National Cyber Security Awareness month has been jam-packed with conferences and panels that discuss policies to strengthen our cybersecurity workforce’s ability to pinpoint vulnerabilities. Even with increasingly better tools, corporations and intelligence branches are struggling to hire cybersecurity workers that understand how to respond to cyberattacks in real-time, resulting in a cybersecurity labor force endemic. On October 27, Passcode and the National Cyber Security Alliance hosted an event, “Talent Hack: Solutions to Overcome the Cybersecurity Skills Gap.” The event included a diversity, education, and workforce panel to discuss the difficulties in hiring and retaining a cybersecurity workforce.
The biggest issue is trying to train a qualified workforce. Nadya Bliss, the Director of Global Security Initiative at Arizona State University and one of the “Talent Hack” event’s Education Panel speakers, said that at ASU, they try to challenge their students by giving them access to unconventional realms of study. This means letting students explore in controlled environments, such as setting up hacker competitions or finding at-risk areas in the “Dark Web.” Yet, it remains a question whether this will be enough. With 1 million cybersecurity jobs unoccupied, there simply are not enough people being trained to fill the open positions now—or anytime soon.
The panelists kept stumbling upon what might be the greatest catch-22 for scoping out talent in the cyber sphere. Many of the most talented individuals are not working for governments or corporations; they are embracing the Millennial Generation’s preference to work independently. Hacking independently, particularly referring to cyber thieves or just young talent trying to find a challenge, is more lucrative and less inhibitory than many positions in the private sector and the majority of public sector positions. As Nadya stated, when these hackers, especially young talent, have the capability to hack into government departments or companies, there is a huge temptation to do so.
The hiring process is further complicated by the government’s security processes. Anyone who will be accessing the network needs a trustworthy ethical background, which can often rule out talented hackers. If it was a group of teens who hacked into CIA Director Brennan’s account, Ben Scribner, the Program Director of the National Cybersecurity Professionalization & Workforce Development for DHS, made it clear that the NSA will not be knocking on their doors anytime soon to recruit them. If the federal government does not have flexibility for even exceptional cybersecurity candidates, then even if these people are eventually interested in government service, cumbersome security clearances may be unappealing. And with sequestration, the government continues to want to pay for fewer clearance processes, which can take up to a year. All these factors contribute to the persistent challenge of hiring qualified candidates who can pass background checks.
In the meantime, let’s hope we can find ways to tap into the talent that is available. There’s not much to go around, and we are already behind the curve.