The Cybersecurity Talent Deficit Goes Global

By on Jul 28, 2016

I’m privileged to lead a group of McAfee leaders to the annual Aspen Security Forum this week. This event is among the most prestigious gatherings of its kind. Dozens of government leaders, tier one journalists, and private-sector companies like ours connect in Aspen each July to discuss the most pressing national security issues facing the United States. The candid, diverse and direct discussions cover a broad array of topics of concern to our industry and yield helpful insights both to our team and the officials we meet.

I’ll be participating on a panel discussing the role of cybersecurity in our national security apparatus. CNN Justice Correspondent Evan Perez will moderate the discussion, and I’ll be joined on the panel by Assistant Attorney General for National Security John Carlin, Michael Daly of Raytheon, and Vinny Sica of Lockheed Martin.

While there are many issues of concern, I look forward to discussing the global cybersecurity talent deficit, and the potential national security ramifications of failing to address it.

The Looming Cyber Workforce Shortage

Not everyone may be willing to define thousands of unfilled tech jobs as a national security crisis, but we are. This week, the Center for Strategic and International Studies (CSIS) released a report supporting our assertion. It surveyed public and private IT decision makers on the quantity and quality of cybersecurity professionals in Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom, and the United States.

The study reveals a global cybersecurity skills shortage, and it is allowing malicious actors to inflict real, quantitative damage to public and private interests alike.

Eighty-two percent of all survey respondents report a shortage of cybersecurity skills. Seventy-one percent say the talent deficit has hurt their organization. One in four blame it directly for data loss and reputational damage.

Whose problem is this? Public and private entities, including institutions of higher education, share blame for not doing enough to sync the supply of cybersecurity skills with soaring demand. In our survey, three out of four respondents criticized their governments for inadequate cultivation of cyber talent.

These decision makers fault colleges and universities for failing to develop and market attractive cybersecurity coursework. They view the standard four-year college degree as insufficient, and praise the value of hands-on experience, including gaming and hacking exercises.

A National Security Crisis?

Countries lacking the human beings to adequately protect their most vital data, national secrets, financial markets, and ground-breaking intellectual property are unlikely to be economically competitive with those nations who can. But, beyond the economic implications of the shortage, consider the billions of connected devices coming online throughout the critical infrastructure that increasingly run our world.

From train systems, to water utilities, to smart power grids, to first responder communications, as the Internet of Things becomes ubiquitous, digital attacks now threaten physical damage. If we do not address the shortage of cybersecurity professionals soon, nations could find themselves unable to maintain adequate cybersecurity postures to protect and defend their critical infrastructure.

Automation and Unpredictables

The survey reveals across-the-board confidence that automation technology solutions will prove up to the task of mitigating ongoing cybersecurity threats. It’s true that the next phase of the cybersecurity era will redefine the symbiotic relationship between automated solutions and their human managers, analysts, and decision makers. The incoming cybersecurity workforce will adapt to increasingly automated environments, from “human in the loop” to “human on the loop” processes.

Security Leaders

Moving Forward with Solutions 

This week in the Rockies, we expect to hear sober talk from America’s best and brightest about encryption, ISIL threats, spyware, foreign espionage, extremist propaganda, and more. All well and good. Having enough smart, discerning professionals on deck to manage these issues, however, is just as pressing a concern. It should, in fact, be near the top of the list.

The CSIS survey delivers a clear call for more public investment in cyber education by higher education institutions – and more ongoing learning programs for private sector workers. While the private cybersecurity industry continues to innovate, our expertise shortage is an essential national security challenge that cannot be solved in the private sector alone.

Just as we have in past conflicts, government and private industry must collaborate, set priorities together, recruit talent, and seriously invest in skills development to address the cybersecurity workforce shortage facing our nation.


Fore more, watch ‘Cyber’s Role in America’s Security Arsenal‘ panel with John Carlin, Assistant Attorney General for National Security, Evan Perez, Justice Correspondent, CNN, Vinny Sica, Vice President, Defense and Intelligence Space Ground Solutions, Lockheed Martin, Michael Daly, Chief Technology Officer, Cybersecurity and Special Missions, Raytheon and myself.

About the Author

Steve Grobman

Steve Grobman sets the technical strategy and direction to create technologies that protect smart, connected computing devices and infrastructure worldwide. Grobman leads McAfee’s development of next generation cyber-defense and data science technologies, and threat and vulnerability research. Prior to joining McAfee, he dedicated more than two decades to senior technical leadership positions related to cybersecurity ...

Read more posts from Steve Grobman

  1. It's interesting they call it a shortage instead if what it really is. Most companies consider Information Security the Bastard Stepchild that no one wants, or at best a Necessary Evil, and they pay for it accordingly. I get repeated calls from recruiters looking for my skills, but they aren't willing to acknowledge that someone with a Master's Degree in Cyber Security, 10 years in Law Enforcement, and 6 years in a major Bank as an Info. Sec. Engineer is not going to move across the country to the east coast and be able to survive in Washington DC on $38 an hour. Until the pay matches what they are asking for in skill, the jobs will remain unfilled. On the Education side, when I graduated in 2013 with my Master's Degree there were 754 graduates from the various programs offered by National University, about 300 education majors, about 250 Business majors, a few of all the other majors, and in Information Security? At the Bachelor or Master's level? Just me! So I definitely agree there is a crisis in the education side.

  2. 8-12 and Higher Ed could easily make this type of curriculum an offering, which when coupled with other necessary InfoSec skills, help it seem feasible for youth Cyber enthusiasts to become a viable resource available for immediate hire in the work place upon graduation, rather than pay for 4 years of college then go spend additional $ to get the skills actually needed to fight the bad guys.

  3. Even before the Cyber Security people and skills shortfall, there is a lack of evidence of a unified theory and practice of Cyber Security.

  4. Sir,I have just completed my masters(MTech) in Cyber Forensics & Information Security ,i haven't done any certifications but have a little industrial experience of 1.6 yrs in developing.I'm struggling to get an entry in cyber security domain .Do certifications is a must requirement??

    • It is really dependent on the hiring company and the scope of the job. A candidate should work with the individual hiring manager to understand expectations and what would be most advantageous to position him/herself optimally for consideration for that role.

  5. Teach me, I am ready and willing. I've applied for these types of positions but usually told that I don't have the experience needed. Not to mention that most every job post I've seen has been for senior level experience or pays way below current salary.

Similar Blogs

Subscribe to McAfee Securing Tomorrow Blogs