Caddis Technology Group, Inc. Blog
DHS Cybersecurity Shortage a Major Problem
Cybersecurity is a big point of emphasis for the modern IT administrator. For the private business, it’s important for enough to be done in order to secure the business’ assets, and the integrity of the network itself. Unfortunately, when looking at public computing resources, there isn’t enough talent available to properly secure the systems that government entities rely on.
Recently the U.S. Department of Homeland Security has announced their concern over the lack of cybersecurity talent, and how it is apt to be a problem for government and public sector if the talent shortage continues much longer. They go on to how every day that there is a shortage of cybersecurity professionals working in the public sector, is another day closer to a major event that is sure to be problematic. Today, we’ll take a look at this supposed cybersecurity talent shortage and what has to happen to keep our nation’s IT infrastructure from being under attack.
What DHS Says
Everyone knows that DHS’s entire mission is to keep Americans and American-owned businesses safe on home soil. Concordantly, there needs to be human experts working these angles with the A.I.-fueled systems that currently are the front-line defense of sensitive public computing networks. Jeanette Manfra, the Assistant Director for the Cyber Security and Infrastructure Security Agency (CISA), has been pretty forthcoming on the organization’s difficulty in finding suitable cybersecurity talent, and what the effect of not having that talent is:
“It’s a national security risk that we don’t have the talent,” Manfra said. “We have a massive shortage that is expected to grow larger.”
The Skills Gap
With demand higher than ever for cybersecurity professionals, any shortage is a major problem. According to the Center for Cyber Safety and Education there are over 1.5 million unfilled cybersecurity jobs, which will grow to 1.8 million by 2021. The shortage in talent is one glaring reason that there have been so many data breaches in both the public and private sectors.
Reasons for the Shortage
One would look at the industry and posit that the biggest reason for the shortage is that, with cybersecurity professionals in such demand, they will make more money working for private companies. While this is undeniably true, it actually isn’t the predominant reason for the shortage. The reason more people don’t want to work in cybersecurity is because it lacks incentive.
Nope, it’s actually because of the job itself.
Let’s face it, it’s not a job many people want. It’s like being a policeman or garbage man. The job is thankless, but without them, chaos ensues. It's a high-stress job with no recognition unless something were to go wrong, in which case you become the face of failure. Not exactly filled with incentives.
...But Education Could Be Better
Moreover, opportunities for formal education of these careers are actually being reduced by the recent closure of the for-profit colleges that once were at the center of IT training. Even as cybercrime becomes a multi-trillion dollar per year problem, training for these careers is going the way of the dodo.
Luckily, there are around a million ethical hackers out there who are constantly checking systems for vulnerabilities. These individuals help out as consultants, and are often thought of as the people that benefit most from this huge push toward cybersecurity. As we speak there are organizations that are creating free coursework designed by these ethical hackers for a talent pool that has no choice but to grow. With tools like Cyber Aces, Hacker101, Google Gruyere, and more, there is an active attempt by cybersecurity firms to find talent that has an interest in doing these jobs.
Manfra explained that CISA is really pushing their development of curriculum for developers in grade and secondary school and, borrowing a strategy from big tech by developing workforce training procedures that are modeled with recruitment and retention in mind. Since filling these jobs are a priority, you could begin to see special incentive programs for people willing to focus on cybersecurity as an expertise.
Manfra sees government subsidy for the educational costs cybersecurity professionals pick up if they are willing to work in the public sector for a few years before they move on to the private sector, allowing CISA to “...build a community of people with shared experience.” The more people who are on the same page, the more costs will stabilize, which will help business.
Cybercrime isn’t going away, so ensuring that your business’ network and infrastructure is well maintained, consistently monitored, and that your staff is trained can go a long way toward protecting your business’ digital assets. Return to our blog regularly for great information about how to maintain cybersecurity.