June 5, 2024 By Ronda Swaney 3 min read

The Office of the National Cyber Director (ONCD) recently hosted a 3-hour discussion on creating a strong cybersecurity workforce; the results are enlightening. The session involved representatives from more than 30 public and private organizations spanning 12 industries.

The ONCD advises the United States President on cybersecurity policy and strategy. Its mission is to advance national security, economic prosperity and technological innovation through cybersecurity policy leadership.

“In our increasingly digital world, where cyber threats are growing more frequent and more sophisticated, we need great cyber talent in every sector of our economy, and we need them in every community across our nation,” said National Cyber Director Harry Coker, Jr. while leading the discussion.

Here are five key takeaways from that event.

1. Cybersecurity isn’t just for tech sectors

As Coker noted in his opening statement, cyber talent is needed by all sectors and communities. It’s no longer contained within the tech community or even within tech-forward companies like finance and retail. Every organization, from large global players to the small business community, faces threats. That means they all need a strategy for cybersecurity threat detection and response.

2. Skills-based hiring opens the field, draws in the underrepresented

Speakers at this assembly noted that there are a half million unfilled cybersecurity roles right now. “We need to adapt faster; we need to open our doors wider,” said Loren DeJonge Schulman, Associate Director of Performance and Personnel Management for the Office of Management and Budget. Traditional hiring focuses on education and experience. Skills-based hiring may remove four-year degree requirements, focusing on competencies instead. For example, an applicant might not have a degree in computer science but may understand how to set up and deploy a cloud platform or use AI and machine learning models.

3. Partnerships yield results

This meeting showed the symbiosis between students who want to learn and opportunities to put that learning into practice. Representatives from Glendale Community College attended the discussion. That college maintains a live security operations center (SOC) where paid interns learn to monitor partnering rural municipalities at no cost. This provides the interns with over 300 hours of competency-based experience as a SOC analyst or engineer while delivering a service to small local governments that may not have the budget or team members to address security concerns internally. As Jiwon Ma, Senior Policy Analyst at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, noted that often in smaller organizations, “People just don’t have the time or the capacity to dedicate their jobs to cybersecurity, and these are very likely rural and small utilities.”

4. Focus beyond career entry to sustaining a career long-term

Chris Novak, Senior Director of Cybersecurity Consulting with Verizon, described his experience: “One of the challenges that we historically saw was someone would get to a certain point, and if they could not figure out what the next step in their career looked like, that often would mean an exit.” To address this, Verizon began to map all of their roles and their required skills. Now, he says, “Individuals in pretty much any role can figure out how they map from a role that they’re in now to other roles in the company.”

5. The cybersecurity talent shortage is a national security issue

Kris Lovejoy, Global Practice Leader, Security and Resiliency with Kyndryl, arrived at the core of why a prepared cybersecurity workforce is so essential: “This isn’t just about creating good-paying jobs. We’ve got a national security issue that we have to address. The reason we’re here is because we recognize we have to put more people into the pipeline so that we can secure our infrastructure.”

Read more about the risks of the current cybersecurity talent gap and how to address it within your organization.

More from News

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Why the Christie’s auction house hack is different

3 min read - Christie's, one of the world's leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.” RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.…

Should there be a total ban on ransomware payments?

3 min read - The debate about the United States government banning companies from making ransomware payments is back in the headlines. Recently, the Ransomware Task Force for the Institute for Security and Technology released a memo on the topic. The task force stated that making a ban on ransomware payments in the U.S. at the current time will worsen the harm to victims, society and the economy. Additionally, small businesses cannot withstand a lengthy business disruption and might go out of business after…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today