1 In 3 U.S. Cybersecurity Jobs Are Vacant
The U.S. is short about 500,000 cybersecurity professionals. Experts and Congress say industry, educators and the government should work together to address the shortage.
Cyber attacks are increasing at an alarming rate, but the skills and quantity of cybersecurity professionals aren’t. That’s a big problem, according to U.S. officials.
At a hearing last week of the Research and Technology Subcommittee of the House Science, Space and Technology Committee, officials and industry experts said cybersecurity jobs aren’t being filled due to a lack of skills and inadequate education.
Chairwoman Haley Stevens (D-MI) in her opening statement commented on the lack of computer science education in K-12 and the low numbers of women and minorities in the industry.
“Part of the reason cybersecurity issues are so prevalent is that the demand for cybersecurity professionals far exceeds the supply of those individuals,” she said.
Stevens cited a study by Cyberseek — funded by the National Initiative for Cybersecurity Education (NICE) — that suggests there are over 500,000 cybersecurity job openings in America.
“That means nearly one in three cybersecurity jobs goes unfilled,” she said.
Globally, the numbers tell a more dire story.
According to (ISC)2, a nonprofit association of cybersecurity professionals, the current cybersecurity workforce of about 2.8 million needs to double as the global gap is about 4 million.
The association said in November that the U.S. cybersecurity workforce was at 804,700 but is still 500,000 professionals short.
There are expected to be more than 34 billion connected devices by 2025, giving hackers and data thieves an even bigger target.
IBM is working to tackle that issue, including with programs designed to target new workers without college degrees. The company partners with more than 200 educational institutions to bring cybersecurity education to the next generation of workers, said Sonya Miller, the company’s human resources director for enterprise and technology security.
IBM also offers an apprenticeship program where young workers can learn the skills they’ll need without the burden of student loan debt.
That seems to be working, Miller said.
“Nearly 20% of our security hires since 2015 were new collar workers,” she said.
Chairwoman Stevens said there should be other pathways to a cybersecurity career, and NICE Director Rodney Petersen agreed. NICE, part of the National Institute of Standards and Technology (NIST), already offers support and programs between government, educators and the private sector.
Peterson said the organization is embarking on a new five-year strategic plan that will work to enhance cybersecurity career discovery, transform the learning process and modernize talent acquisition in the field.
One way to modernize talent acquisition is hands-on learning experiences, said Joseph Sawasky, president and CEO of Michigan-based Merit Network, Inc.
The company has developed a cybersecurity practicum called the Michigan Cyber Range that features a simulated city where cybersecurity students can test their skills against a cyber attack.
However, finding qualified cybersecurity teachers and trainers is equally as hard as finding rank-and-file workers, Sawasky said.
“Many organizations are only one cybersecurity position away from a major disaster,” he said. “It’s essential that we all work together to develop and grow this now critical part of the U.S. workforce.”