How America Is Closing the Cybersecurity Skills Gap

Two years prior to being appointed as Securities and Exchange Commission chairman, Jay Clayton and other cybersecurity experts wrote a 2015 Knowledge@Wharton opinion piece calling for the creation of a cross-functional cyber-threat commission, similar to the 9/11 Commission, to coordinate the rising need for information sharing and collaboration that would strengthen industry’s cybersecurity defenses.

How America Is Closing the Cybersecurity Skills Gap

Last month, in his first public speech as head of the SEC, Clayton re-emphasized the need for coordination between companies and regulators to thwart cyberattacks, noting that he and his fellow financial regulators are closely collaborating “to improve our ability to receive critical information and alerts and react to cyber threats.”

Quietly, but with great effect, the regulatory community has been gearing up public-private partnership efforts to be proactive on cyber threats and has now successfully engaged academia. Indeed, fellow financial regulators at the New York Federal Reserve Bank and its member banks, the Securities Industry and Financial Markets Association, companies and local colleges in New York have created a workforce-engagement model — the Cybersecurity Workforce Alliance (CWA). Its goal is to address the weakest link in our cybersecurity defenses: the skills gap.

A June 2017 report from Cybersecurity Ventures is projecting 3.5 million unfilled cyber jobs within the next four years. Veteran investor Jim Rogers and academic Robert Craig Baum opined in Fortune last month that higher education’s continued failure to provide a skills-ready workforce “will likely burst with the force of all previous catastrophes combined — a shock wave so sudden, so large, that it gathers the full force of the savings and loan, insurance, energy, tech, and mortgage crashes, creating a blockbuster-level perfect storm.”

“Nowhere is the workforce-skills gap more pronounced than in cybersecurity.”

But the new CWA engagement model, emerging in the same pro-active manner that Clayton and the regulatory community have been calling for, can help solve this problem. The Alliance has enabled tripartite partnering among the public sector, private sector and academia to solve the gaping — and growing — cybersecurity skills shortage. And collaboratively, a scalable model has taken hold, which helps to align higher education and industry, and provides a sustainable means by which to accelerate cybersecurity readiness in entry-level candidates.

Since its inception in January 2015, the Cybersecurity Workforce Alliance has engaged over 600 corporate executives across a broad swath of industries. Within the education sector, the program alerts students to careers available in cybersecurity and provides an accelerated pathway to reach them. For employers, the program maps the specific skills students need for mobility or up-skilling to advance their careers. In essence, the model creates predictable career pathways while ensuring a “load balance” of resources needed by industry players to maximize productivity and employee retention.

Mind the Gap

Nowhere is the workforce-skills gap more pronounced than in cybersecurity (Forbes estimates the current number of unfilled jobs in cybersecurity at 1.4 million). And advances in technology such as artificial intelligence, IoT, autonomous vehicles, data mining and the like will only widen the gap between workforce-ready students and industry. How did we get here? According to Baum and Roger, it’s academia’s fault:

“Disturbing patterns of unsustainable economic activity have emerged over the last decade. College and university budgets rely on inflated real estate investment, deny the short- and long-term effects of student loan defaults, accept the rise in tuition above the rate of inflation as normal, and expect a downsized part-time faculty to help subsidize inflated tenure track and endowed tenure budgetary lines. The insatiable upper administrative appetite for high salaries, job description absurdity, and low accountability adds endless layers of compulsive, prideful incompetence to an already unstable education business model that believes it simply cannot crash.”

Whether a crash comes or not, the CWA’s success belies the need for higher education to shift to a bottom-line mentality in order to create a sufficient supply of cyber workforce-ready graduates. Rather than pointing fingers, the CWA put its finger on the pulse of industry by understanding that the skills gap problem has been more about market misalignment than academic malfeasance.

Fostering Alignment

For the CWA, subscribing to an industry-first philosophy provided the needed recalibration to begin to close the skills gap. Being industry-first does not suggest that the needs of the private sector would precede the needs of academia in order to improve the real economy and job prospects for graduates. Instead, industry-first defines itself by asking, ‘What are the private sector’s specific needs and what information can industry supply to academia about the expectations of new graduates?’ As such, being industry-first can be defined as providing a taxonomy of the specific description, identification, nomenclature, and classification of private sector job roles and responsibilities need to model a curriculum — at the beginning of a student’s tenure.

Accordingly, industry-first becomes an aligning force for both the private sector and higher education, paving the way for the extension of the workplace into the classroom. Thus, what industry can offer higher education is a current set of existing cyber standards, such as what has been created by the National Institute of Science and Technology (NIST) and the National Initiative for Cybersecurity Education (NICE). These standards could then be used to help detect, isolate and remediate cyber intrusions. Nevertheless, these cyber standards have not yet been tapped to help develop and retain skilled workers through awareness of available careers, education and training.

“The alliance has been able to expand to over 600 enterprise members, representing major financial institutions, consulting firms and Fortune 100 companies.”

What is taught, then, are workforce essential skills based on real-world, regulatory standards that are applied to the private sector daily. These essential skills include team-based problem solving and collaboration; oral and written communication; advocacy and leadership. Mentors are deployed via the CWA from the private sector along with teachers from the institutions. Since the private sector has a good understanding of workforce categories, specialty areas, work roles and the required knowledge, this information could be transferred to higher education.

A further benefit of the industry-first alignment is that it creates an industry-academic-regulatory feedback loop that can advance societal knowledge. Based on a CWA framework, alliance, university and private sector members jointly recommend improvements to the NIST and NICE governmental standards, which are later adopted. Government is learning from industry, which is learning from academia in an expanding virtuous cycle.


Article printed from InvestorPlace Media, https://investorplace.com/2017/08/how-america-is-closing-cybersecurity-skills-gap-ggsyn/.

©2021 InvestorPlace Media, LLC