Three ways to beat the cyber workforce shortage can be achieved with improving your data based decisions
With increasing attacks on everything from private businesses to government infrastructure, the importance of cybersecurity cannot be understated. But amid workforce shortages and the ever-increasing cleverness of bad actors, how do you stay ahead of the threat?
Government and private industry are looking ahead to evolve as quickly as the enemy. Mandated checklists and processes like STIGs (Security Technical Implementation Guides), CIS (Center for Internet Security), and CMMC (Cybersecurity Maturity Model Certification) seek to simplify and standardize security practices in the government and defense industrial base (DIB). They cover the “what,” “why,” and “how” of protecting government assets. But what about the “who”?
With nearly 600,000 unfilled cyber jobs across the U.S., the cybersecurity workforce shortage is proving especially dire in the public sector. The pay and perks in the private sector are a huge draw for the workforce. So what’s a government to do? There are three approaches currently in progress that could prove invaluable to the government and the DIB moving forward.
- Grow your own.
This month, U.S. Senators Jacky Rosen (D-NV) and Marsha Blackburn (R-TN) introduced the Cyber Ready Workforce Act, a bipartisan bill to establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Companion legislation was introduced by Brian Fitzpatrick (R-PA) and Susie Lee (D-NV) simultaneously.
“The growing cybersecurity workforce shortage has left our nation’s cyberinfrastructure vulnerable to cyber-attacks, posing a direct threat to our economy and national security,” said Rep. Fitzpatrick. “Our bipartisan legislation will help close the cybersecurity workforce gap by offering the next generation of cybersecurity professionals an opportunity to gain technical, in-demand skills for high-paying jobs without taking on burdensome student loan debt. We must ensure that both public and private sectors are supplied with the skilled workforce they need to address modern cybersecurity challenges.”
The Cyber Ready Workforce Act enables the Secretary of Labor to award grants on a competitive basis to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Support services may also include career counseling, mentorship, and assistance with transportation, housing, and childcare costs. This legislation is not the first time this kind of reform has been introduced, but this one may succeed with the current environment and two recent bipartisan attempts to make it happen.
- Building from within.
The U.S. Army is not waiting for the Department of Labor to create an apprentice program. Instead, they are tailoring their cyber training to the knowledge and talents of their workforce right now. As a result, those individuals with more knowledge can be optimized to serve as leaders for other digital users. And those with less propensity can be trained to the level needed to do their jobs safely. The training will include artificial intelligence, machine learning, and deep learning, along with automation.
By building the proper data literacy in the right personnel, the Army can develop an ecosystem of professionals to make as many data-based decisions as possible. In turn, making dat-base decisions would open personnel up to embracing more emerging technologies and data-driven processes. It also creates an enterprise-wide awareness of cybersecurity that can only help as the Army implements the Zero Trust initiatives mandated by executive order last month.
- Put robots on the job.
When it comes to establishing and maintaining security controls such as those defined by STIGs, CIS, and CMMC, a bot is the best person for the job.. Anyone who has worked in cybersecurity knows that manual security updates to existing applications and systems can sometimes be delayed by months due to backlogs and software conflicts. Today’s leading cybersecurity automation solution in the Federal workspace can reduce initial hardening time by 90% while eliminating 70% of the costs. It can also speed the security process, helping you achieve authority to operate (ATO) in hours, not weeks. (Best of all, you can run a bot 24/7 for years and never hear a single complaint about food or sleep!)
Automation is a powerful tool for combating the shortage of cybersecurity personnel you need to harden your systems and lock down data, but there is another benefit. When you free your people to do the things humans do best—addressing those backlogs that take critical thinking skills to complete, for example—everyone is happier, quality goes up, and people stay longer in their jobs.
Get your strategy in place now.
Cybersecurity threats globally are getting more and more sophisticated. Meanwhile, the shortage of cybersecurity workers remains acute. Recruitment is hard. Workloads are huge. Burnout is common.
European banks are told to step up cyberattack defenses amid Russian-Ukraine tensions. “We are asking [banks] to strengthen their cyber regime measures and look at a potential increase in attacks and the danger of these attacks going forward,” Andrea Enria, chair of the European Central Bank supervisory board, told a news conference on Thursday, according to Reuters. He added that the central bank needs more people with the right skills to monitor cyberattacks.
Cybersecurity is an ever-changing landscape of threats, challenges, and innovations that requires adaptable, problem-solving thinkers and doers. It is also a practice of rote processes that can be automated. A collaboration between humans and machines can close the workforce shortage gap, whether you leverage the government’s Cyber Ready Workforce Act apprentice pipeline, retrain current employees to do more to protect government assets, or recruit from the marketplace.
The need for rapid expansion of the current workforce requires education, training, compliance automation, and enabling all personnel to make as many data-based decisions as possible. And the shortage of workers is only expected to grow as cybersecurity takes center stage in the IT field. So tart making your plan now so you don’t get caught dangerously understaffed. And if you need guidance along the way, feel free to reach out.