Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

8/3/2020
10:00 AM
Adam Benson
Adam Benson
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail vvv
50%
50%

A Patriotic Solution to the Cybersecurity Skills Shortage

Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.

A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."

That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.

The demand for good workers is there, the supply of workers is not. According to CyberSeek, the supply is very low. How low, you ask? The national supply/demand ratio for all workers to job openings is almost 5, but the national average for cybersecurity jobs is almost 2.

Additionally, CyberSeek reports there are more than half a million unfilled cybersecurity jobs in the United States waiting for qualified individuals. Putting that in perspective, if every active member of the United Auto Workers union left the assembly line today to work in security jobs, we'd still be 100,000 workers short of filling the workforce gap.

It's not going to be easy in this election cycle. It seems the candidate who says some version of "that job that you know how to do isn't going to last" is the person who loses. But maybe there is another way to approach this issue that might resonate with a public needing to consider new options? Perhaps Americans might listen to a message of opportunity rather than failure?

Rust Belt workers have reason to be frustrated by politicians and corporations that have quit on them. It's been long theorized, and now commonly accepted, that middle class workers are either unwilling or lack the time, money, or confidence to take on new skills. A majority of 800 managers surveyed by Harvard Business School in 2018 shared that sentiment. But 11,000 "lower-income and middle-skills" workers in 11 countries told the researchers something entirely different. Harvard found workers were "more eager to embrace change and learn new skills than their employers gave them credit for."

Cybersecurity offers some workers a chance to be more than just a cog in the machine — a chance to be on the front lines of the tech revolution … and to be one of the good guys at that. Being on the right side of history is no small thing. There are Americans losing their places in factories, hotels, restaurants, and shopping malls who come from long lines of families that stood up when called upon by their country. There are also new Americans and second-generation Americans eager to show their love of America. If they knew reports of online crime to the FBI are up 400% since the start of the pandemic and that cyber-threat actors from foreign nation-states are targeting the healthcare and research facilities searching for COVID-19 treatments, they might be eager to join the fight.

And they need to know retraining can be cost efficient and more attainable than ever before. Craig Newmark, the founder of Craigslist, has made significant donations to multiple nonprofits offering free cybersecurity training for veterans and women, two segments vastly underrepresented in the security industry. Newmark helped fund the first class of the Sacramento-based program "100 Women in 100 Days." That program's creator, Carmen Marsh, had five times that many apply for spots in the program — with half of the spots claimed just hours after she launched. Two-thirds of the first class graduated, and nearly half are working in internships now. Marsh has a grant from the city of Sacramento for her next class. She'd like to take her program across the country … if she just had the budget.

Currently, the Senate has two bills that would direct much-needed funding to create apprenticeship programs. S. 1466, the Cyber Ready Workforce Act, would provide grants to the Labor Department to support registered apprenticeship programs in cybersecurity. S. 2775, the HACKED Act, would provide critical workforce training, including financial assistance to security education–focused regional alliances or partnerships. Unfortunately, the GovTrack website gives each bill only a 2% chance of being enacted — even though both have bipartisan support.

It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing). We need more than just the usual Washington mumbo-jumbo like "this has to be a public-private partnership to create a jobs program" or "we're repurposing human capital for a new century." It's time to invest in humans to make the technology we depend on better, smarter, and safer.

Now is the moment to take to your Twitter and LinkedIn accounts, not just to share with the friends you have but reach out to the next colleague you haven't met yet. Tell your story. Tell them about the opportunity. Tell them to vote. Tell them to ask their companies to consider new possibilities. Tell them the country, perhaps even the civilized world, needs them now.

Your actions will send workers a very simple message: We need reinforcements in this fight. We want you!

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Adam Benson is a senior vice president at Vrge Strategies, a Washington, DC-based public affairs firm. Benson has written security research papers and worked with both corporate and nonprofit cybersecurity clients. Previously, he was press secretary for former Congressman ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...