Cybersecurity’s Human Side Is A Problem

The challenge in building cybersecurity resilience is that it is not only about software, code and laws, but also about people. 

This is where there is concern about the new US administration’s planned cybersecurity executive order; the last drafts to circulate online lacked any strategic effort to solve looming workforce challenges.

Across government and industry, the growing need for cyber-security professionals is outstripping the supply. At last report, 40 percent of the cyber-security positions at the FBI remained unfilled, leaving many field offices without expertise. The consultancy Frost and Sullivan estimates that, worldwide by 2020, there will be 1.5 million more security jobs than skilled people to fill them.

Diversity is also a problem. Some 11 percent of cyber-security professionals are women, lower than the already dismal rates in the broader IT world. Even worse, they are on average paid lower wages than men at every single level of the field. How can we fill key gaps if we are only recruiting from less than half the population?

So what can US Congress do, and with an executive branch that has been, shall we say, unsteady so far on cybersecurity issues?

The first step is to not reinvent the wheel. The Obama administration created a “Cybersecurity Human Resources Strategy” (the link has since disappeared from the White House website) that should serve as the basis of any move forward. 

Congress should oversee implementation of the strategy, or its descendant, making sure milestones are hit and targeting gaps with scholarship programs and other incentives. The Congress should also task the Department of Education to report on where it can best aid states and cities, where education policy sits in the US, to start to develop genuinely effective cybersecurity education and workforce strategies to fill needed national, state, and local gaps, as well as steer students towards this valuable and well-paying field. 

Filling the human resources pipeline is a long-term challenge. Of immediate concern is the executive branch’s federal hiring freeze, which has stopped the government from filling vital cyber-security positions. 

Any human resources strategy, however, will fail if it only puts new people in old organisational boxes, using the same pipelines.

Attracting more talented civilian expertise into the government though new channels will be a key to supporting a “deterrence by denial” strategy across our broader networks. 

Another area where Congress can help, and do so by in a way that transcends traditional partisan lines, is to jumpstart more best practices that bring together the public and private sector. A good illustration is the Pentagon’s adaption of a “bug bounty” program. 

This is a program used by many top companies that offers small rewards to encourage a crowd-sourced solution to cyber-security. In essence, it enlists the ingenuity of citizens in the open marketplace to find the holes in our security before the bad guys do. 

Congress should establish a US cybersecurity program to draw upon our nation’s wider technology talent and sense of volunteerism. Today, in the new issue of cybersecurity, there is much to learn from others, past and present, as they wrestle with similar problems. 

We need to stop looking for quick and easy answers in cybersecurity policy discussions. Instead, we have to recognise that this seemingly technical realm is also a people problem. As the saying goes, the most important space is between keyboard and chair.

DefenseOne

How To Eliminate Insider Threats:

Cybersecurity In 2017: Recruitment Is The Key:

How Much Do IT Graduate & Intern Jobs Currently Pay?:

 

« Security & Encryption After Edward Snowden
Google Search For A Fraud Victim »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Conceptivity

Conceptivity

Conceptivity provide risk management solutions in the areas of Supply Chain Security, Cyber Security and Critical Infrastructure Protection.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.