Building the talent pipeline for cybersecurity
The latest research on the cybersecurity skills shortage by ISC2 reports that 63 percent of participating organizations don’t have enough dedicated cybersecurity staff. 59 percent consider their organizations to be at risk as a result. This study estimates that the world could use almost 3 million more cybersecurity professionals. What can we do to address this problem?
Short term solutions aren’t easy. Hiring managers, who are already spending more time on fire fighting and incident response than training, planning, and strategy (due in part to the talent shortage) are trying to carve out time to be thoughtful and creative about how to fill open positions on their teams. Some are focused on growing talent and others are looking to alternative pipelines.
A big part of the long-term solution to our industry’s talent shortage is to increase the pipeline of skilled candidates. This will take time.
My perspective as a parent
A lot of the time when I’m thinking about this topic, I’m spending time with my two young kids. On any given evening at home, my three-year-old daughter (whom I will call Rose to protect her privacy) is wearing her Ariel costume (from Disney’s The Little Mermaid) and talking to me about the characters featured on Paw Patrol, PJ Masks, or Peppa Pig. Rose is in that magical phase of early childhood development where her brain is so incredibly capable of learning, and she’s not even doing it on purpose.
I think a lot about the stories that she hears. I don’t love that Cinderella’s primary objective in life seems to be putting on a glamorous dress and attending a party, and it makes me uncomfortable that Marie, the little girl cat in the Aristocats, is positioned as needing to be saved all the time. There are some positive role models: Moana follows her instincts to be an explorer and rescues her family and community, Peg (from Peg + Cat) solves everyday problems using math and song, and Doc McStuffins heals her stuffed animals when they are feeling unwell.
Technology has always been a part of Rose’s life, and at three years old, she is a whiz with a smartphone. It’s a simple consequence of having been born in the United States in the year 2015. She’s a natural expert - just the other day, she taught me about a YouTube feature that I previously had no idea existed.
From the alarm that rings first thing in the morning to the video call app that allows her to talk with her cousins who live in another state, software is already a huge part of her every day. I want her to know that her personal information is important, and I want to teach her how to protect it.
But where are the children’s stories that talk about security? I couldn’t find one, so I decided to write it.
The “AppSec ABC’s” a children’s book about cybersecurity
I partnered with Julie Kuhrt and Chris Tilton, my colleagues at Cobalt.io, a penetration testing as a service company headquartered in San Francisco, to write and produce a children’s book called the AppSec ABC’s. The book features a group of friends who learn about application security concepts and transform throughout the book into cybersecurity superheroes.
You can download the PDF version here.
We decided to use characters and scenes that are familiar to kids. For example, in the story of the Three Little Pigs, the wolf is a Threat and the insecure homes made of straw and wood are Vulnerabilities.
Rose and I love reading this book together. Her favorite is the OWASP Top 10, which we compare to the list that Santa Claus makes and checks twice.
I believe that the stories we hear influence the values that we have, and that the role models we see affect how we choose to behave. As a little girl, I wanted to grow up and be a rockstar (or a giraffe). I didn’t think to myself, “I want to be an information security professional one day.” I didn’t know or see any information security professionals, so I didn’t know what that life might be like, and I couldn’t want it if I didn’t know what it was.
It’s my responsibility as a parent to teach my children how to thrive in this world - and today, that includes knowing about cybersecurity.
If you’re attending RSA Conference in San Francisco next month, be sure to join Caroline and several other industry leaders at the Solving Our Cybersecurity Talent Shortage seminar on Monday, March 4.