With more emerging risks and more data breaches, we continue to hear about the shortage of cybersecurity professionals with the necessary skills, knowledge and experience to protect our information technology infrastructure, especially in the government and public sector.
For instance, in the United States, we know that our federal, state, and local governments are communicating that our information technology infrastructure is outdated and vulnerable to cyberattacks. We also know they are currently trying to pass legislation that will modernize our information technology infrastructure to prevent future cyberattacks. Modernizing information technology infrastructure will help mitigate the risk for cyberattacks; however, you need skilled cybersecurity professionals to continuously identify and evaluate risks, design and implement controls, and assess and monitor the effectiveness of those controls. Just like our outdated technology, we have a shortage of skilled cybersecurity professionals across the government and public sector. How do we solve these problems in the most cost-effective way?
This is important to understand because it’s already difficult to find cybersecurity professionals with necessary credentials to protect information technology infrastructure in the private sector. It’s even more difficult to find these professionals in the government and public sector. Do we just continue to communicate the shortage? Or do we provide an opportunity for private sector cybersecurity professionals to serve their country?
Two members of the US House of Representatives, Ruben Gallego (D-Arizona) and William Hurd (R-Texas), have proposed a Cyber National Guard, which would be similar to the existing Army or Air National Guard. This reserve force would not complete boot camp or use guns in battle. Instead, this reserve force would be called to protect the country against cyber threats and strengthen our national security on the digital battlefield. These resources would identify and patch bugs, upgrade outdated systems to be compliant with policies, and audit and report on information technology infrastructure.
Just like the existing reserves of the National Guard, these cybersecurity professionals would commit to serve their country by volunteering their skills, knowledge, and experience to protect the country from malicious attacks or unintentional changes to the technology infrastructure that supports the government. In return, they would receive the same benefits that anyone serving in the National Guard would receive, including additional pay, tuition reimbursement and other financial benefits. The overarching reward for most of these individuals, though, would be the opportunity to serve their country.
It would be a time commitment both personally and professionally that potential participants would need to consider. However, it would be an opportunity to give back to the country. If former US President John F. Kennedy were around today, would he make the same call to action in the context of this current skills crisis: “Ask not what your country can do for you, but what you can do for your country”? I know that I would consider a Cyber National Guard to be my opportunity to give back to my country.
Michael Podemski, CISA, CISM, CRISC, CIPM, CIPT, Senior Manager, Risk Advisory Services at EY
[ISACA Now Blog]