Despite advances in artificial intelligence and machine learning technologies, the cybersecurity industry is still facing a skills gap crisis. According to findings from the “Global Information Security Workforce Study,” presented by (ISC)2, the workforce gap is projected to reach 1.8 million by 2022. That’s an increase of 20 percent since 2015, due in large part to the dearth of candidates who are actually aware of careers in cybersecurity.
While the numbers seem formidable, the gap can be filled if leaders in the industry get a little creative about filling the pipeline. In addition to embracing diversity, it’s incumbent upon experts in the field to build relationships with the next generation of cybersecurity experts. Partnering with colleges and universities and identifying the skills needed to build a new collar workforce are key ways to attract a wider pool of candidates, but limiting outreach to young adults could lead to overlooked opportunities to connect with an entire generation of children.
Can ‘Screen Time’ Equal Opportunity?
Millennials have already entered the workforce and their careers are taking shape, so it’s time to shift focus to the K–12 sector, where kids are increasingly being educated on screens. To those who have young children at home, it’s no secret that they love to use their devices. Parents today are repeatedly warned that they need to limit the number of hours that their children sit in front of a screen. But what if that screen time can provide opportunities to teach more responsible online behavior?
We live in a digital world from which there is no turning back. Rather than fight an uphill battle, why not embrace the interconnectedness that technology affords our children and leverage gaming to prepare youngsters for careers in cybersecurity?
Teach the Children Well
McAfee recently warned parents about their children’s internet exposure in their report on the role of cybersecurity in the gaming world, “Don’t Play Games With Your Cybersecurity.” Their research found that 62 percent of children play games in which they speak to other people while playing.
That interaction has parents worried about who is behind the screen. Of the parents surveyed, 71 percent agreed that online gaming could potentially expose their children to inappropriate content. A vast majority — 75 percent — are fearful that this “other” could be a sexual predator. Sixty-one percent of the parents surveyed are concerned about their children interacting with a bully.
Parents also fear their children could potentially be fooled by a threat actor, who — disguised as another player — could actually steal personal or financial information. Yet the survey found that “despite this worry, 44 percent of parents would still allow their child to play a game that they are technically too young for,” making children a vector of compromise.
The anonymity of online gaming is as much a breeding ground for illicit activity as it is for competitive interchange. Gamers want to win; so when a peer offers a means by which a player could overcome an obstacle and advance to the next level, children are likely inclined to click, according to Jason Flood, researcher and IBM X-Force CTO for gamification.
“The promise is never lived up to,” Flood said. “Instead, they’ve installed malware because kids don’t understand the risk, especially when their vision is clouded by their end goal, which is to advance.” That’s where educating kids about good cyber hygiene becomes critical not only to their competitive inclinations, but to their futures.
Priming Careers in Cybersecurity
Yes, gaming presents risks. But allowing kids to play online games while teaching them how to protect themselves presents a huge opportunity for the future of cybersecurity. According to a new survey from ProtectWise, it’s the younger generation that will fill the cybersecurity jobs gap.
Millennials grew up on iPhones and tablets, and being raised in the digital world led them into technology-related jobs. A survey of more than 500 millennials found that “gaming has contributed to an appetite for technology-oriented careers. Forty percent of all surveyed have been gamers for more than 10 years.”
What millennials may not have learned in those gaming experiences, though, is that protecting their privacy is not only critical to maintaining the integrity of their devices, it’s also a potential career path.
As we look to the future of where the post-millennial generation is headed, the cybersecurity industry needs to get its head in the game. Kids are gaming, which poses risks, but the solution is not to scare their parents. Rather, it’s about teaching the parents — and their kids — about establishing safe web practices.
Gamification has become a useful tool in defending organizations against cyberthreats. According to McAfee research, four in 10 organizations use a gamification exercise at least once a year. “There is a correlation between the use of gamification and happier cybersecurity staff. More than half (54 percent) of respondents who are extremely satisfied in their roles say they use ‘capture the flag’ gaming once or more a year.”
Capture the flag (CTF) competitions have long been extremely popular at cybersecurity events. Players at the annual Black Hat and DEF CON conferences stay up until the wee hours hoping to win, and many experts in the industry endeavor to expose young kids to the game.
“I have run a number of CTF games and tournaments for 12- to 17-year-old age groups, partnering with local universities in Ireland,” Flood said. “IBM recently ran a CTF in Taiwan with both the Irish and Taiwan honeynet project, which are open source groups that helped to construct the content that was played.”
If post-millennials are the generation of gamers raised on technology, using gamification to teach them how to be active participants in securing their digital worlds exposes them to what was missing for millennials: an awareness of the careers available to them in cybersecurity.