Re-Engineering the Cybersecurity Human Capital Crisis (original) (raw)
Related papers
CLOSING THE CYBERSECURITY SKILLS GAP
The current consensus is that there is a worldwide gap in skills needed for a competent cybersecurity workforce. This skills gap has implications for the national security sector, both public and private. Although the view is that this will take a concerted effort to rectify, it presents an opportunity for IT professionals, university students, and aspirants to take-up jobs in national security—national intelligence as well military and law enforcement intelligence. This paper examines context of the issue, the nature of the cybersecurity skills gap, and some key responses by governments to address the problem. The paper also examines the emerging employment trends, some of the employment challenges, and what these might mean for practice. The paper argues that the imperative is to close the cyber skills gap by taking advantage of the window of opportunity, allowing individuals interested in moving into the cybersecurity field to do so via education and training.
Capacity building – how to encourage cyber-experts to join the military?
Cybersecurity and Law, 2021
One of the biggest challenges faced in building the capacity of armed forces to operate in cyberspace is to attract, improve and retain expert staff. Cyberspace is, after all, the only operational domain that has been entirely created by people, so people have to be able to use it and also to constantly create it anew. According to the estimates cited e.g. by ENISA in 2019, there was a shortage of over 4 million cybersecurity specialists on a global scale, and approx. 65% of organisations declared staff shortages in the area of tasks related to cybersecurity. A real race for specialists in this domain is observed among both international corporations and domestic companies from plenty of industries, critical infrastructure operators and, finally, intelligence services. In this inter-sectoral, global competition, the public sector (which includes the military) is often in a difficult situation because of the limited possibilities of using financial incentives. Considering the needs and constraints, a resources-building strategy should be adopted that uses all the advantages found within the range of influence of the military sector. The article discusses them using various approaches, based on actions successfully implemented by the Polish Ministry of National Defence under the programme of capacity building in the armed forces to operate in cyberspace. The first aspect the image, motivation and challenges. Service in the cyber armed forces component provides the opportunity to reach areas unattainable anywhere else, including constant interaction with a well-prepared and highly motivated enemy. The second point for consideration is education and continuous improvement. The possibilities to recruit experts who already have a good position in the commercial market are limited. Therefore, development of the * Tomasz Zdzikot, Secretary of State at the Ministry of National Defence and Plenipotentiary of the Minister of National Defence for Cyberspace Security (2018-2020), responsible for the creation and implementation of the CYBER.MIL.PL programme. Tomasz Zdzikot military education system is the best way to ensure a steady inflow of staff. In Poland, it was decided both to use military academies for this purpose and a real educational ecosystem is being created and constantly developed, also including a military IT secondary school and a dedicated non-commissioned officer school. Civilian secondary schools run (in cooperation with the Ministry of National Defence, MON) profiled vocational training classes, students of civilian universities undergo military training in cybersecurity, and the performance improvement will be managed by the Expert Cybersecurity Training Centre. The third aspect is the Territorial Defence Force, which gives the opportunity in the Cyberspace Operations Team to combine military service and to continue previous professional work on an extremely competitive market.
The Cyber Talent Gap and Cybersecurity Professionalizing
International Journal of Hyperconnectivity and the Internet of Things, 2018
Two significant issues loom throughout the cybersecurity domain. The first is the shortage of cybersecurity professionals and the second quandary is the lack of minimum entry standards in cybersecurity. Some organizations' cybersecurity operations are suffering due to the cybersecurity talent gap accompanied by the increasing sophistication and number of cyber-attack attempts. The shortage of cyber talent is rampant in private entities as in public agencies, which highlights the resolve for entry standards into cybersecurity to enhance the professionalization. Researchers and practitioners provide countless recommendations for ameliorating the cybersecurity workforce by addressing the professionalization issue. Professional associations are the nexus of cybersecurity and possess the expertise, leadership, and sustenance to spearhead efforts to develop national-level strategies to resolve the talent gap and establish professionalization standards.
Future Needs of the Cybersecurity Workforce
International Conference on Cyber Warfare and Security
Expected growth of the job market for cyber security professionals in both the US and the UK remains strong for the foreseeable future. While there are many roles to be found in cyber security, that vary from penetration tester to chief information security officer (CISO). One job of particular interest is security architect. The rise in Zero Trust Architecture (ZTA) implementations, especially in the cloud environment, promises an increase in the demand for these security professionals. A security architect requires a set of knowledge, skills, and abilities covering the responsibility for integrating the various security components to successfully support an organization’s goals. In order to achieve the goal of seamless integrated security, the architect must combine technical skills with business, and interpersonal skills. Many of these same skills are required of the CISO, suggesting that the role of security architect may be a professional stepping-stone to the role of CISO. We ...
What do the Financial Services and Chemical sectors have in common with the Transportation and Government Facilities sectors? All sectors need workers skilled in cybersecurity. What will it take to have qualified workforce candidates coming out of education or training programs with the necessary cybersecurity skills and abilities? A global study indicates there will be a shortage of approximately 1.8 million skilled cyber workers in the next few years (Center for Cyber Safety and Education 2017) . This creates a two-fold problem for national security and protecting our critical infrastructure from cyber attacks. First, is training a sufficient number of new information security workers and, second, is ensuring that existing Information Technology (IT) and cybersecurity workers have the requisite skills to provide necessary levels of security to protect information assets. This paper addresses the second issue – how to better equip learners to enter into, or remain in, the workforce with the necessary cybersecurity skills and abilities. This paper proposes the use of Competency-Based Education and Mastery Learning (CBML) methodologies as an innovative and more effective approach than the current Outcome-Based Education (OBE) approach. CBML methodologies strive for learners to master critical skills at a minimum 95% competency level, before moving on to the next knowledge or skill component; rather than the OBE approach, where a “passing” grade of “C” equates to a 70% competency level. From which approach would you want to hire cyber workers for the Healthcare and Public Health sector or the Energy sector?
RQ Labs: A Cybersecurity Workforce Skills Development Framework
Information Systems Frontiers
This research contributes to the knowledge of how Information Systems (IS) researchers can iteratively intervene with practitioners to co-create instructional programs with a framework designed for fast-paced, rapidly changing IS fields such as cybersecurity. We demonstrate how complex fields, such as cybersecurity, have the need for a skilled workforce that continues to rapidly outpace supply from universities. IS researchers partnering with practitioners can use this research as an exemplar of a method to design, build, and evaluate these innovative co-curricular IS programs. Moreover, we find these co-curricular IS programs are essential to upskilling students, integrating training on the latest tools, systems, and processes in these rapidly evolving disciplines.
Cybersecurity Workforce Development Directions
2012
The cybersecurity workforce is one of the most critical employment sectors in the world. The systems supporting the information technology requirements of the world’s government, power, and financial systems are interconnected more than any other system in the world. Despite the criticality and interconnectivity of these systems, the workforce has developed without a concentrated and standard view of its requirements. In this paper the authors report on efforts in the last two years to define the requirements for developing the cybersecurity workforce.
IJERT-Facilitating Regional Cybersecurity Workforce Development
International Journal of Engineering Research and Technology (IJERT), 2016
https://www.ijert.org/facilitating-regional-cybersecurity-workforce-development https://www.ijert.org/research/facilitating-regional-cybersecurity-workforce-development-IJERTV5IS040048.pdf With growing cybersecurity workforce needs both regionally and globally, programs are required to develop information systems security professionals to meet these evolving requirements for stakeholders locally, nationally, and in the Asia-Pacific Region. The evolving programs at the University of Hawai'i-West O'ahu are structured along two primary lines of effort to strengthen cyber workforce development; the implementation and expansion of a student-run cyber security coordination center and an increased cybersecurity focus on the protection of critical infrastructure.
Annals of Disaster Risk Sciences
Different reports show that organizations face a number of hurdles in their efforts to better protect sensitive data. Most frequently mentioned is the challenge of enforcing security policy across the data lifecycle (57%), followed by lack of expert staff (50%), and lack of budget (48%). This article includes the statistics regarding cybersecurity threats and attacks, professionals’ shortage and the expected knowledge, skills and experience for doing this kind of job. Also the article offers some possible solutions for solving this problem, as well as the advantages and disadvantages of different options.
Journal of The Colloquium for Information Systems Security Education, 2022
This paper describes an effort to establish a vertically integrated pathway to identify and develop industrial control systems cybersecurity talent that extends from middle school to graduate degrees, leveraging the unique strengths of career and technical education. Educators and administrators seeking to ignite student interest in cybersecurity at a young age, and to provide a clear curriculum pathway to meet employer needs in the field of industrial cybersecurity may find this effort of use.