October 1, 2021
A recent study by the Information Systems Security Association (ISSA) revealed that 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years – 59% of respondents also said their organization could be doing more to address the cybersecurity skills shortage.
This is in spite of the fact that 2021 has already proven to be one of the worst ever recorded years for ransomware, with a number of high-profile attacks targeting enterprises and critical infrastructure alike.
Many in the industry – and the media – believe that things are destined to continue to get worse until there are extradition laws enacted, cyber norms solidified, better products made available and a slew of other deus ex machina solutions.
However, modern cybercrime and advanced persistent threats require a multi-generational approach – not a silver bullet.
In turn, this requires that more people recognize that this is a problem that they can help solve.
The most significant challenge today in cybersecurity workforce development is visibility. Young people choose careers that they see in their communities and that they can see themselves working in.
Unsurprisingly, the pandemic affected the results of the 2020 National Society of High School Scholars (NSHSS) Career Interest Study. Medicine/health-related, science and business careers are the top-three career paths among respondents; by comparison, “computer science/engineering” tied with legal careers for eighth place. While this study does not specifically track cybersecurity careers, a recent (ISC)² study of people who did not work in cybersecurity found that more than three quarters (77%) had never been offered cybersecurity as part of their formal educational curriculum at any point. It is also worth considering that the NSHSS study does not track cybersecurity careers as there is not enough measurable interest on the part of high school students.
There are several potential realistic options to make cybersecurity jobs visible to young people.
Engaging Potential Cyber Talent Directly
One potential solution is to find a mechanism for engaging them directly – for example, by joining the local Parent Teacher Association (PTA), which can provide various avenues for engagement with students.
Networking with other parents helps to organize special assemblies, including finding speakers and deciding on topics.
If enough cybersecurity practitioners engage directly with their communities, they can help ensure that the school will have a topical and engaging school assembly on careers in cybersecurity. For example, high school students considering their career options might be very interested to learn that there were nearly half a million entry-level cybersecurity jobs open at the end of August 2021, with an average salary of $92,000 for a starting career as a Cybersecurity Specialist.
A general school assembly is also an opportunity to provide actional best practices that will benefit all students, such as keeping software up to date and not using sketchy websites to download malware-ridden video game cheats. This is better than hoping that cybersecurity is going to be offered as part of the educational curriculum at some future date.
Being part of a network can also help to provide opportunities for volunteering in classrooms. Most middle and high-school students have never met someone who works professionally to break into computer systems or who alternatively works to defend businesses daily. This is a unique opportunity to engage and inspire young people to work in roles that will help their community in both direct and indirect ways.
Additionally, the pandemic and working from home has shown us that schools are critical infrastructure. Unfortunately, there is no generally agreed-upon standard of due care for cybersecurity at schools; this became abundantly clear during the substantial volume of ransomware attacks on schools as they prepared to start the 2020/2021 school year. With limited budgets, outdated technologies and ad-hoc incident response capabilities, schools remain a compelling target for criminal threat actors. Community members with a background in cybersecurity can help schools build resiliency by volunteering.
Similarly, volunteering at a local organization that serves the needs of middle or high-school students through afterschool programs is one of the best ways to connect with potential cybersecurity talent directly. The intent is the same – to increase visibility so that young people know that cybersecurity careers exist. By giving an interesting presentation on cybersecurity to small groups of students, individual practitioners can help young people learn about the team-oriented nature of cybersecurity jobs. Some afterschool organizations also provide the opportunity to mentor young people and provide career guidance.
Choosing to not engage young people about cybersecurity careers is choosing the status quo – a continued year-over-year increase in the number of data breaches annually and a related increase in year-over-year average financial damages caused by said breaches. This unsustainable harm can be stopped by the collective efforts of individual cybersecurity professionals working to make our jobs visible and appealing to potential future colleagues.
ABOUT OUR AUTHOR
IEEE Impact Creator Kayne McGladrey is an IEEE Senior Member and Cybersecurity Strategist at Ascent Solutions. He has 20-plus years of experience working with Fortune 500 and Global 100 companies to effectively blend information technology and management acumen to cultivate and build cybersecurity best practices.