Don't miss CIO Dive's previous coverage on how five women in security are approaching the industry's gender gap.
The talent shortage in cybersecurity is far worse than in other areas of tech, but unlike other areas, it’s not getting any better.
There are roughly 300,000 unfilled cybersecurity jobs in the U.S. today, according to Symantec. That figure is expected to grow to 1.8 million jobs by 2022, according to a recent report from Frost & Sullivan for the Center for Cyber Safety and Education
Building the cybersecurity pipeline is essential to meeting future market needs, particularly with the rise rapid uptick in cyberthreat vectors. Schools are working to make changes, but formal education can’t do it alone.
"Corporations and academic partners need to do everything possible to encourage more students to pursue cybersecurity careers and to upskill their current workforce with the IT and cybersecurity competencies necessary to fill the cyber gap," said Bobbie Kilberg, president and CEO of the Northern Virginia Technology Council.
New and creative ways to address the talent deficit and lack of diversity in the industry are needed, and a concerted effort by many will be required to make a dent. Fortunately, several organizations are stepping up to help.
There’s a badge for that
In the U.S., only about 18% of computer science majors are female, while just 10% of information security professionals are women. Simply getting more women involved can go a long way to filling the cybersecurity workforce gap.
"Women only comprise a marginal part of the [cybersecurity] workforce," said Rinki Sethi, senior director, Information Security at Palo Alto Networks. "As the frequency and sophistication of cyberattacks continues to escalate, getting ahead of tomorrow’s cyberthreats will require a diverse team of problem solvers to approach challenges in innovative ways."
Last month, Girl Scouts of the USA (GSUSA) and Palo Alto Networks announced a partnership to create a series of cybersecurity badges. Available starting next year, Girl Scouts in grades K-12 can earn the badges after they demonstrate a mastery of internet security.
The Girl Scouts is the largest leadership organization for girls, with 1.8 million members. Through the partnership, Palo Alto Networks and GSUSA hope to introduce cybersecurity to girls by using compelling curriculum designed to fuel cybersecurity skills and interest.
The two groups plan to make mentorship a big part of the program. Recent research by Accenture and Girls Who Code found that, for girls in middle school (ages 9-11), having a mentor increased the likelihood they would pursue computer science by 16%. A belief that computer science is "for girls" increased the odds by 25%.
The Girls Scouts have some notable alumni to help serve as mentors: YouTube CEO Susan Wojcicki, IBM CEO Ginni Rometty and Eventbrite CEO Julia Hartz.
The mentorship aspect could prove key to helping girls stick with cybersecurity. The need for more mentors and role models continually emerges in tech gender gap surveys. Before launching the new program, the Girl Scouts surveyed their troops and learned that cybersecurity was indeed a big interest area, specifically ethical or white hat hacking and staying safe online.
"If we work together to eliminate the barriers that typically prevent young girls from diving into STEM fields, like gender, geography and access to STEM education — and if we can introduce young girls to cybersecurity beginning when they are five years old — we can inspire the next generation of cybersecurity professionals," said Sethi.
Going to camp
AT&T is also dedicated to proactively training the next generation of cybersecurity experts to fill the growing shortage. Because AT&T sees more than 30 billion vulnerability scans and 400 million spam messages across its global IP network every day, the company has plenty of threat data to pull from.
"Managing a network of AT&T’s scope and scale gives AT&T unique expertise in security," said Retired U.S. Air Force Colonel Lance H. Spencer, director of Air Force Strategy and Solutions at AT&T Global Public Sector.
This summer, AT&T and the Air Force Association (AFA) are hosting "CyberCamps" to teach teens basic cybersecurity skills. AFA will provide software and training kits, while AT&T experts will teach cybersecurity safety and ethics, such as how to improve password security, spot phishing attempts and how to fix cybersecurity flaws. At the end of CyberCamp, teams compete to find and fix cybersecurity flaws in fake networks.
The CyberCamps are part of AFA’s CyberPatriot National Youth Cyber Education Program. In total, they will host 160 CyberCamps in 2017 – a jump from 84 last year and 26 in 2015.
While offering training to young people is certainly a step in the right direction, experts say companies will also need to make changes internally.
For example, AT&T has actively worked to retrain its own employee base to bolster its ranks of cybersecurity professionals — now totaled around 2,000 — by re-training IT workers to become cybersecurity professionals. The company also set up a program that allows recent graduates to rotate through various departments at the company to become well-rounded security experts.
All hands on deck
Ultimately, the solution to the cybersecurity skills gap will require an all hands on deck approach.
"No single group can solve the problem alone," said Bruce Stephen, director of Research at Monster Government Solutions.
Stephen believes educational institutions and businesses will have to partner to attract, develop and retain a talented workforce with the skills, competencies and certifications employers need to meet the demands of today's tech challenges.
Toward that end, Monster Government Solutions and the Northern Virginia Technology Council recently announced the launch of the CyberCapital website to provide resources for employers and cyber job seekers in the Greater Washington region, essentially acting as a one-stop shop to engage the current and future cyber workforce.
"It’s been our experience that building platforms that connect people to job opportunities and education through the collective efforts of government, education, industry, workforce and economic development can make a real difference," said Stephen.