I use my social media accounts to keep up to date with the latest cybersecurity trends and to ask the security community questions. Often, I discuss the Cyber workforce because a) like all CISOs, I’m worried about our talent pool, and b) as a CISO at a university, I am often asked about this subject. Brian Contos, CISO of Verodin, suggested that we talk about this topic on the Cybersecurity Effectiveness Podcast, which was a great reason for me to consolidate my thinking on the matter.
The problem is clear: we don’t have enough people in the cyber workforce. We’re in need of a diverse talent pool; CISOs urgently need to know how to grow their own talent while educational institutions and InfoSec programs catch up to the demand.
There are two broadly-defined higher education tracks to be aware of: community colleges focusing on entry-level cyber technical skills, and four-year colleges focusing on cyber theory and research. Community colleges have really stepped up and many now offer skills-based curriculums that allow graduates to take on entry-level roles in security engineering and operations disciplines. Typically, four-year colleges that offer Bachelor’s, Master’s, and Doctoral degree programs focus more heavily on theories and research. These programs produce people ready to be systems analysts, security architects, and software engineers. Both types of programs serve an important role in growing the cyber workforce, but currently struggle to keep up with student and employer demand.
Organizations and programs recognize the immense dearth of K-12 technology and information security teachers, but this is where these skills need to be introduced if we are to improve the diversity and size of the cyber talent pipeline. We’re starting to see private companies and public entities invest in the teacher training and curriculum development for middle and high school programs. Unfortunately, this work will take a decade or more to come to fruition.
CISOs can help the growth of the cyber workforce by partnering with educational institutions. Examples can include consulting with board members to inform curriculum creation; providing subject matter experts to aid instruction or assist with classroom delivery; and investing in cyber programs. Many institutions are also willing to consider creating specific training for a company – e.g. certificate programs, internships, etc. – when the right partnership exists.
All of these efforts are necessary if we are to grow the cyber workforce quickly.
Check out the podcast to listen to our full conversation.