White House executive order (finally) addresses the cybersecurity skills gap
It’s no secret businesses and individuals alike face unprecedented risk from cyberattacks and cybercriminals. It’s also no secret the cybersecurity skills gap – the difference between the fast-evolving threat landscape and the skills required to keep us safe – is widening.
But in perhaps the most significant positive development within the cybersecurity realm in recent years, the U.S. government is acting to close the skills gap. On May 12, 2021, President Joe Biden signed an Executive Order that contained eight key initiatives for modernizing the federal government’s response to cyberattacks:
- Removing barriers to sharing threat information.
- Modernizing federal government cybersecurity infrastructure.
- Enhancing software supply chain security.
- Establishing a cyber safety review board.
- Standardizing the federal government’s playbook for responding to cybersecurity vulnerabilities and incidents.
- Improving detection of cybersecurity vulnerabilities and incidents in federal government networks.
- Improving federal government’s investigative and remediation capabilities.
- Adopting national security systems requirements.
Beyond this groundbreaking Executive Order, the Biden administration is also urging corporate executives and business leaders to improve their security posture, to protect their organizations and the American public from unrelenting cybercriminal activity. In other words, the feds are now all-in on cybersecurity.
For cybersecurity practitioners, this is a long-awaited move in the right direction. However, don’t break out the champagne just yet, because a significant hiring crisis within cybersecurity industry currently may block progress. The gap stems from both professional burnout and, a lack of qualified job candidates. We need to improve our cybersecurity programs, but we don’t have enough people or resources to achieve our objectives.
So what do we do?
Closing the cybersecurity skills gap is a multi-faceted issue, and I don’t think there’s a singularly perfect recipe for success. But recent high-profile cyberattacks, in conjunction with Biden’s Executive Order, have increased cybersecurity awareness among the wider population. While there’s no guarantee that this will be the long-awaited catalyst needed for closing the cybersecurity skills gap, the mainstreaming of digital insecurity and its impact on broader society could potentially push us all in the right direction.
Unfilled security positions are projected to reach 1.8 million by 2022.
Jobs in information security are expected to grow by 31% by 2029, according to the U.S. Bureau of Labor Statistics, as demand for IT skills surges in both the public and private sectors. However, research conducted by the nonprofit Center for Cyber Safety and Education suggests the gap between qualified security experts and unfilled positions will widen to 1.8 million by 2022, indicating a growing demand for cybersecurity career development programs at high schools and colleges.
Simultaneously, cybersecurity staffing shortages in the U.S. have placed immense strain on governmental entities and organizations of all sizes, as they struggle filling open positions in the face of elevated cyberthreats. According to a survey by ProtectWise, most millennials are interested in pursuing professions in computer-related fields, but only 9% of those surveyed were interested in a cybersecurity career.
While cybersecurity is one of the most in-demand skill sets across all industries, there is a significant gap between the growing demands for cybersecurity experts and the enduring talent shortage. That disinterest likely stems from a lack of awareness towards cybersecurity professions, along with limited knowledge of everything it has to offer. Clearly, there’s opportunity to improve the profession’s image.
U.S. universities are devoting more resources to cybersecurity degree programs.
Following a record-breaking year for cyberattacks, American institutions are improving their programs to meet the increased demand for qualified professionals in the security industry.
Guy Walsh, the Executive Director of the National Security Collaboration Center (NSCC) at the University of Texas – San Antonio (UTSA), believes our nation has some catching up to do. He further suggests despite the fact Silicon Valley helped establish the U.S. as a global technology leader decades earlier, the country still lags behind global trends in science, technology, engineering, and math (STEM) education.
“If you look at the global competition, the countries that are doing extremely well – India and China, and some of our European countries – it’s because they have placed an increased emphasis on STEM areas in education. We’ve done the exact opposite in the U.S.” – Guy Walsh, Executive Director of NSCC at UTSA
Meanwhile, colleges and universities are developing new cybersecurity and IT career programs to prepare students for today’s digital workforce. Just this year, a number of major institutions introduced groundbreaking new programs and initiatives:
- The University of Hawaii announced new cybersecurity internships.
- Benedict College in South Carolina added a master’s degree extension to its cybersecurity program.
- Frostburg State University in Maryland received grant money for cybersecurity workforce training.
- LaGuardia Community College in New York announced accelerated cybersecurity courses.
K-12 educators are the cybersecurity force multipliers
Perhaps the greatest opportunity in addressing the cybersecurity workforce and talent deficits lays with younger generations. Students’ awareness of cybersecurity principles and their motivations in pursuing cybersecurity careers can be greatly influenced by introducing them to cybersecurity concepts from an early age. One of the most important methods in cultivating student interest towards cybersecurity is ensuring an introduction of cybersecurity into their curriculums from kindergarten through high school and beyond.
In 2013, the Next Generation Science Standards (NGSS) curriculum was released in the U.S., and has since played a major role in schools’ increased investments in STEM programs. The emphasis on the NGSS and STEM has only continued to expand throughout the last decade, with the previous administration allocating $279 million USD in STEM discretionary grant funds during 2018.
Efforts to establish national cybersecurity standards are currently underway with input from government, industries, and educators alike. Once implemented in all 50 states, K-12 students across the U.S. will learn cybersecurity education under the same criteria, a tremendous feat providing educators with the tools needed to ensure equitable access to cybersecurity education – and ultimately cybersecurity careers.
Conclusion
Though filling the cybersecurity talent pipeline has historically been considered a longer-term goal for the U.S., President Biden’s Executive Order emphasizes the increasing importance of addressing substantial cybersecurity workforce gaps without additional delay. Recent cyberattacks on U.S. infrastructure continue serving as warning indicators that the frequency of threats has increased dramatically, necessitating prompt action from the cybersecurity industry and government partners.
To learn more, check out our other cybersecurity-themed articles on the SHI Hub.