I’m fresh off the National Institute for Cyber Education (NICE) Conference 2015, the premier gathering for academics, government and industry to advance cyber education. The mission of the conference was clear: to develop the next generation of US cybersecurity professionals, and help close the massive skills gap (the gap between the number of cybersecurity job openings, and people with the relevant skills to fill those positions). There was a real buzz – a sense of approaching a tipping point that we can solve this challenge, but also overwhelming acknowledgement that we still have a lot of work ahead of us. In this post, I’ll share some data, reflections and key takeaways from the conference. In my next post, I’ll reflect on the work needed to build the cyber workforce through education.
Why should we care? There is a serious shortage of qualified cybersecurity workers globally on the order of 300k people and growing. 62% of organizations say they don’t have enough Infosec talent to meet today’s needs. The consequences of unfilled cyber jobs are huge: it means we are unable to protect our digital world adequately and are open to untold risks. We know we are already outmanned, and the issue will only get worse if it’s not systematically addressed. If 62% of towns said they don’t have enough police to keep their citizens safe, we’d have a national uproar- the same needs to happen for cyber.
Impacts of this shortage are playing out today: Graduating students are under-prepared for cybersecurity jobs, while talented existing workers are fought over, resulting in increased labor costs and churn. All the while breaches continue and our digital world is open to further threats. The current situation is not sustainable. As the threat landscape continues to expand, the gap will become even greater. According to the Cisco 2014 Annual Security Report, it is estimated that by 2019 the gap will be 1.5 million workers!
The Conference highlighted four areas to address:
- We need more industry representation when discussing cyber education.
The industry needs to be more involved in solving this problem. We need to weigh in on what skills are needed today and for the future, and help develop the programs and content to build those skills. - We need more collaboration to close the gap.
The three key stakeholders: government, academia and industry need to break down silos and share knowledge and best practices. Currently, there are too many self-interests being served. This is true both for organizations, and within a sector. We need to work together. - We need to get started earlier and more often with students.
Data shows that people who choose a cyber-career are often exposed to it early in their lives. Most people generally understand the importance of ensuring the safety and security of our digital world. However, we’re not doing enough to make them aware that this is a viable and rewarding career path. We need to engage with them earlier, and more often. - We need to solve the diversity problem.
There needs to be more diversity in the talent pool to provide differing perspectives and continued growth.
Amazing work is being done to advance the skills and fill the pipeline of our next generation of cyber talent. But it’s not enough to get us over the tipping point. For that, we need to prioritize the issue and work together. Keep a look out for my follow-up post where I will propose meaningful actions to make a difference.
The post Thoughts on the Plane from the Cyber Education Conference- and Feeling Energized appeared first on Speaking of Security - The RSA Blog and Podcast.