Cybersecurity’s Human Side Is A Problem

The challenge in building cybersecurity resilience is that it is not only about software, code and laws, but also about people. 

This is where there is concern about the new US administration’s planned cybersecurity executive order; the last drafts to circulate online lacked any strategic effort to solve looming workforce challenges.

Across government and industry, the growing need for cyber-security professionals is outstripping the supply. At last report, 40 percent of the cyber-security positions at the FBI remained unfilled, leaving many field offices without expertise. The consultancy Frost and Sullivan estimates that, worldwide by 2020, there will be 1.5 million more security jobs than skilled people to fill them.

Diversity is also a problem. Some 11 percent of cyber-security professionals are women, lower than the already dismal rates in the broader IT world. Even worse, they are on average paid lower wages than men at every single level of the field. How can we fill key gaps if we are only recruiting from less than half the population?

So what can US Congress do, and with an executive branch that has been, shall we say, unsteady so far on cybersecurity issues?

The first step is to not reinvent the wheel. The Obama administration created a “Cybersecurity Human Resources Strategy” (the link has since disappeared from the White House website) that should serve as the basis of any move forward. 

Congress should oversee implementation of the strategy, or its descendant, making sure milestones are hit and targeting gaps with scholarship programs and other incentives. The Congress should also task the Department of Education to report on where it can best aid states and cities, where education policy sits in the US, to start to develop genuinely effective cybersecurity education and workforce strategies to fill needed national, state, and local gaps, as well as steer students towards this valuable and well-paying field. 

Filling the human resources pipeline is a long-term challenge. Of immediate concern is the executive branch’s federal hiring freeze, which has stopped the government from filling vital cyber-security positions. 

Any human resources strategy, however, will fail if it only puts new people in old organisational boxes, using the same pipelines.

Attracting more talented civilian expertise into the government though new channels will be a key to supporting a “deterrence by denial” strategy across our broader networks. 

Another area where Congress can help, and do so by in a way that transcends traditional partisan lines, is to jumpstart more best practices that bring together the public and private sector. A good illustration is the Pentagon’s adaption of a “bug bounty” program. 

This is a program used by many top companies that offers small rewards to encourage a crowd-sourced solution to cyber-security. In essence, it enlists the ingenuity of citizens in the open marketplace to find the holes in our security before the bad guys do. 

Congress should establish a US cybersecurity program to draw upon our nation’s wider technology talent and sense of volunteerism. Today, in the new issue of cybersecurity, there is much to learn from others, past and present, as they wrestle with similar problems. 

We need to stop looking for quick and easy answers in cybersecurity policy discussions. Instead, we have to recognise that this seemingly technical realm is also a people problem. As the saying goes, the most important space is between keyboard and chair.

DefenseOne

How To Eliminate Insider Threats:

Cybersecurity In 2017: Recruitment Is The Key:

How Much Do IT Graduate & Intern Jobs Currently Pay?:

 

« Security & Encryption After Edward Snowden
Google Search For A Fraud Victim »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Surevine

Surevine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Procsima Group

Procsima Group

Procsima Group was created to help you achieve good IT management and security excellence.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.

Quantropi

Quantropi

Quantropi is bound to be the standard for quantum-secure data communications – forever unbreakable, no matter what.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Two Candlesticks

Two Candlesticks

Two Candlesticks is a global cybersecurity service provider delivering high level consultancy, strategy, and frameworks to governments, regulators and midsized companies.

CQURE

CQURE

CQURE is divided into four main cybersecurity excellence areas: CQURE Consulting, CQURE Academy, CQURE Knowledge Sharing and CQURE Cyber Lab.