June 5, 2024 By Ronda Swaney 3 min read

The Office of the National Cyber Director (ONCD) recently hosted a 3-hour discussion on creating a strong cybersecurity workforce; the results are enlightening. The session involved representatives from more than 30 public and private organizations spanning 12 industries.

The ONCD advises the United States President on cybersecurity policy and strategy. Its mission is to advance national security, economic prosperity and technological innovation through cybersecurity policy leadership.

“In our increasingly digital world, where cyber threats are growing more frequent and more sophisticated, we need great cyber talent in every sector of our economy, and we need them in every community across our nation,” said National Cyber Director Harry Coker, Jr. while leading the discussion.

Here are five key takeaways from that event.

1. Cybersecurity isn’t just for tech sectors

As Coker noted in his opening statement, cyber talent is needed by all sectors and communities. It’s no longer contained within the tech community or even within tech-forward companies like finance and retail. Every organization, from large global players to the small business community, faces threats. That means they all need a strategy for cybersecurity threat detection and response.

2. Skills-based hiring opens the field, draws in the underrepresented

Speakers at this assembly noted that there are a half million unfilled cybersecurity roles right now. “We need to adapt faster; we need to open our doors wider,” said Loren DeJonge Schulman, Associate Director of Performance and Personnel Management for the Office of Management and Budget. Traditional hiring focuses on education and experience. Skills-based hiring may remove four-year degree requirements, focusing on competencies instead. For example, an applicant might not have a degree in computer science but may understand how to set up and deploy a cloud platform or use AI and machine learning models.

3. Partnerships yield results

This meeting showed the symbiosis between students who want to learn and opportunities to put that learning into practice. Representatives from Glendale Community College attended the discussion. That college maintains a live security operations center (SOC) where paid interns learn to monitor partnering rural municipalities at no cost. This provides the interns with over 300 hours of competency-based experience as a SOC analyst or engineer while delivering a service to small local governments that may not have the budget or team members to address security concerns internally. As Jiwon Ma, Senior Policy Analyst at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, noted that often in smaller organizations, “People just don’t have the time or the capacity to dedicate their jobs to cybersecurity, and these are very likely rural and small utilities.”

4. Focus beyond career entry to sustaining a career long-term

Chris Novak, Senior Director of Cybersecurity Consulting with Verizon, described his experience: “One of the challenges that we historically saw was someone would get to a certain point, and if they could not figure out what the next step in their career looked like, that often would mean an exit.” To address this, Verizon began to map all of their roles and their required skills. Now, he says, “Individuals in pretty much any role can figure out how they map from a role that they’re in now to other roles in the company.”

5. The cybersecurity talent shortage is a national security issue

Kris Lovejoy, Global Practice Leader, Security and Resiliency with Kyndryl, arrived at the core of why a prepared cybersecurity workforce is so essential: “This isn’t just about creating good-paying jobs. We’ve got a national security issue that we have to address. The reason we’re here is because we recognize we have to put more people into the pipeline so that we can secure our infrastructure.”

Read more about the risks of the current cybersecurity talent gap and how to address it within your organization.

More from News

3,000 “ghost accounts” on GitHub spreading malware

3 min read - In the past, cyber criminals directly distributed malware on GitHub using encrypted scripting code or malicious executables. But now threat actors are turning to a new tactic to spread malware: creating ghost accounts. A highly effective malware campaign Check Point Research recently exposed a new distribution-as-a-service (DaaS) network, referred to as the Stargazers Ghost Network, that has been spreading malware on GitHub for at least a year. Because the accounts perform typical activities as well, users did not realize that…

Warren Buffett’s warning highlights growing risk of cyber insurance losses

3 min read - The United States cyber insurance industry continues to see strong profits, according to Fitch Ratings. Average premium increases, meanwhile, have moderated over the last three years: While 2021 saw a 34% jump in premium pricing and costs rose 15% in 2022, increases were under 1% in 2023.As noted by the Fitch Ratings report, "segment underwriting profitability at current levels is unsustainable as cyber insurance pricing is likely to remain flat or down going forward." While this is good news for…

New CISA guidance for organizations adopting Single Sign-On

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a comprehensive study of various small and medium-sized businesses to help identify common challenges and opportunities associated with Single Sign-On (SSO) adoption. SSO has garnered considerable chatter across several industries, especially regarding its ability to improve security while extending a certain level of convenience to employees using this protocol. However, it hasn’t yet been widely adopted as a best practice standard. Some businesses rave about SSO's security benefits, while others are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today