The world has a cybersecurity talent shortage. In fact, a report from Frost & Sullivan for the (ISC)2 foundation found that the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020 — and it’s only getting worse.
CIOs everywhere are flagging the shortage as a major concern for the coming years. In fact, Gartner’s 2018 CIO Agenda Survey finds that while 95 percent of CIOs expect an increase in cyberthreats over the next three years, only 65 percent of organizations have a dedicated cybersecurity expert on staff —threats are evolving faster than solutions.
"In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data," said Gartner Research Director Rob McMillan in a recent statement. "CIOs can't protect their organizations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it."
In the public sector, where pay might not be an incentive for prime talent, IT talent shortages already persist. And with citizen data on the line, a cybersecurity shortage could equate to a big problem as states and cities come up against looming threats.
So, what can public sector IT leaders do to keep their cities secure and recruit talent in a competitive landscape? A few localities are already at work with creative solutions.
1. Virginia, Colorado Tap Vets to Build Out Cyber Ranks
The state of Virginia is calling on a very specific type of worker to bolster its defenses: military veterans. In 2016, then-Gov. Terry McAuliffe announced the state’s Cyber Vets Virginia initiative, which offers cybersecurity training to veterans with the aim of integrating them into the cybersecurity workforce. While the vets are not trained specifically for government roles, the program could work to bolster Virginia’s cybersecurity defenses as the state seeks to grow its cyber workforce immensely.
“A lot of them have cyber experience, and cyberattacks are really a new form of warfare and we need to be able to defend against it,” program administrator John Malfitano told Governing.
Colorado has taken a similar approach, launching a veterans transition program in 2017 that includes a paid internship program for veterans with an interest in cybersecurity and other IT roles at the state’s technology department. Many of the applicants have already shown interest in the public sector and have been in the military for many years, which makes Deborah Blyth, the state’s chief information security officer, more confident they’ll stay in such positions longer.
“We’re hoping to create a pipeline for ourselves,” Blyth told Governing. “So, as we have turnover and openings, we are able to have these veterans transition into our agency.”
2. Michigan Partners with Citizens to Bolster State Security
Qualified cybersecurity professionals and citizens alike want their data to be secure. Recognizing this, Michigan took the steps put together its Michigan Cyber Civilian Corps, a league of “trained cybersecurity experts who volunteer to provide expert assistance” to the state.
Launched in 2012, the organization functions much like a volunteer fire department for cybersecurity emergencies, ready to spring into action should the governor declare a state of emergency stemming from a cyber incident.
3. States Seek to Build the Next Generation Cybersecurity Expert
Michigan’s Chief Security Officer Rajiv Das hasn’t stopped when it comes to actively pursuing cybersecurity talent. The state sponsors hackathons to identify possible talent to add to its current in-house staff, and Das built relationships with several universities and colleges to offer internships that spur interest in government roles, Government Technology reported.
Das isn’t alone: Several states, including Virginia, partnered with the SANS Institute to provide free online training on cyber skills through a program called CyberStart. Delaware is very active in partnering with CyberStart to expand cybersecurity education to as many students as possible, particularly young women. The state enrolled more than 350 students in the 2017 pilot program and recently launched an online training initiative for girls in grades nine through 12.
“The importance of cybersecurity cannot be understated and I encourage young women in Delaware high schools to take advantage of this opportunity to explore career options in this vital field,” said Gov. John Carney in a statement about the new program. “Delaware needs a pipeline of talent and a strong workforce to remain competitive in the innovation economy.”
While it may seem like these states are preparing for a far-off future, cyberthreats are only going to get worse over time, as are talent shortages for governments that don’t get ahead of the issue. CIOs who get creative will have the best chances of keeping citizen data secure.