Despite increased political engagement on cybersecurity workforce issues, however, more must be done to build the cybersecurity talent pool. Closing the gap in cybersecurity skills requires countries to develop critical technical skills, cultivate a larger and more diverse workforce, and reform education and training programs to include more hands-on learning.
Here are some suggestions on what can be done:
- Redefine minimum credentials for entry-level cybersecurity jobs and accept non-traditional sources of education
Cybersecurity education should start at an early age, target a more diverse range of students, and include hands-on experiences and training. Early exposure to cybersecurity careers is crucial for developing interest in the field. Universities can seek greater relevance in this field by adding cybersecurity courses and working with industry and government to tailor the curriculum. Programmes should focus on hands-on learning in the form of labs and classroom exercises to provide people with robust and practical skills in this field.
- Diversify the cybersecurity field
Increasing the diversity of the cybersecurity workforce will also expand the talent pool. Workforce enhancement efforts should aim to create a broader pool of cybersecurity talent. Many people with advanced degrees in fields relevant to cybersecurity, including computer and information science, have international backgrounds, and policies enabling them to work in any country would be ideal.
Another barrier to expanding the cybersecurity workforce is the stigma that lingers with job candidates who have a history of hacking. Employers should be encouraged to develop a more flexible attitude towards hiring people who have had earlier experience in hacking.
- Provide more opportunities for external training
Ongoing training programmes are vital to retaining cybersecurity talent, as the lack of such programmes often causes people to seek employment elsewhere. Governments and the private sector should collaborate on ways to enhance training opportunities for both students and current employees who want to improve their skills.
- Evolve skills for automation
As automation creates operational efficiencies, cybersecurity professionals will focus more of their time and effort on detecting, analyzing, and remediating more advanced threats. Employers should evolve skills in response to anticipated needs.
- Collect data and develop better metrics
A dearth of data hampers our ability to develop targeted cybersecurity policies and strategies and to measure effectiveness. More national data on the cybersecurity labor market and standardised job functions will help drive more tailored solutions. Industry leaders, policy makers, and educators should also work to develop a common taxonomy of skills.
There should be clearly defined and commonly understood lists of high-value cybersecurity skills applicable across industry sectors.
Each country has unique factors that shape their cybersecurity posture, and these can be leveraged to develop a stronger cybersecurity workforce. Closing the gap in cybersecurity skills requires countries to develop critical technical skills, cultivate a larger and more diverse workforce, and reform education and training programmes to include more hands-on learning.