As part of the Cyber Workforce and Education Summit held at the White House last week hosted by Chris Inglis, national cyber director, numerous organizations made pledges to boost training and education offerings.
CompTIA, in partnership with ConnectWise, will run a nationwide pilot program to fill critical cybersecurity roles for managed services providers, while Cisco made a commitment to train an additional 200,000 students in the U.S. over the next three years.
Fortinet said it would make its information security awareness and training service available for free for all K-12 school districts across the country, and (ISC)², the world’s largest nonprofit association of certified cybersecurity professionals, announced its One Million Certified in Cybersecurity program.
The initiative aims to put one million people through its Certified in Cybersecurity entry-level certification exam and education program for free.
“A tremendous shortage of skilled cybersecurity experts is extensive not only in the U.S., but worldwide,” said Ravi Pattabhi, vice president of cloud security at ColorTokens, a provider of autonomous zero-trust cybersecurity solutions.
Teaching the Basics of Cybersecurity
He pointed out some U.S. universities have now started teaching students some of the basic cybersecurity skills such as vulnerability management and security hardening of systems.
“Meanwhile, cybersecurity is undergoing a shift, with the industry increasingly incorporating cybersecurity into the design stage and building it into product development, code integration and deployment,” he said. “This means that software developers likely need basic cybersecurity skills as well as including the MITRE ATT&CK framework and using penetration testing tools.”
Michael DeBolt, chief intelligence officer at Intel 471, said the pledge for more cybersecurity training is a step in the right direction that will help both sides of the equation.
“This includes the busy employer engaged in the fight against cybercrime and the aspiring cybersecurity professional looking for entry into the field,” he said. “All reasonably-minded employers agree that we can only win this fight with fresh, creative minds and diverse backgrounds and perspectives.”
However, he pointed out this requires investment in not only time but money and energy.
“So often these resources are directed toward tangible things that provide the clearest, safest and quickest path for return on investment, such as the newest technology or the proven senior analyst that can hit the ground running,” he explained.
DeBolt said organizations who’ve invested in hiring and onboarding new employees breaking into the cybersecurity industry have benefited from innovative and fresh approaches to bringing the fight to the adversary.
“These initiatives will help new employees and make a lasting impact on our ability to fight new cybersecurity threats,” he said.
Sammy Migues, principal scientist at Synopsys Software Integrity Group, said the need for skilled cybersecurity employees is gigantic and noted the U.S. federal government, especially when combined with state and local governments, has so many kinds of ancient, old, aging, current and modern systems that no one person can take care of it all.
“All these different systems require system, network and cloud administrators with different skills,” he said. “They each need security teams that understand the different technologies as well as the attackers and attacks they need to defend against.”
Learn Something New Every Day
He added the systems likely process different classifications of data and require new and different controls which also have to be understood by the cybersecurity workers.
“And it’s not all business as usual; between regulations, data breaches, executive orders and everything else, there has to be enough cybersecurity workers to handle both day-to-day operations and crisis events,” Migues said.
A few years ago, DHS declared the cybersecurity hiring challenges a “national security issue,” and filling these spots is still a struggle.
“But there have been reports that, for example, government agencies are still getting a ‘D’ in cybersecurity even after being told about issues,” he said.
He pointed out aspects at play in the cybersecurity talent shortage likely include salary range—when compared to commercial companies—as well as the ability to do remote work, varying agency tolerances for legal marijuana use and even just a culture clash between what young workers are looking for and their view of what it means to get a “government job.”