Enable breadcrumbs token at /includes/pageheader.html.twig

Addressing the Cybersecurity Workforce Gaps

Leaders offer ways to improve cyber training and workforce disparities.
Leaders discuss cyber workforce disparities during the AFCEATechNet Indo-Pacific conference on March 3.

Leaders discuss cyber workforce disparities during the AFCEATechNet Indo-Pacific conference on March 3.

The 35th annual AFCEA TechNet Indo-Pacific conference featured a panel with top female leaders addressing cybersecurity workforce issues. Having ever-present cybersecurity training, reaching a younger audience on their level and leveraging women who may be seeking a second career are all ways to close the cybersecurity workforce gaps, the leaders said.

The panel included: Linda Newton, panel moderator, former chief information officer of the U.S. Pacific Fleet, and vice president of AFCEA Hawaii; Brig. Gen. Denise Brown, USA, director, J-6, U.S. Indo-Pacific Command (INDOPACOM); Inez Miyamoto, professor, Daniel Inouye Asia Pacific Center for Security Studies; Jenna Seidel, SES, National Security Agency/Central Security Service (NSA/CSS) representative to INDOPACOM; and Su Shin, president and general manager, Hawaiian Telcom.

Newton confirmed the challenges facing those working in cybersecurity. “The cybersecurity workforce is more important to today than ever, especially given the pandemic,” she said. “There are not are not enough cybersecurity workers today or in the future, and there's not enough diversity in the cybersecurity workforce.”

The complexity of cyber threats will only increase, with more frequent and more difficult hacks, viruses and threats, Newton continued. “And there is a challenge with training to keep it up to date and relevant for the cybersecurity workforce.”

To connect with younger people in the workforce, Miyamoto suggested to take extra steps to meet them on their terms. “You have to make it relevant for them,” she said, suggesting music and social media to connect. “There's ways to be creative, and we need to look at how to change our mindset from the one-hour mandatory training to becoming more relevant and more interesting [in regard to cybersecurity training.]” Gen. Brown noted that for these younger folks, cybersecurity training that is geared as a competition is effective. “For this generation of gamers, these digital natives, the more we can make cybersecurity a game to be won against adversaries, I think the better our cyber workforce will be postured to defend our real-world systems,” she said. “And where we have these laboratories, this also is an opportunity for training with industry.”

Raising the cyber awareness of employees in the corporate world does remain an issue, the Hawaiian Telecom president said. One exercise that her company found effective in boosting its workforce cybersecurity knowledge was to test and educate its employees. “The one thing that we found some success with was that our IT team would send out fake phishing emails,” Shin explained. “It allowed us to hone in on those individuals that maybe needed some extra training and some extra reinforcement and review. They would receive an email response gently reminding them and educating them on why [clicking on the links] isn't the best idea. Those employees would then be put into a training program. We did find that it was effective.”

Shin emphasized that the company’s pursuit of cybersecurity awareness must be continuous. “It is really important that you have a pervasive security culture,” she stressed. “It is not a one and done situation.”

It is also important to have network users understand the consequences of their actions, Gen. Brown emphasized, adding that the most effective training for cyber warriors is hands-on training. “During our exercises here at PACOM [U.S. Indo-Pacific Command] in an offline laboratory …. they have to know what the impact is, and they have to work through it. It is about making it more realistic. We have to be able to allow the users to live with the impact of their cyber security transgressions.”

An imbalance of women in the cybersecurity field persists, Newton stressed. Seidel suggested more flexible work options for women to leverage their talents during their different work cycles. “You might work for five years, you might go part time for a few years when you raise a family, and then you might want to come back full time or start something new,” she said. “It is thinking about how we do business a little bit differently and being open to those opportunities.”

Seidel also noted that the NSA does reach out to schools in grades K through 12, fostering an exchange with those schools in terms of the science, technology, engineering and mathematics (STEM) and language fields. Seidel, a senior advocate for the agency’s African American employee resource group, said the NSA looks to partner with historically black colleges and universities. And while the NSA does target potential university- and school-age workers, the agency could do a better job in attracting older women who may be in office administration who could move to cybersecurity. 

“We have a high school work study program and it often attracts folks coming in during their senior year of high school, but how do you talk to someone who might see themselves in the office administration field and then show them the opportunity that exist in cybersecurity?” Seidel stated.

Miyamoto added that, “We are missing this huge gap of people who were born before the 1980s and we're not training them to have the opportunity.”

Gen. Brown agreed that reaching out to this part of the workforce does offer great potential. “It is not just for young girls but for women that are looking for a second career,” she noted. “It could be women that have been staying at home for the last 18 years. This is a great area to come in as you don't necessarily require a four-year degree. We're looking for certifications.”

“It would bring diversity of thought into workforce,” Gen. Brown concluded. “And really, the more complex problems live in cyberspace where more of a diversity of thought is required.”