Cybersecurity’s Human Side Is A Problem

The challenge in building cybersecurity resilience is that it is not only about software, code and laws, but also about people. 

This is where there is concern about the new US administration’s planned cybersecurity executive order; the last drafts to circulate online lacked any strategic effort to solve looming workforce challenges.

Across government and industry, the growing need for cyber-security professionals is outstripping the supply. At last report, 40 percent of the cyber-security positions at the FBI remained unfilled, leaving many field offices without expertise. The consultancy Frost and Sullivan estimates that, worldwide by 2020, there will be 1.5 million more security jobs than skilled people to fill them.

Diversity is also a problem. Some 11 percent of cyber-security professionals are women, lower than the already dismal rates in the broader IT world. Even worse, they are on average paid lower wages than men at every single level of the field. How can we fill key gaps if we are only recruiting from less than half the population?

So what can US Congress do, and with an executive branch that has been, shall we say, unsteady so far on cybersecurity issues?

The first step is to not reinvent the wheel. The Obama administration created a “Cybersecurity Human Resources Strategy” (the link has since disappeared from the White House website) that should serve as the basis of any move forward. 

Congress should oversee implementation of the strategy, or its descendant, making sure milestones are hit and targeting gaps with scholarship programs and other incentives. The Congress should also task the Department of Education to report on where it can best aid states and cities, where education policy sits in the US, to start to develop genuinely effective cybersecurity education and workforce strategies to fill needed national, state, and local gaps, as well as steer students towards this valuable and well-paying field. 

Filling the human resources pipeline is a long-term challenge. Of immediate concern is the executive branch’s federal hiring freeze, which has stopped the government from filling vital cyber-security positions. 

Any human resources strategy, however, will fail if it only puts new people in old organisational boxes, using the same pipelines.

Attracting more talented civilian expertise into the government though new channels will be a key to supporting a “deterrence by denial” strategy across our broader networks. 

Another area where Congress can help, and do so by in a way that transcends traditional partisan lines, is to jumpstart more best practices that bring together the public and private sector. A good illustration is the Pentagon’s adaption of a “bug bounty” program. 

This is a program used by many top companies that offers small rewards to encourage a crowd-sourced solution to cyber-security. In essence, it enlists the ingenuity of citizens in the open marketplace to find the holes in our security before the bad guys do. 

Congress should establish a US cybersecurity program to draw upon our nation’s wider technology talent and sense of volunteerism. Today, in the new issue of cybersecurity, there is much to learn from others, past and present, as they wrestle with similar problems. 

We need to stop looking for quick and easy answers in cybersecurity policy discussions. Instead, we have to recognise that this seemingly technical realm is also a people problem. As the saying goes, the most important space is between keyboard and chair.

DefenseOne

How To Eliminate Insider Threats:

Cybersecurity In 2017: Recruitment Is The Key:

How Much Do IT Graduate & Intern Jobs Currently Pay?:

 

« Security & Encryption After Edward Snowden
Google Search For A Fraud Victim »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.