It’s hard to believe it’s the 15th annual National Cybersecurity Awareness Month. As the month winds down, I reflected back on what’s changed over the last 15 years and what really hasn’t changed. Since the beginning days of “STOP. THINK. CONNECT.” we’ve made great progress as an industry in overall awareness of cybersecurity hygiene and practices. Companies, governments, leaders, boards and executives are significantly more aware of the impacts of cybersecurity risks to their business and operations. The conversations are much deeper, informed, and impactful. The drastic changes in the technology landscape have been amazing and the introduction of more automation and intelligence into cybersecurity operations has enabled us all to get more return on the investment in limited human capital.
However, the gap between the demand for cybersecurity expertise continues to widen from the supply of available qualified people. While there has been some growth in people entering the field, it is not keeping up with this explosive growth in demand. We still face a critical shortage of skilled talent across all industries and around the globe. According to (ISC)2 there are more than 2.9 million unfilled cybersecurity positions. The inability to find qualified people poses an increased risk to companies’ operations and is a significant lost economic opportunity for our communities. It’s time to shift from “Awareness” to Action.
As I’ve written previously, the talent shortage cannot be addressed tactically. We need communities and schools throughout the United States, and globally, to offer additional pathways into the field. In addition to the growing collegiate programs (which continue to be challenged to find professors), we need to reevaluate and create new entry paths. Elementary schools must enhance and expand STEM programs. High schools and trade schools need to expand their tracts to include IT, programming, and cybersecurity into non-college prep courses. Companies must invest in cross-training other disciplines (audit, IT, operations, business) into cybersecurity positions. Significantly more outreach is needed to position cybersecurity as a viable and rewarding career path for women and minorities.
What can we do? I challenge each of us to take two small actions this year to make a huge impact. First, help just one person join the cybersecurity profession this year. Make a hire or referral to another company or institution for someone with a background in IT, process control networks, audit, or risk management, or other non-cybersecurity background into cybersecurity.
Next, get involved in one educational or community-based event that makes kids aware of career opportunities in cybersecurity or increases the participation and excitement of younger students in technology. There are hundreds of cybersecurity and tech challenges held for elementary schools through college programs. Speak at a school event. Be a judge for a contest. Be a mentor. Advise a university program on curricula. Find a local community organization that you can help. If you don’t see one in your local community copy a successful model from another city and start a local chapter. Here in the Philadelphia area we’re surrounded by outstanding college and university programs but there are also tremendous community-based organizations focused on creating opportunities for underrepresented communities. Some great examples include Girls Who Code and Coded by Kids.
Working together, we can turn the tide and start to close the gap between the supply and demand for cybersecurity expertise. And we’ll make our friends, families, companies, communities and governments a little safer and our economy a little stronger. We’re an industry that solves hard problems. Let’s rally and continue to make a difference.