A startling statistic is rippling through the media: over an eight-year period, reports confirmed that the number of unfilled cybersecurity jobs grew over 350%, from 1 million positions in 2013 to over 4 million globally in 2021, with half a million of those unfilled jobs right here in the U.S. And while those numbers are staggering on their own, estimates by the Bureau of Labor Statistics indicate the cybersecurity sector shows no sign of a slowdown, with expected growth at 37% through 2022.

According to a 2019 (ISC2) Cybersecurity Workforce Study, an astounding 65% of organizations report a shortage of cybersecurity staff, while a lack of skilled and experienced cybersecurity personnel is the top job concern among respondents (36%). And of the candidates who are applying for these positions? Fewer than one in four are even qualified, according to the MIT Technology Review.

How did this happen? And what can we do about it?

While there are many factors already contributing to the widening shortage, let’s start with the most recent issue of COVID-19. When the pandemic hit last March, it sent the cybersecurity world into a wild and escalating shift, in which millions of workers suddenly left the office and were forced to work remotely. Companies made the leap overnight, which ultimately left many cybersecurity professionals scrambling to secure remote offices on the fly, even while new emerging threats were on the cusp.

Many of us in Northern Virginia (NOVA) predicted the massive toll the pandemic would have, but we were already seeing the widening effects of the shortage as more and more Silicon Valley companies relocated to Northern Virginia over the past decade. Our solution-based focus occurred long before the pandemic, yet it became even more of a top priority as COVID-19 altered our landscape.

What the COVID-19 crisis is ultimately doing to the cybersecurity industry is shining a spotlight on it. With the critical shortage worsening, we see that mainstream news now regularly covers the cybersecurity industry with a pressing sense of urgency we felt years ago as the shortage deepened. In what is one of the only benefits of the critical issue, it has allowed many of us here in NOVA to elevate and extend a slew of innovative measures that our companies and region are implementing to combat the problem.

Why Northern Virginia? For one thing, we’re the business hub of the Washington, D.C., area, and many of our companies work with federal agencies and government contractors for whom secure networks are not niceties – they are essential to the intelligence, defense and homeland security missions they perform.

Second, we’re home to “Data Center Alley.” The region’s data center dominance began with access to the federal government and its roots to the U.S. government’s experiments in wide-area fiber optic networking in the 1960s.

In the 1990s, MAE-East was established in the region, with AOL building early fiber and power infrastructure. Equinix followed with its first data center in 1998, allowing companies carrier-neutral access to the Internet. From there, Northern Virginia has grown to offer the highest density of dark fiber in the world, and today, with four times more capacity than in Silicon Valley. In fact, measured in megawatts (MW) of power capacity, Northern Virginia has almost as much data center inventory as the 2nd, 3rd, 4th and 5th largest markets combined.

We know we have a powerhouse of talented cybersecurity professionals and newly relocated Fortune 500 companies that can play a crucial part in the solution to the cybersecurity shortage. As we set out to solve the industry talent shortage, we’ve found the following strategies to be impactful steps in tandem toward a solution.


Tailor higher education curricula to meet industry needs

Any solution relies on leadership in academia too. In 2020, George Mason University in Fairfax, Va., established a Department of Cyber Security Engineering, which includes a new accelerated master’s degree program in cybersecurity – a first in the U.S.

The extensive curriculum focuses hard on advancing hardware and software security in areas such as 5G networks, health, supply chain, autonomous vehicles, smart cities, IoT and more.

Mason is one of 15 Centers for Academic Excellence in Cybersecurity in Northern Virginia, where more than 60 training providers are located within a 50-mile radius of D.C.

Additionally, Northern Virginia Community College is a founding member of the National CyberWatch Center, a national consortium of colleges and universities focused on cybersecurity education and designed for those who seek employment in the field of cybersecurity (information assurance), for those who are in IT or a security field and desire to increase their knowledge and update their skills, and for those who must augment their abilities in other fields with knowledge and skills in information security.


Make training and resources more accessible

Northern Virginia Community College launched a series of free webinar sessions for individuals exploring career shifts and those interested in various fields of IT, from Amazon Web Services Cloud Computing to CompTIA+ certifications.

Amazon is also investing in its future HQ2 workforce, which included a donation of $3.9 million to CodeVA, a nonprofit that works to make computer science training equitable throughout Virginia’s schools. In response to COVID-19, CodeVA quickly developed virtual programming for students, families and teachers, such as live online code-along events and free AP computer science exam prep.

Additionally, more than 5 million jobs nationwide require some type of security clearance, and although many cybersecurity jobs do not require a level of clearance, there are a number of jobs that do. George Mason University launched the Clearance Ready Program, which helps students prepare for the process of obtaining a security clearance, starting as early as freshman year. Providing the student is a U.S. citizen, students can join the program by attending an introductory session, followed by two clearance-ready activities per semester. These activities include industry-focused panel discussions regarding clearances and workshops on strategies to complete required forms, such as Standard Form 86 for background checks, effectively.


Bridge the gap between tech talent and cybersecurity jobs

According to DICE’s Tech Job Report, Northern Virginia is notably now producing more computer science and cybersecurity talent than Los Angeles, the San Francisco Bay Area and San Jose amid the national talent drought.

According to JobsEQ, the D.C.-Northern Virginia region awarded more than 11,000 computer science and cybersecurity related degrees in the 2018-2019 academic year, whereas Los Angeles graduated 8,000, and the San Francisco and San Jose combined MSAs graduated nearly 6,000. The Washington metropolitan area boasts a cybersecurity workforce of more than 105,000 workers.

In response to the COVID-19 crisis to connect talent to more than 5,000 available IT & cybersecurity jobs in our region, the Fairfax County Economic Development Authority and our partners in the Northern Virginia Economic Development Alliance hosted a Cyber & Cloud Virtual Career Fair in January 2021. Participating employers ranged from small firms to Fortune 500 giants, such as Amazon Web Services, Microsoft and Hewlett Packard Enterprise, including minority-owned, women-owned and veteran-owned companies. 

The virtual career fair resulted in more than 2,500 completed chats with almost 100 recruiters from 28 companies and more than 700 job seekers who participated. This was a clear indicator that career fairs work, and we need to continue to find more ways to help talent get connected to companies, and vice versa.


Solving the Cybersecurity Workforce Shortage

At the end of the day, cybersecurity diligence cannot rest solely on employees to protect themselves from clicking on a phishy email in their inbox. Leaders everywhere must create practical solutions for their companies, regions, and countries that provide learning, education, and workforce employment opportunities so that people within the cybersecurity field feel empowered to get the training they need to be effective at their job.

Partnerships with academia will help in this endeavor, as will added employment opportunities and hiring events. Without such efforts, the cybersecurity field will continue to witness more of what it already has: too few skilled workers, too many outside threats to counter, and fledging network security.