This blog was written by Scott Montgomery, McAfee’s previous vice president and chief technology officer of public sector.
Each National Cybersecurity Awareness Month is a new opportunity to highlight the importance of concepts like observing best practices, refreshing outdated technology, and designing security into the latest connected devices. But few issues strike at the core of our ability to defend against cyber bad actors like having a strong and talented cyber workforce. It is perhaps for this reason that Cybersecurity Awareness Month is most important, because it can introduce cybersecurity to new audiences, connect future cyber professionals with the resources they need to succeed, and kick start policy discussions around new ideas for cyber training and recruitment.
Every two and four years, however, Cybersecurity Awareness Month falls in that critical period before the nation casts its votes for Congress or for President of the United States. These years are opportunities to press candidates and incumbents alike to talk about cyber on the campaign trail, seek the inclusion of fresh policies in party platforms, and call for action on stalled legislation. In this election year, we have seen bills introduced that would establish an IT modernization fund to overhaul aging government systems, increase the availability of cyber resources for small businesses, and enhance cybersecurity cooperation with one of our closest allies. What we need to support these and future policies, however, is a skilled cyber workforce capable of closing our current talent gap.
Members of Congress like Rep. Will Hurd (R-TX-23) have met this problem head-on, advocating for innovative solutions like the formation of a Cyber National Guard. Recognizing that the most effective investments in cyber begin with people, policymakers like Hurd realize the challenges that public sector organizations face when competing with the private sector for talented IT and cyber professionals. But as highlighted in the 2016 Center for Strategic and International Studies (CSIS) report, “Hacking the Skills Shortage,” this talent gap is felt acutely by all employers, regardless of whether they are seeking to protect .gov or .com. A majority of respondents (82 percent) to the CSIS study admit to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as having a direct and measurable impact on organizations whose lack of cyber talent makes them more attractive hacking targets. In 2015, 209,000 cybersecurity jobs went unfilled in the United States alone. Despite 1 in 4 respondents confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs that this workforce shortage will abate in the near-term. Respondents estimated an average of 15 percent of their company’s available cybersecurity positions could go unfilled by 2020.
Now is the time for policy solutions that acknowledge the breadth of the issue as well as the depth of combined resources we can bring to bear if industry and government work together. President Obama’s Cyber National Action Plan (CNAP) takes a crucial step forward by enhancing existing scholarship-for-service (SFS) programs, which provide scholarships for Americans seeking cybersecurity education and training in return for equal time in public service. Industry can help match these investments by providing SFS participants with more internships and opportunities to train on next-generation solutions before returning to the government. After they’ve picked up valuable experience fighting cybercrime on the front lines and their public service commitments end, these SFS professionals will find our nation’s most innovative companies and government agencies more than eager to hire them on a full time basis. Channeling investments to programs like these, and creating exciting and dynamic workplaces to engage future and existing talent will be crucial down payments on our skills deficit and result in safer industries and stronger national security for all.