Modern field guide to security and privacy

How to fill the massive cybersecurity workforce shortage

Cybersecurity skills are in growing demand, but decreasing supply. Key takeaways from an event Passcode hosted in Washington about closing the skills gap.

Michael Bonfigli/The Christian Science Monitor
Lisa Foreman Jiggetts, founder of the Women’s Society of Cyberjutsu, discussed diversity issues in cybersecurity at an event Tuesday in Washington hosted by Passcode.

As many as a million jobs in cybersecurity remain unfilled around the world – but somehow, the massive shortfall in skilled talent hasn’t made it any easier to break into the field, especially for women, millennials, and people of color.

That challenge has led the government, schools, and companies to think outside the box in efforts to bring on new talent. Top officials from the Department of Homeland Security have traveled to  hacker conferences such as Black Hat and DEF CON to recruit talent. In January, Vice President Joe Biden and Energy Secretary announced a that the federal government would budget $25 million to train students at historically black colleges for cyber jobs. There are also a slew of degree and certificate programs available for people hoping to jump into this often high-paying field.

Those efforts are a start, but they aren’t likely to fix the deficit of cyber professionals in the near future.

On Wednesday, Passcode and the National Cybersecurity Alliance (NCSA) hosted an event in Washington featuring officials from the Department of Homeland Security and companies such as Raytheon and Symantec talking about ways to address the skill shortfall in both the government and private sector. The full video of the event is available here.

Here are three things we learned:

1. Creativity is key

One way to bring in new talent at the student level: Create fun challenges, not just homework. Arizona State University, for instance, gives students the opportunity to engage in team hacking competitions, poke around the Dark Web, and engage in other sorts of behavior that could typically be considered mischief.

Curiosity is a sign of great things to come, said Nadya Bliss, director of the school’s Global Security Initiative, which offers programs in cybersecurity at the undergraduate, graduate, and PhD level. "If [a student] actually [starts out] as a hacker, that may actually lead to someone who does very sophisticated problem solving," Ms. Bliss said. "[That] elevates to leading a team and hacking a big project which potentially leads to a leadership position."

2. Industry partnerships help

But even though schools have gone far beyond book learning, more academic opportunities haven’t made the workforce more diverse. A study commissioned by Raytheon and NCSA released earlier this week shows a significant gender gap in terms of cyber education among a random sample of young adults aged 18 to 26 in a dozen countries. More than 74 percent of women polled didn’t think they had enough opportunities to study cybersecurity, compared to just 57 percent of men.

Cecily Joseph, vice president for corporate responsibility and chief diversity officer at Symantec, which offers several pipelines that train students and young professionals, acknowledged that the company couldn’t hire everyone it trains in those programs. Symantec only has a limited number of slots, Ms. Joseph said, so it needs industry to scoop up some of that talent and make sure the newly qualified workers get jobs.

"We’re not going to be successful without industry being a partner along the way," Joseph said. "Because it's other companies that are providing internship opportunities, it's nonprofits that are our training partners, providing training and curriculum guidance along the way."

Diversity can also be improved, according to Lisa Foreman Jiggetts, the founder of the Women’s Society of Cyberjutsu, a nonprofit designed to get women into cybersecurity jobs, by finding alternative means of hiring, such as mentorship and training programs.

3. Trust is essential

Hiring hackers isn’t as simple as it sounds. To work at the Department of Homeland Security or a big contractor such as Raytheon, technologists need to get through extensive background checks, adding to the recruiting headache for both sides.

"[The] majority of our cyber professionals have at least a top secret security clearance," said Darren Burton, vice president of Human Resources at Raytheon. "So to be able to find people that have the skills, and also have the kind of ethical behavior and the ability to be able to get the kind of clearances we need makes it that much more difficult." Even though there are opportunities to do government work outside of the cleared space, Burton acknowledged that they can be few and far between.

To build trust, Ben Scribner, director of the Department of Homeland Security’s National Cybersecurity Professionalization and Workforce Development program, said both the government and contractors need to engage with tech-savvy youngsters before they’re drawn into black hat hacker communities. That could mean doing outreach when in middle school and high school, before the allure of joining a hacker community takes over.


You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to How to fill the massive cybersecurity workforce shortage
Read this article in
QR Code to Subscription page
Start your subscription today