Recovery from high-profile breaches such as the SolarWinds and Exchange hacks will be difficult and very costly, but could be prevented with the right computer network defense (CND) architecture and, more specifically, the proper cyber education and training. These breaches highlight the need for a complete overview of current security measures, as well as an expanded outlook on how to train future generations of cybersecurity professionals to prevent similar attacks.
October has officially been named National Cybersecurity Awareness Month and week three highlights cybersecurity careers – inspiring and promoting the exploration of those jobs. There are about 465,000 open positions in cybersecurity nationwide as of May 2021. While initiatives to encourage employment within the cybersecurity field are key to filling these roles, there is a greater push needed in fostering cyber education. Here we’ll analyze the best initiatives to ensure cyber graduates have a better understanding of the industry, as well as emerging skill sets that are crucial to master before entering the cyber workforce.
Starting early, and staying involved
Organizations must consider how they can become more involved in the community around them, encouraging youth to pursue technical career paths. For example, Raytheon Technologies and the Boys & Girls Clubs of America (BGCA) launched a partnership to enhance STEM programming and exposure across Boys & Girls Clubs with the rewrite and launch of BGCA’s DIY STEM curriculum and increasing STEM career exploration. Similarly, Girls Who Code Summer Immersion Program teaches high school-aged girls the computer science skills they need to make an impact in their community while preparing for a career in technology. Investment in such programs are crucial to the future of the cybersecurity industry.
Tech executives, academics and government leaders must also offer work experiences and competitions to attract and engage our future cyber workers. It is during real-world breaches where cyber defense skills are really put to the test. This happens every year at the National Collegiate Cyber Defense Competition (NCCDC), an event during which I have served as a professional Red Team volunteer for multiple years. More than 230 colleges and universities compete each year to test their cybersecurity prowess, culminating in single-round eliminations at regional contests nationwide, with 10 finalists advancing to the national round. In a competition environment, cyber students are forced to think on their feet and identify solutions under pressure. By competing against a Red Team, composed of security experts from major tech companies and government organizations, students face off against skilled attackers and the stark reality of racing against the clock – an experience that most veteran security professionals are very familiar with.
In order to achieve the next best crop of cyber graduates, such experiences are key prior to actually starting their career. Otherwise, they will be underprepared and overwhelmed with the reality of what is required for such success in the security field.
C-suite communication & collaboration
Cyber graduates entering the workforce must be able to articulate what emerging security guidelines mean, how an attack might happen, and what can be done to resolve potential issues. This may become an extremely complex job, as more and more policies, regulations, and orders are released – but it is a conversation that needs to happen with C-suite executives, and corporate boards to ensure an organization’s leaders understand the types of threats their companies might be under.
The most recent escalation of cybersecurity mandates from the DHS and an additional cybersecurity executive order from President Biden are just two examples of extensive literature that need to be examined and communicated properly in order for organizations to effectively prepare against the next cyber attack. With this in mind, it’s not surprising that Gartner expects that by 2025 40% of boards to have a dedicated cybersecurity committee with oversight from a “qualified board member.” Fewer than 10% of boards have a cyber-specific committee today, but as this number grows, cyber graduates that can clearly communicate such intricate guidelines will stand out among their peers.
These directives, executive orders and compliance guidelines promise to grow and change as cyberattacks evolve, and they will need a trained eye in order to understand and enact such commands. Challenging students to speak in layman’s terms while still conveying the appropriate level of urgency will be a crucial skill for their future cyber careers that many seasoned security experts lack today.To effectively combat the #cybersecurity skills gap, and properly prepare against the next new #cyberthreat, organizations will need to be creative in how they are involved with the education of the next generations of cyber professionals. #respectdataClick to Tweet
If organizations want to effectively combat the ongoing skills gap war in the cybersecurity field, as well as properly prepare against the next new cyber threat, they will need to become creative in how they become involved with the education of the next generations of cyber professionals. Promoting an interest in cyber at a young age, while continuing to provide support and training throughout these careers, will be significant for any organization in order to successfully face off against adversary cyber threats.