Are we actually making a difference in cybersecurity workforce?
I just returned from the 2022 NICE Conference in Atlanta, GA. It was amazing to meet up with colleagues we have worked with for the past 6 years face-to-face. It was also energizing to connect with new people who are all working to help “Demystifying Cybersecurity,” the theme of the conference. Over the course of 3-days, we convened on topics like degrees, apprenticeships, DEI, frameworks, pedagogy, curriculum, dashboards, and much more. I heard a ton of buzzwords and approaches but there was one particular talk that stood out to me.
On day 2 during the lunch keynote, we all had the pleasure of hearing from Paul Bingham from Western Governors University. Being fully transparent, they were a main sponsor of the event so I expected to hear just how great they are and all the ways they are educating and filling the “skills gap.” For the record, I am a big fan of their program and we did get some of that, but he took it in a very different direction than I expected.
He shared multiple headlines from I believe an NSF publication. Maybe I should’ve taken better notes but not the point today. What those headlines represented were articles written 10, 7, and 5 years ago about the challenges we are and will face in the realm of cybersecurity. He talked about advancements in technology, diversity and inclusion efforts, and much more. The bottom line, all of those stories are 100% still accurate and true today. In many aspects, like the talent pool, we are actually worse.
They announced the updated numbers for the Cyberseek website on day 1 of the conference. The new total that will be shown a million times by all of us increased to 714,548 job postings. This represents a 43% increase in the 12-month period compared to only 18% across the entire employment market. The other statistic that startled me was the number of employed cybersecurity workforce. The number is now 1,091,575 which represents an increase from the last update of about 40,000 workers. This indicates that the number of role growth was around 3X the number of employed workers. In essence, we are still losing the talent battle.
We have added more degrees, boot camps, apprenticeships, certifications, and automation yet we are still losing. Interest in the field has never been higher and pathways into them continue to grow. We continue to throw money and solutions at it but we are still where we were at 10-years ago as outlined in the stories shared by Mr. Bingham. What are we missing?
I firmly believe there isn’t a silver bullet solution but I am also curious to how we slow down the 3X gap in job openings and candidates we are experiencing every time the data updates. The time is now to change the narrative and our approach. We have to stop talking about solutions and delivering results. It is easy to forget each of these roles represents a missing link for our government or a company. They represent vulnerabilities, ransomware, IP loss, and most frightening of all, national security.
The point of my rant is to open up a discussion. Comment, share, argue, agree, or whatever you feel you need to do but I can confidently say that what we have done and continue to do isn’t working.