23 October 2022

If US Loses The War For Cyber Talent, It Loses The Cyberwar

David DeWalt

Over the past year, Americans have felt the stinging impacts of cyberattacks on their personal lives and on the national economy. These attacks exposed millions of personal data records, threatened the availability of fuel, targeted utilities and exposed the risk underlying digital and physical supply chains. The global cost of cyberattacks is expected to reach $10.5 trillion by 2025. And over 620 million ransomware attacks were recorded in 2021 alone. This figure is mind-bending. The past couple of years have seen cyberattacks of unprecedented size and impact: DarkSide, Kaseya, Log4j and the hack involving SolarWinds are just some of the attacks that made headlines.

The cybersecurity industry has responded to this threat by unleashing a wave of innovation, resulting in a plethora of products and technologies coming onto the market—all designed to solve the cyber problem. In 2021 alone, for instance, we saw $29.5 billion in venture capital funding pour into cybersecurity, well more than twice the previous year’s amount, and there are now more than 6,850 companies in the space.

Yet, despite all this investment, the attacks continue to rise and grow more severe by the day. How can the situation be so bleak amid what is truly a golden age of cyber innovation? The answer: There are over 714,000 unfilled cybersecurity positions in the U.S. Without appropriately trained personnel, organizations cannot properly implement and manage the many cybersecurity tools coming to market. As a result, many cannot block and tackle even low-level cyberattacks—let alone those that require more advanced skills.


Our cyber adversaries, meanwhile, understand this problem well. China, for instance, recognizes the economic and national security ramifications of a cyber-skilled workforce and in 2017 declared a goal of building four to six “world-famous” cybersecurity schools in 10 years and has undertaken other ambitious and well-funded initiatives.

In fairness, many people and organizations in this country have refused to sit back and accept this situation. The Cybersecurity and Infrastructure Security Agency has partnered with and supported efforts across the nation to increase and strengthen the future cyber workforce. The National Institute of Standards and Technology’s National Initiative for Cybersecurity Education has fostered a community of stakeholders from academia, government and industry who come together week after week to tackle some of the greatest education, training and workforce challenges. Not-for-profit organizations such as SANS, now the Center for Internet Security; the Cyber Future Foundation, which my company partners with; NextGen Cyber Talent, which I serve on the board of; Women in Cybersecurity; and many others have made incredible progress in establishing programs and training many thousands of people.

Although some progress has been made, it has not been enough. Our nation must produce exponentially more skilled cybersecurity professionals. Yet, most universities and high schools have struggled to offer any kind of cybersecurity curriculum, much less a quality, standardized curriculum. They struggle to retain teachers and fill open roles against often higher-paying private sector jobs. And we are still severely underinvesting in developing cyber skills and 
Encouragingly, the current administration is working to change this. National Cyber Director Chris Inglis and CISA Director Jen Easterly both have espoused cyber workforce development as a top priority of their respective organizations. As one recent example, the White House hosted the Cyber Workforce and Education Summit, which gathered top government and corporate leaders to discuss how to significantly augment our cyber workforce. The Office of the National Cybersecurity Director is currently drafting a national strategy for cyber workforce and education development and recently released an unprecedented call for public comment to assist them in formulating this strategy. Further, our leaders are doubling down on the critical issue of building a more diverse and inclusive cyber workforce. Inglis and Easterly have stressed the importance of welcoming those from all backgrounds and perspectives into a field that has too long failed to include individuals who will bring new ways of thinking and creative approaches.

One potential solution to the workforce gap is to leverage technology to create massively scalable solutions that bring learning opportunities to every person who wants to gain cybersecurity skills. Given how badly outpaced we are on the cyber talent front, we simply don’t have time to move incrementally anymore. Today, many students cannot find affordable programs that fit their aptitudes and career goals, and employers face great difficulty finding qualified candidates and struggle to get them through the “last mile” of training to fill open roles. A technology approach that brings together learners, educators and employers is key to achieving the White House’s goals and will allow us to root out the painful inefficiencies in our current system that often leave certain groups of people behind.

We need to couple these kinds of efforts with those already started by nonprofits and governments. Additionally, we need to contribute where we can financially to funding students to lower the barrier of entry into the industry, particularly for those from underserved or more diverse backgrounds.

In a world of ruthless and asymmetrical cyberwarfare, the next generation of cyber defenders will be our country’s most strategic weapon. If the U.S. loses the war for cyber talent, it will lose the cyberwar. We in the private sector must meet the threat posed by our adversaries with the full force of our innovation engine. The consequences of not addressing this will be measured not in terabytes lost, but in lives.

No comments: