<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

The Cybersecurity Skills Gap: The Defining Skills Shortage of Our Age

down-arrow

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag that many, including TechCrunch, are currently citing as an indicator that the skills gap is widening is the (ISC)2 report stating that there are now almost 3 million cybersecurity jobs unfilled worldwide. Having been a part of the skills gap conversation from multiple sides - as a cybersecurity research fellow at MIT, a Fortune 50 CSO, and collaborator on numerous NIST cybersecurity initiatives, I’ve considered the root cause of the skills shortage that our industry is facing and how this problem will be solved.

Why A Cybersecurity Skills Gap Emerged

In the early days of information security, it was seen as a niche specialty within computer science (an already niche field). For technical leaders in the late 90s and early 2000s, computer science in practice was not learned in a university setting - the skills were acquired as needed. Furthermore, the complexity of a field such as cybersecurity makes answering the question “so what do you do?” extremely complicated. As early members of the now exponentially growing field of cybersecurity, being ambassadors for the field is difficult - explaining cybersecurity to a spouse is incredibly complicated, let alone communicating it to a high school senior or college freshman. The way by which current information security leaders acquired their skillset is very different than what these new positions are seeking now. We are reaching an inflection point in the cybersecurity skills gap that I believe could already have been solved.

The Cybersecurity Skills Gap Inflection Point

The inflection point that I’m referring to is the intersection of the general public’s realization that the digital world and the physical world are far more closely connected than we realized, and the fact that to date members of industry and academia had not considered cybersecurity as a foundational principle of computer science. While many have been sounding the alarm for years, we are now seeing the cybersecurity skills gap widen even further as the demand increases and the supply is not there - yet.

Adjust Your Timeframe

Having worked in both academia and the corporate world, I have seen the juxtaposition of the timeframes of these two environments: corporations move exponentially faster and rely on the forces of public opinion and demand, both of which are moving exponentially faster given the rapid pace of technological advancement. So there you have your source of increased demand. On the supply side, we have academia. Academia, at its fastest, moves in four-year generations. One change made with one class requires fours years to see the impact of that change. What we see with the skills gap is the demand growing faster than the supply can support.

NIST’s NICE Intervention

Foreseeing the gap that many are only starting to see today, I was apart of a team assembled by NIST to solve what could be the defining skills shortage of our era. Some foresaw the supply and demand equation that I outlined above in the public and private sectors, and the solution we developed was a government program that would be able to supplement the supply generated by the academic institutions.

NICE: National Initiative for Cybersecurity Education

NICE emerged as a partnership between government, academia, and the private sector to help augment existing members of the workforce and engage students to realize how cybersecurity fits into their education. When we first began developing programs at NICE, we started at the Masters’ level - educated enough to realize the need but probably still involved in the private sector. However, as time went on, we discovered that that was not sufficient. We went further back to undergrad, then high school, and eventually built out a K-8 curriculum. The fact was and still is, that cybersecurity is as critical as physical security and future generations will probably see little difference between the two.

Back To The Skills Gap

So great, NICE has been working for years on this problem and yet we are skills seeing an increase in the skills gap - is it not working? No. The fact is that while NICE has been able to supplement the supply of cybersecurity workers delivered by academia, education cycles are some of the longest. While demand continues to skyrocket, the supply is not going down it has merely not increased at the same rate.

The Solution Is Here

The alarms that many have raised recently are not new - instead, the awareness is. While I believe we have a sustainable solution in place, sustainable initiatives take time to implement. In my next post on the skills shortage, I plan on discussing the use of “new collar” workers as a stopgap to the expansion of the cybersecurity skills gap while initiatives like NICE are implemented for the long term. 

You may also like

NIST vs. ISO –What You Need To Know
on June 24, 2022

Organizations are increasingly on the lookout for ways to strengthen their cybersecurity capabilities. Many have found solace in compliance frameworks that help guide and improve ...

Top 5 Recommendations For Your ...
on June 22, 2022

Discover, design, validate, promote, and sustain best practice cyber protection solutions to safeguard your people and processes. As the cyber attack surface expands, the Center ...

June Product Update
on June 21, 2022

It’s a celebration! 🎵♪🎵♪ ♩Automate your scores, come on (Let’s automate) Automate your scores, come on (Let’s automate) There’s a party goin’ on right here An automation to last ...

Why You Need CIS Controls for ...
on June 17, 2022

The Center for Internet Security (CIS) is a non-profit organization that helps public sectors and private sectors improve their cybersecurity. The organization aims to help small, ...

Small Business Cybersecurity ...
on June 15, 2022

To achieve peace of mind in the modern threat landscape, small business owners must have a solid security strategy and budget in place. VIPRE’s SMB Security Trends report state ...

Do Small Businesses and Startups ...
on June 10, 2022

Did you know that about 60% of small businesses shut down within 6 months by falling victim to a data breach or cyber-attack, where the average global breach cost hovers at $3.62 ...