Filling the Growing Cyber Workforce Gap
Diversity, job training and lifelong learning are keys to success.
There is not enough skilled talent for the growing need of the cyber community. Based on a state-by-state analysis on cyberchair.org, there are currently 320,000 open cyber jobs in the United States. Projections get worse. According to a CISCO report, by 2020 there will be 1 million unfilled cyber positions worldwide.
“We need to make systemic changes to address that gap,” said Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency (NSA), and former cybersecurity advisor to the president.
Speaking to attendees at AFCEA’s second annual Cyber Education Research and Training Symposium (CERTS) in Augusta, Georgia, Joyce emphasized the need for formal education, diversity in cyber and job training.
“We need to make systematic changes to address the (cyber talent) gap.” -Rob Joyce #CERTS2019
— Julianne Simpson (@simpson_signal) January 16, 2019
A key component of his vital long-term national cyber strategy is formal education. “We need to get people into that education pipeline,” Joyce said. Less than 65,000 people will graduate with undergraduate degrees in computer and information science fields. That’s not cybersecurity. That includes all IT and computer science students across the country.
“That’s a scary figure when we say we have more than 300,000 open jobs,” Joyce stressed.
What’s more alarming is that of those 65,000, only 12,000 are women. Even fewer are minorities. “I think if you are looking for a strategic lever that the nation has to pull, the first thing we have to do is balance that pipeline out to represent our population,” he said.
“If we can get women into the computer science/cybersecurity field at the same level as men, we will see a substantial increase in that pipeline. It’s the same for minorities. If the computer science outlook looked like the demographics of our country, we would up those number [in the pipeline] significantly,” Joyce said.
Another component to look at is on-the-job training. Many times the best cybersecurity professionals are not a product of formal education but are uniformed military. “They get significant exposure and come out of their service with huge talent but no degree,” he said.
Industry is starting to see that pipeline, but government needs to consider these type of candidates seriously. That means devising new and creative ways in the human resources process at NSA, which in the government is not easy. “We need to use all of our society,” Joyce said.
The NSA has started working with some universities to give credit for the internal training they do. “Now people who have been hackers inside the military have a head start to a full degree where they only have to complete a little more course work to get a bachelor's degree or certification that recognizes the training they received in the military,” he said.
Cyber topics are not static. “We all need to make a commitment to lifelong learning,” Joyce emphasized. The people who are the best in this field never stop learning. And the best assessment is not always the grades they got in their cyber classes or a test of what technology they know.
“It’s a simple question of how do you spend your free time? If you show me somebody who has a raspberry pi they play with on their own, out of self-generated interest, we find those people top the charts when we give them opportunities to learn. They come out on the other end just being rock stars,” he said.
Joyce encouraged CERTS attendees and anyone in the cyber discipline to do their part. “Think about your organizations and what you can sponsor or if you are able to develop curriculums or simply provide resources. There are huge opportunities out there to get kids inspired early,” he added.