teaching the right skills to fill needed jobs and found that “the evidence suggests that the answer may be no.”
Cybersecurity Talent Gap
The lack of diversity is an added wrinkle in the difficulties of staffing the cyber workforce. As government research and other studies show, women and minorities remain seriously underrepresented in cybersecurity. I saw firsthand signs of this during a recent university talk I gave on cloud security. Across a lecture hall filled with more than 70 students, the vast majority were white males.
Yet for all the clarity around this talent gap, what’s less clear is how to close it. Typical recruitment efforts can only go so far toward a solution, but that is generally where companies stop paying attention. The reality is that most of our workforce challenges can only be addressed through larger societal efforts; by extension, that means our strategies for solving them must go beyond just HR and to the heart of our larger corporate social responsibility (CSR) mission.
Choosing From A Range Of Causes
CSR initiatives can help close the talent gap to the extent that we, as the cybersecurity industry, realize that it’s our job to help bridge this gap through a variety of initiatives many of which lie well beyond the corporate walls. This includes building training programs, fostering workforce diversity initiatives in the community and reaching deep into the educational pipeline, including the K-12 ranks, to cultivate the next generation of cybersecurity pros.
Every cybersecurity company (every cybersecurity practitioner, even) has a role to play in this greater CSR mission. It could be giving a local talk to a nearby school or university, sponsoring internships or scholarships, participating in a group like the Global Cyber Alliance (which my company is a member of), or supporting any number of efforts designed to chip away at the diversity gap.
Keep in mind that diversity does not have to stop at race or gender. You can participate in “neurodiversity” programs to help people with autism and others with differing abilities enter the cybersecurity field, and there are efforts focused on multi-cultural diversity as well.
The Diverse Benefits Of Diversity
Cultivating a more diverse workforce is one of the most significant things we can do in focusing our CSR mission. That’s because it solves a bevy of challenges that go far beyond just social justice or labor force statistics. Diversity brings new perspectives that can collectively enhance a team’s ability to use the latest technology tools to troubleshoot cyber threats and solutions. And, critically, diversity lends more integrity to the development of the tools themselves.
Look no further than the stream of headlines about facial recognition and voice recognition technologies containing specific biases. There are similar concerns across the artificial intelligence (AI) landscape a scary prospect when you consider how AI is increasingly used to aid determinations on employment, health care, policing, education, insurance rates and more.
There’s no reason to think that these biases don’t extend to cybersecurity a field that uses all these tools and whose own workforce, as I mentioned above, is demonstrably lopsided. Diversity, in other words, will not just deliver a more plentiful, better-equipped workforce but also better design for the tools we use on the job.
All I Needed To Know About Cybersecurity Started In Kindergarten
Looking at the current landscape, it’s easy to feel overwhelmed, like we’re in catch-up mode. The good news is that many of our challenges today have a common remedy: reaching further back through the education system down to the K-12 or even pre-K level to better prepare future generations for cybersecurity careers. Teaching coding, engineering and other cybersecurity-friendly STEM skills to K-12 students positions the future workforce to be more data-literate and security conscious.
Indeed, experts tie early STEM exposure to cybersecurity success. One great resource is the Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies and its Cybersecurity Education Training Assistance Program (CETAP) to “[equip] K-12 teachers with cybersecurity curricula and education tools.” We should continue to grow these efforts in both K-12 and higher education: from pre-K and early elementary books and magazine-style publications geared toward middle schoolers to high school internships and new, apprenticeship-focused strategies in higher education.
Our strategies for fixing the cybersecurity talent gap shouldn’t be confined to the HR division or even the four walls of the company. I’ve shared just a few examples of how we all can help, and there’s plenty more guidance out there. But regardless of your particular approach, it’s all part of the same mission: to leverage CSR for a larger strategic playbook to close the talent gap and reap many other long-term benefits in the process.
Email Security Protocols
- ISO 27001 Lead Implementer
- ISO 27001 Foundation
- ISO 27001 Lead Auditor
- Certified Ethical Hacker (CEH)
- Computer Hacking Forensic Investigator (CHFI)
- Cybersecurity Professional
- Cybersecurity Lead Implementer
- Cybersecurity Lead Auditor
Cybersecurity Talent Gap
Tracy, Richard (2019) Corporate Social Responsibility Is Key To Closing The Cybersecurity Talent Gap. Recovered on 9 August 2019 from https://www.forbes.com/sites/forbestechcouncil/2019/07/16/corporate-social-responsibility-is-key-to-closing-the-cybersecurity-talent-gap/