Cyberattacks on U.S. critical infrastructure and the theft of millions of records containing personally identifiable information have indicated that there are serious vulnerabilities in United States’ national cybersecurity approach. Cybersecurity encompasses the actions taken to protect against criminal access or unauthorized use of electronic data, as well as the measures taken to thwart cyber exploits. To function properly, this ecosystem requires effective processes, technologies, and enabled people.
In spite of many powerful innovations to make us more cyber secure, both governmental and private sector actors have failed to address the glaring talent gap in this field. There is a worrisome shortage of individuals with the skills and experience needed to protect our country against the asymmetrical threats we face.
According to the agency charged with tallying statistics on the cyber talent gap, there are over 1 million unfilled cybersecurity jobs right now. It is projected that this number will grow to 1.5 million by 2020. It is clear that we are not matching the capacity of the growing legions of cybercriminals with our own increased number U.S. experts who serve as our most important line of defense against them. We would not tolerate a projected 1.5-million-person deficit in our law enforcement or military ranks. Would should we accept such a shortage in our cyber defense force?
As the new administration enters the fray, the next recalculation should not be how to expand the $175 billion cybersecurity market. The focus should include practical strategies for assuring there are enough cybersecurity professionals to make the nation resilient. Enabled people are key to unlocking new opportunities that make the existing tools and processes more effective. If all existing best practices were employed we would eliminate 80% of all cyber breeches.
The costs of failing to act to address this issue are high. It’s not an exaggeration to say that the health of our economy and democracy is at stake. Intel recently released a survey stating the cybersecurity skills shortage is worse than talent deficits in other IT professions. The results confirmed what we knew - 82 percent of IT professionals see a shortfall in the cybersecurity workforce, while 71 percent of respondents thought there was a direct correlation between the skills gap, and “measurable damage” to their organizations.
Skilled hackers can gain access to databases and make data changes to records or evidence, compromising the integrity of our health and criminal justice systems. Remember, many of the fundamental aspects of democracy depend on confidence in systems like “chain of custody”. Concerns voiced about the legitimacy of the recent presidential election should magnify how we should be looking at the potential consequences from cyber exploitation.
The Department of Homeland Security, working with the National Institute for Standards and Technology, has shared educational products and workforce development tools through their National Initiative for Cybersecurity Careers and Studies portal. The Office of Personnel Management administers a program called Scholarship for Service where participating students on a computer security related career path can get free tuition and an annual stipend. These students pay it back after they graduate by working the representative school years as federal employees.
However, the government has not created effective pathways to employment in the cybersecurity field for Opportunity Youth, the 6 million young adults in the United States who are out of school and unemployed or underemployed. Current approaches to addressing this talent gap fail to provide onramps for those, who often lack the resources, credential, and networks to take advantage of opportunities in this dynamic field. Without a doubt, we must integrate these overlooked young people as a part of the solution; they are this country’s most tangible cybersecurity assets. We need to invest in them and can no longer waste time diminishing their value.
Effective models for identifying high-potential young adults and preparing them for success in professional jobs exist. Year Up, for example, is a national nonprofit organization that provides marketable skills training, mentoring, and a six-month internship experience to empower opportunity youth to fulfill their career goals.
Programs like Year Up are gaining traction as employers come around to the idea of tapping into previously overlooked talent pools and to the practice of considering professional competency-based certifications as an alternative to college degrees. Our sector should support the expansion of such solutions to bring a new generation of driven, talented individuals to the daily cybersecurity fight and help the nation meet its growing skills shortfall.
Of the cybersecurity issue, President Obama said, “It's one of the most serious economic and national security challenges we face as a nation. Foreign governments, criminals, and hackers probe America’s computer networks every single day.”
It’s time for us to rise to this call. A solution that introduces youth to cybersecurity and provides them with real work-based experiences can both expand opportunity for our country’s young people and keep our nation safe from the cybersecurity threats of today and tomorrow.
For more information about Opportunity Youth and how they can be a valuable source of talent for America's employers, visit the Grads of Life website at GradsofLife.org.
Michael Echols is the CEO of the International Association of Certified ISAOs, where he leads a global effort to launch and support cyber threat information sharing and analysis organizations. He has formerly served as the Deputy Director, Strategic Engagement and Cyber Infrastructure Resilience (SECIR) Division at the Department of Homeland Security (DHS) and the Chief of the Government-Industry Planning and Management Branch, National Communications System (NCS).
