11 Sep Closing the Cybersecurity Skills Gap – A Non-Traditional Approach to Identifying and Growing Cybersecurity Professionals
By Wayne Maddock, Manager, Criterion Systems
“Distrust and caution are the parents of security” – Benjamin Franklin
With each passing day, new exploits are being created and introduced into the wild. Federal agencies and commercial organizations are painfully aware they are prime hacking targets, leading to reputational damage, the loss of proprietary data via cyberattack, and – worse – potential physical harm to persons and/or the environment. Thus, it is not surprising the field of cybersecurity is growing dramatically. As of 2015, Cybersecurity jobs have increased 74 percent over the past five years and Industry estimates project a global cybersecurity workforce need of 6 million jobs by 2019 (source).
The skills shortage is a problem spanning governments, businesses, and industries around the world and with the impending saturation of our environment by the Internet of Things (IoT), the gap will increase exponentially. The thing that keeps me up at night is not what new exploit is out there waiting to infiltrate our environment, but rather will I have enough skilled labor resources to bring to bear in the fight against the adversary. Is there enough being done to address the skills shortage across the industry? If so, will these efforts bear fruit in time to prevent the feared Armageddon? The answer is yes, and no, to both.
While a Computer Science degree is great to have, it has not been a requirement for me to hire a candidate. This approach is now becoming the trend, as recent news reports confirm. Google, Apple, Ernst & Young, IBM, and many other companies are dropping their requirement for a college degree for a variety of positions. As the world transitions to a digital arena, colleges and universities will be tasked with the mission of providing real-time, industry-relevant courses to address the needs of the market. Needless to say, this is a big challenge for accredited educational centers due to the change in the tools and the industry outpacing the time it takes to plan, introduce, obtain approval, staff, and then deploy the curriculum. Traditional classroom training does not provide the hands-on type of workflow and technologies needed in today’s cyber-centric world.
The Traits of a Cybersecurity Professional
Since I can only directly control what’s in my world, I’ve needed to be creative over the past several years in my quest to fill openings across my teams. My steadfast belief is that any motivated person with the innate desire and ability to learn can become a cybersecurity professional. With the speed at which security tools and technologies constantly evolve, new and experienced cybersecurity professionals need to keep pace. To me, a cybersecurity professional needs to:
- Have the ability to collaborate in a team environment
- Understand and practice conceptual thinking and understand pattern recognition
- Be able to reverse engineer both human intents as well as binary code traversing networks
- Understand the motivation and outcome of actions, both physical and technical
- Focus and execute on the mission of the customer and task
Non-Traditional Approach Brings Creative Solutions
I have been successful implementing a non-traditional approach to identifying and growing cybersecurity professionals from different educational and industry pools of talent. Most people currently earning their paycheck in the cyber world have morphed into the role. The majority have an IT or military background, but others have had careers in vastly different industries, and that experience has served them well. I have found that the more diverse the job experience someone has, the more imaginative, open, and creative they are in bringing solutions to problems and zero-day exploits.
To win and retain the competition for cyber talent, we have embraced the following:
- Flexibility in work schedules when possible
- Championing work/life balance
- Building in training opportunities for related job functions during work shifts to keep the position interesting and ever evolving
- Creating mentoring opportunities
I challenge each employee to double their skillset and industry knowledge year to year and attempt to build this curve into their current roles and responsibilities. Furthermore, I provide the time and resources necessary to grow, socialize, and execute on promoting from within, encouraging community involvement, offering positive reinforcement and ensuring employees know they are appreciated and valued. I believe empowering and training personnel to make mission-impacting decisions and nurturing the trust required to do so fosters a team and family environment that one can be proud to be part of while contributing to the success of all.