Addressing the Cybersecurity Talent Shortage

Posted on by Antonio Garcia

The current cybersecurity talent shortage is well-known to all industries and sectors, despite denials from the federal government. Today, companies must compete to attract and retain cybersecurity professionals who demand higher salaries and more generous benefits packages. While industries like finance and tech can afford to pay, many other sectors often cannot. These sectors often have limited resources, and for every investment in cybersecurity, like retaining an adequate level of expertise or acquiring up-to-date systems, they are often forced to make unpalatable sacrifices. Healthcare is one salient example. As Michael Ebert of KPMG observed in a 2015 report, “If [a hospital] has a million dollars, it is more likely to spend on patient care and saving lives before protecting their data.” 

Addressing the Cybersecurity Talent Shortage

The ideal solution would expand the talent pool by making cybersecurity a more accessible and conspicuous profession and by accelerating cybersecurity workforce development. Successful models already exist at home and abroad that we can learn from. Vocational training programs and apprenticeships are effective and efficient methods to develop a workforce that meets both current and future needs. However, these programs require enduring collaboration between and investment from the private sector, educational institutions, and all levels of government. 

Cybersecurity should be an enticing career for young adults. It is lucrative and in high-demand, and a recent Raytheon-National Cyber Security Alliance (NCSA) study suggests that cybersecurity meets many of the characteristics that young adults desire in a career. Yet, interest and awareness in cybersecurity careers remains low. Indeed, the study suggests that both young adults and their parents need better information and guidance on cybersecurity careers. 

Dedicated vocational training programs and formal apprenticeship opportunities could both raise the profile of the profession and clearly define the realities of a career in cybersecurity. Vocational training programs give students access to both professional career and academic guidance, and apprenticeships provide students insight into many aspects of the cybersecurity field. Developing these programs will be critical to attracting and developing the next generation of cybersecurity professionals needed to meet the urgent workforce shortage. 

Numerous examples demonstrate the success of vocational training programs and apprenticeships in meeting current and future workforce needs. In Germany, for example, students split their time between the classroom and the workplace, developing an academic foundation upon which they build relevant and in-demand skills and experiences. As a result, youth unemployment is low, and German companies have access to a robust pipeline of highly skilled workers. 

Critics may argue that, due to educational and governmental bureaucracy, this model will not keep up with the pace of technological innovation. However, vocational training programs and apprenticeships have proven highly responsive to constantly changing market needs. There is also evidence that an adaptive program could be implemented in the United States. In North Carolina, for example, curricula are updated four times in the past two decades in response to input and feedback from private-sector partners. This averages to a curriculum change every five years and demonstrates the potential for educational institutions to quickly adapt to rapid technological change and emerging industry needs. 

The effectiveness and responsiveness of these programs are the result of close partnerships between the private sector, educational institutions, and governments. In Austria, government and businesses not only work together to design curricula for the workplace and the classroom but they also share the burden of the program costs. Provincial and federal governments fund classroom training, and companies bear the costs of company-based training, including apprenticeship compensation. This is the key cultural difference that must be addressed for vocational training programs and apprenticeships to succeed in the United States. 

In the United States, a partial foundation for robust vocational training programs and apprenticeships is composed of existing federal initiatives and state educational institutions and programs. The missing piece is the private sector. Companies must discard their fear of employee attrition and take an active, shared role in the development of cybersecurity talent. From committing resources to support students to encouraging professionals to teach or mentor, the private sector must be willing to invest in developing the next generation of cybersecurity professionals. Abroad, in countries like Austria and Germany, and at home, in states like North Carolina, the outcomes of a more active and generous collaboration are attractive. Graduates are prepared for sustainable careers and are empowered to continue improving their skills throughout their careers, and employers meet their workforce needs.  

We are faced with a persistent cybersecurity talent shortage that will not resolve itself. It’s critical that we look to the success of vocational training programs and apprenticeships at home and abroad to make cybersecurity a more accessible and conspicuous profession and accelerate cybersecurity workforce development. Young adults are interested in cybersecurity, and these programs can guide them to and train them for a career in the field. Working together, government and private industry can and should invest in developing critical cybersecurity talent.

Antonio Garcia

Principal Systems Engineer, GRA Quantum

professional development & workforce

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community