Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet foundation that creates a huge attack surface for bad actors to target.
Many enterprises are not staffed to respond to these attacks. Shortages of security personnel leave organizations vulnerable. Companies are at risk when they do not have enough skilled personnel taking care of their infrastructure. Responding and mitigating breaches and other cyberattacks in a timely manner is a struggle and if not done adequately incurs additional costs and risks. Additionally, the growing problem of ransomware and other cybercrime poses a significant threat not just to organizations but to our national security, our economic prosperity, and to public safety. We must address the skills shortage with urgency if we want to gain the upper hand.
Despite all our efforts and costs spent protecting our ecosystem, the problem seems to be getting worse. Fighting cybercrime is hard. As cybercriminals deploy new tactics and techniques the cybersecurity industry must continually innovate to stay a step ahead. Innovation requires fresh thought and practice. Through better focusing on inclusion and diversity we can bring greater creativity and innovation to the table, allowing us to think outside the box and deliver unique solutions that allow us to outsmart our adversaries.
Adequately addressing the security talent shortage requires us to search broadly for solutions. We can cultivate talent in unique ways and be intentional about finding and hiring diverse candidates. We need people with diverse backgrounds, differing experiences, and unique thoughts to help challenge us to do better and deliver fresh and different solutions. We must step outside our comfort zone that makes us hire like-minded people and focus on bringing greater diversity to the table. When everyone at the table thinks the same, you aren’t going to come up with original ideas.
We have two Cyber Threat Alliance members who are each addressing cybersecurity training and the skill shortage in unique ways. Palo Alto Networks has joined forces with the Girl Scouts of America to inspire the next generation of cybersecurity experts through addressing cybersecurity awareness and education with a cybersecurity badge program. This program encourages Girl Scouts to have a deeper engagement with STEM activities and primes females to pursue schooling and work in IT and cybersecurity fields. Cultivating an early interest in cybersecurity and technology will pay dividends in filling future vacancies in the cybersecurity industry.
Fortinet’s Veterans program focuses on helping military service members, veterans, and military spouses transition into a career in cybersecurity. Veterans are already predisposed to a security mindset through their military service. They understand the importance of a strong defensive posture. They have the fortitude to handle the demands of the cybersecurity industry. They are technically savvy, adhere to policies and procedures, are proven accountable, and are loyal. They really do constitute a perfect candidate pool.
There are many capable and competent job seekers who can quickly gain the knowledge and expertise to meet our needs. We must be open to hiring candidates from nontraditional outlets. There are high school students who may not have the opportunity to attend college due to limited support or financial concerns. Many of these students have the attitude and aptitude to work in cybersecurity but they need that hand up. There are a multitude of entry-level positions that are ideal for this group, such as security operation centers jobs, incident responders, and other roles can be filled through creating apprenticeships and internships that expose them to the cyber training in a hands-on environment.
Often, we don’t create job descriptions until we have an immediate need to fill a position. This means we are looking only at candidates with established and often very mature skillsets. We must be open to bringing onboard candidates that have not been trained in cybersecurity but have the aptitude to learn and come up to speed to meet our needs. It takes time and energy to train on-the-job, but the payoff is dedicated employees who often bring new thinking, heightened energy, and a fresh outlook. The Covid pandemic has proven that the workforce doesn’t have to be in the office thereby opening us up to candidates that live elsewhere. Now we can hire employees that for whatever reason can’t relocate to be able to work from home. Leveraging this opportunity, along with creating flexible work schedules or job-sharing, can greatly help widen the candidate pool.
When we can create a diverse workforce and bring fresh and unique concepts to the table, where we give folks the chance to express novel ideas, and listen and give credibility to these ideas, when we can take advantage of different backgrounds, different ages, different cultures, different upbringings, varying levels of education, and bridge the gender and racial diversity gap, then we can move the needle on thought and practice. When you get real people from real world environments providing input, you are going to create and build programs and applications that truly impact society. We must act fast if we want to gain the upper hand against our cyber adversaries.