In March, President Biden grabbed headlines when he warned about cybersecurity attacks. The need for experts is only going to become more urgent as more cyber security breaches are reported (last month President Biden signed into law a requirement for key businesses to report to the government when they have been hacked). The warning heightens the fact that there are far too few cybersecurity experts in the U.S. The U.S. added more than 250,000 workers to the cybersecurity workforce between 2020 and 2021. But the need for cybersecurity professionals increased by 30% in 2021 according to the industry group (ISC)². That leaves a shortage of 400,000 U.S. cybersecurity professionals.
The scarcity of workers presents a multifaceted geopolitical, economic, and social problem – it must be addressed with greater urgency through a comprehensive approach. I believe there are three areas in which the U.S. can close the gap in cybersecurity worker shortage:
First, enterprise security firms must be at the forefront of training professionals in critical cyber security areas. They can play a critical role in conducting boot camps in partnership with universities, granting micro-credentials for college graduates who want to reskill, or recruiting and training professionals who do not want to, or cannot take a traditional college pathway. Students in high school can learn cybersecurity approaches that enable them to enter the workforce, gain on-the-job experience and receive employer-supported, college-level training.
Second, the federal government has a critical role in training cybersecurity professionals through programs like cybercareers.gov. One area in which the federal government could lead the way is in recruiting more women to the workforce. In 2021, women represented just 25% of the global cybersecurity workforce. A survey commissioned by Microsoft Security found that, while 83% of respondents believed there was an opportunity for women in cybersecurity, only 44% of female respondents felt sufficiently represented in the industry. If the federal government made inroads in training, as well as hiring female cybersecurity experts, it could close the jobs gap considerably.
Third, higher education is also on the hook. In addition to a scarcity of high-wage entry and mid-level jobs in cybersecurity, there is a skills shortage at the manager and senior levels. A report from cybersecurity research firm Stott and May revealed that most cybersecurity leaders are struggling with a skills shortage. The research report “Cybersecurity in Focus 2020” reported that 76% of respondents believe there is a shortage of cybersecurity skills in their organization, which represents an improvement when compared to 2019 (88%). These shortage numbers are only amplified given the increasing attack surface and amplified cyber-criminal activity in 2022. MBA and other post-graduate programs must play a role in filling the management gap by increasing certificates, micro-credentials and degree programs tied to IT and cybersecurity.
The federal government is right to be sounding the alarm in the cybersecurity industry. There is urgency given that the economic and national security risks cannot be overstated. By the same token, legislators must resist the urge to overregulate. Technology firms involved in enterprise security on a large scale play a critical role.
Enterprise security firms, government and education need to work together to deliver a more comprehensive approach. The U.S. should address this problem with a national call to action like the wartime call to work in essential industries (think Rosie the Riveter). To do less is to put the economy and national security at greater risk.