How to Close Cybersecurity's Widening Workforce Gap
How are public-private partnerships helping solve the cybersecurity skills gap?
Cyberattacks have realized unparalleled heights. In 2019 alone, cyber criminals have compromised the data of hundreds of millions of users. They have penetrated Apple’s iOS, Microsoft’s Visual Studio and other systems that were once seen as impenetrable. Tens of millions of Capital One credit card applicants had their banking information stolen in one of the largest-ever hacks of a financial institution. Ransomware is infecting local governments across the U.S. and disrupting private industry around the globe.
Unfortunately, while the frequency and intensity of these malicious breaches grows at an alarming pace, so, too, does the gaping hole of talent needed to beat these sophisticated hackers at their own game. This year, the U.S. has a shortage of 314,000 trained cybersecurity professionals. That’s a 50-percent increase since 2015.
Finding the talent to perform these essential tasks is a top business concern for U.S. CEOs.
Solving a Systemic Lack of Cyber Skills
To remedy this deficit on the domestic front, American companies are looking overseas. They are turning to Europe and other regions whose new strategies are churning out the software professionals needed to plug the cyber skills gap. Many of these firms are establishing overseas operations in places that offer multiple benefits, where the talent pool is abundant and the overall cost of doing business is lower. They are also embracing Europe’s “cluster” concept, a highly successful economic development model that engages regional, market-specific teams of government, research and academia to meet organizations’ hiring goals and bolster growth.
For more than 20 years, Europe’s “cluster” concept has helped U.S. companies prosper. More immediately, these novel initiatives are addressing the worrisome talent deficiency in the security sector.
As global security spending is expected to exceed $124 billion in 2019, and $170.4 billion in 2022 and demand for artificial intelligence, cloud services, data analytics and other technologies rapidly accelerates, U.S. security companies are casting wider nets to protect their assets and fill the talent void. For example, Microsoft is investing $1 billion in cybersecurity in each of the coming years and tapping Israel – with its strong military and defense focus – to fill some of its cyber needs.
An Ecosystem that Keeps on Giving
In such countries as Norway, Sweden, Denmark, Finland and Ireland, extensive efforts are underway to train and graduate large numbers of professionals for careers in such critical areas as enterprise and network security, cloud security, application security, busines continuity management, penetration testing and malware.
Ireland is a major player in this arena, as is Stockholm, Sweden and many other major European tech hubs. With more than 200,000 tech workers in Stockholm alone, Sweden is opening new schools to produce more STEM-focused (science, technology, engineering, mathematics) technologists, with a strong focus on cybersecurity positions.
In Ireland, where more than 6,000 security professionals work for more than 40 multinational companies – the majority with U.S. headquarters – a robust cyber training movement is being led by the nation’s Cybersecurity Skills Initiative (CSI). CSI is a product of Cyber Ireland and IDA Ireland, and facilitated by Cork Institute of Technology (CIT) as a mechanism for creating jobs and accelerating Ireland’s growing cybersecurity ecosystem.
This collaboration of government and academia also includes U.S. companies IBM, Deloitte and others with Irish operations, among its major business supporters. CSI is training 5,000 new cybersecurity professionals in the next three years to fill the country’s demand for security analysts, security engineers, architects, auditors, testers and a host of other sector jobs. The majority of these graduates are expected to find jobs with multinational corporations, and the initiative is moving toward its goal of bringing 4,000 firms into the fold.
Educating a New Generation of Tech Talent
Microsoft, Google, Facebook, SAP, Dell, Cisco and many other American tech firms with high stakes in digital security provided input before the program was set in motion. Putting aside their competitive business approaches for the greater good of the tech community, these giants collaborated to identify needs, risks and specific vulnerabilities so that Irish universities and tech institutes could develop programs for a wide range of occupations. The varied programs extend from two-day courses for non-technical employees to 12-week courses to graduate programs.
Dr. Eoin Byrne, cluster manager of Cyber Ireland, says CSI was developed to train a high-quality workforce that not only meets employment needs in cybersecurity, but also those in the broader tech sector. These new skills will build on the existing base of talent that already supports the country’s growing tech hub, he says.
“As far back as 2017, U.S. businesses, the Irish government and academia have been working together to, first, understand key challenges and then create solutions for the cybersecurity and technology sector. We plan to address industry employment issues beyond just security,” Byrne says.
Even as we ready a current generation of cybersecurity professionals, we must prepare the next one. Cybersecurity is becoming enormously complex. The war for cybersecurity talent requires innovative solutions that are realized when public and private enterprises work together for this unified goal. To develop this critical pool of talent, both the cybersecurity industry and national governments must be deliberate in their efforts.