Cybersecurity Workforce Development: Takeaways From a NIST Workshop

I had the opportunity to serve as a panelist at the NIST Workshop on Cybersecurity Workforce Development held in Chicago earlier this month. Based on the day’s conversations, there is still much work to be done.

Representatives from academia, associations, private industry and government converged for discussions on this critical topic, and there remains broad consensus that several steps are critical to make progress on narrowing the cyber skills gap:

1. A shift to skills-based training. Much of the conversation at the NIST workshop addressed the need for hands-on training that demonstrates real skill. ISACA has committed to helping enterprises, academia and individuals through its skills-based training courses and the CSX Practitioner (CSXP) credential.
2. Retraining programs to make more progress in the near term. Look to programs like one in the UK, in which people from a number of fields (bartenders, morticians, barbers) were trained in cyber security positions. About half of the trainees now work in cyber security jobs.
3. Inspiring an interest in tech among K-12 students to help solve the problem in the long term (with solutions on how to reach all schools, including rural schools that may not have the equipment they need to run strong technology programs). Engage mentors from the tech industry to teach courses that teachers may not have the necessary skill sets to teach.
4. Creating a culture that increases cyber awareness and encourages diversity of those choosing to pursue cyber security professionally.
5. More public-private partnerships. Too many organizations are operating in silos. Partnerships and strategic investment will make efforts more scalable and effective.

The good news is that discussions are taking place; the not-so-good news is that the required actions are not happening fast enough.

Government, nonprofits and industry need to make significant strategic investments to ensure scalable programs that begin to make a measurable difference in closing the skills gap.

ISACA looks forward to being an enabler of solutions. Over the next year, you’ll see us make significant progress in the following areas:

1. Helping organizations assess and advance their cyber capabilities
2. Bringing skills-based training to academic settings
3. Equipping enterprises with on-demand, constantly updated skills-based cyber security training
4. Building relationships with government institutions and industry partners to reach a wide audience with our cyber security training and guidance
5. Building public will to invest in other worthwhile programs

The only solution is to work collaboratively and collectively for impact.

Matt Loeb, CGEIT, CAE, FASAE, Chief Executive Officer, ISACA

[ISACA Now Blog]