While there is a high demand for cybersecurity professionals, there is also a significant lack of supply when it comes to talent. The best solution to filling this gap is to ramp up hiring initiatives with an emphasis on looking toward career backgrounds not traditional to cybersecurity and information technology. There must also be a focus on training, educating and mentoring cyber professionals at different stages of career development. This will help ensure that even as cyberattacks grow more sophisticated, there will be cyber defenders who are proficient in the skills needed to counter them.

With the cyber skills gap continuing to widen, it is equally important to hire candidates with prestigious degrees or years of relevant experience and pursue candidates who have the foundational skills that every cybersecurity professional needs.   If someone has the ability to think critically and problem solve, they most likely have the ability to be trained into an extremely capable cybersecurity professional. 

Organization responsibility

This education and training will of course require the investment of time and commitment from organizations and their leaders. Without their recognition of how important it is to properly train potential cyber employees and the next generation of the workforce, the skills gap will continue to expand. Unfortunately, half the battle to closing the skills gap is instilling enough confidence in prospective talent pools. Those who might be interested in taking the leap from their current career path or are questioning if this industry is a right fit, need to be assured that there is a place for them in the cybersecurity field and the opportunity for them to thrive professionally. Because cybersecurity is already perceived as a daunting and intimidating industry, training and education must start from the beginning of someone’s journey in the cybersecurity career field and continue throughout their employment. It’s through continuing to invest in our employees that we will keep the talent we have and attract the talent we seek.

A key consideration for the industry is the promotion of the skills needed to enter the field and involvement in the training of future cyber professionals. For example, Girl Scouts Cyber Awareness Challenge offers curriculum-based programs and mentorships tailored to getting women interested in the cybersecurity field as they begin planning for their careers. There are also events such as the National Collegiate Cyber Defense Competition (NCDDC) and the U.S. Cyber Games that strive to build a stronger and more diverse tech and cybersecurity community. Involvement in such initiatives will help break down barriers that are discouraging many from pursuing a career in cyber. 

The Federal push

Commitment to the training and education of new and prospective talent will effectively help combat the skills gap, and the industry will benefit as a whole. Times like these are when coming together to invest in the future matters most, and it will certainly pay off in the long run if security leaders start to act now. 

A telltale sign that there is a need for action is the recent push for federal involvement. Making note that domestic agencies are already under enough pressure to efficiently counter attacks and make up for existing skills gaps, cybersecurity lawmakers are starting to understand the important role they can play towards cyber education. This includes the possible establishment of “Cyber Academies,” or programs that would be implemented in schools to help students learn about cybersecurity and its career possibilities at an early age. This is a solution that attacks the problem at the very root by combating the lack of understanding and knowledge among students — which may hold them back from entering the industry later down the line. 

Proving even further how pressing this problem is becoming is CISA’s recent decision to implement a new set of training modules on ransomware prevention through its Federal Virtual Training Environment. They have also announced new funding developments, dedicated to supporting non-traditional training organizations and cyber education non-profits.