The threat landscape evolves constantly. Cyber defense technology changes regularly. But one cybersecurity headline never seems to change: We need more people.
It’s gratifying to now see the Biden White House addressing the talent deficit in our sector with substantive action, and Vectra AI is eager to assist. But it will take more than one short burst of summer recruitment activity to meet the need. We are not amid a one-press-release-and-done situation; we need a long-term personnel drive.
First, the need. It only grows more acute. Hearing this may induce déjà vu; weren’t we saying the same thing five, seven, nine years ago? Yes. But the sobering thing is, as time passes, the number of vacant cybersecurity positions gets no smaller. It keeps growing.
In the United States alone we see 700,000 vacancies for security technology professionals in mid-2022. Worldwide, the unmet need grew 350% from 2013 to 2021, to 3.5 million workers, according to Cybersecurity Ventures – which predicts that even with feverish hiring, we will still be looking at a 3.5 million gap come 2025.¹
These jobs pay well and represent great professional opportunities – not to mention the change to do vitally important work building a safer, fairer world. Why aren’t we doing better?
Credential Scarcity and Other Obstacles
One reason is the blend of professional skills and certifications frequently specified today. Just a few months ago, about 106,000 vacant information security jobs in the United States required Certified Information Systems Security Professional (CISSP) certification – but we had only 90,000 CISSPs in the whole country, according to CyberSeek. Certified Information Security Managers? 40,000 help-wanted ads, but only 17,000 resumes bearing that credential – and most of those people are likely already employed.²
Another probable issue: talented, diverse people our industry eager to interview may be intimidated or discouraged by formal technical requirements. Yet it is a misconception that we need 3.5 million hyperqualified CISSPs. In fact, cybersecurity needs all kinds of inventive system thinkers. (A hallmark of the Vectra AI approach to security solution design is to build diverse, multitalented teams with – for example – climatologists and first responders complementing computer experts.)
“Don’t be concerned if you don’t have all the certifications or the degrees or the capabilities that you think were historically needed for cyber,” says Deborah Golden, U.S. cyber and strategic risk leader at Deloitte. “Given where the market is today, there’s a need to have greater diversity of thought, and, just candidly, more and different types of skill sets and backgrounds coming to solve."³
A Public-Private Campaign to Cultivate Rising Talent
Clearly, the cybersecurity industry needs to market its opportunities better to high-value security professionals – as well as encouraging people with potential to grow into such roles. We private employers must earn more consideration from worthy candidates.
But cybersecurity is also a national defense priority. It has always been a hybrid defense program in which government sets standards and doctrines while private interests innovate – and both defend critical infrastructure. As we are intertwined, the best way to fill jobs is a public-private partnership.
So the recent news from the Biden administration is promising. In July the White House announced plans to lead creation of hundreds more cybersecurity apprenticeship programs, teaming with private interests in a fast-track, 120-day “sprint.” It’s a partnership between the Labor and Commerce Departments, other federal agencies, and the White House cyber office to help industry associations, private employers, and unions attract great minds.
It's not your typical professional talent drive. It’s more inventive and provocative. Part of the initiative involves tweaking a higher-ed curriculum, the Cybersecurity Workforce Framework, so it can be used by K-12 teachers.
Another priority is to address the ongoing diversity deficit in cybersecurity (mirroring challenges in the bigger, broader technology sector). At the program’s launch ceremony, White House Domestic Policy Director Susan Rice pointed out that women comprise just 25% of the cybersecurity workforce; only 9% identify as Black, 4% as Hispanic.
“We have to do better,” said Rice. “Not in service of some ideal, but because America is safer and stronger when we bring everybody to the table.”⁴
National Cyber Director Chris Inglis believes the program can make a substantial difference “in months or a few years’ time as opposed to having this be with us for the next generation.” But as we hoped, it’s not a short-burst initiative. Inglis expects the federal government to roll out the comprehensive national cyber workforce strategy we so need in the coming months.⁵
While automation and machine learning are integral to next-generation security solutions, our business still depends on smart human beings, and the ongoing shortage translates to unwanted risk for all of us. Vectra intends to be in the forefront of next-generation talent development, and not just because we are hiring, but because it means a safer and fairer world ahead.
President Biden, we’re here for it. For the long term.
¹ “Cybersecurity Jobs Report: 3.5 Million Openings Through 2025,” EIN Presswire, 11 November 2021. https://www.einpresswire.com/article/556075599/cybersecurity-jobs-report-3-5-million-openings-through-2025
³ Sydney Lake, “Companies are Desperate for Cybersecurity Workers – More Than 700k Positions Need to be Filled,” Fortune, 30 June 2022. https://fortune.com/education/business/articles/2022/06/30/companies-are-desperate-for-cybersecurity-workers-more-than-700k-positions-need-to-be-filled/
⁴ David Jones, “White House Takes on Cyber Workforce Gap Through 120-Day Apprenticeship Sprint,” CybersecurityDive.com, 20 July 2022. https://www.cybersecuritydive.com/news/white-house-cyber-workforce-apprenticeship/627705/#:~:text=Biden%20administration%20officials%20are%20launching,a%20long%2Dstanding%20workforce%20shortage.
⁵ Brian Fung, “How to Fill 700,000+ Open Cybersecurity Jobs: Feds Target Apprenticeships,” CNN Business / WRAL TechWire, 20 July 2022. https://wraltechwire.com/2022/07/20/how-to-fill-700000-open-cybersecurity-jobs-feds-target-apprenticeships/