A few weeks ago, satirical news site The Onion published an article titled, "China unable to recruit hackers fast enough to keep up with vulnerabilities in U.S. security systems." Like most things on the Onion, it's funny because of the (very large) grain of truth buried in the snarky headline. In the face of unprecedented threats from abroad and at home, the U.S. is facing a severe shortage of cybersecurity talent that shows no signs of abating.
According to the 2015 Global Cybersecurity Status report published by the Information Systems Audit and Control Association (ISACA), 86 percent of the 3,436 business professionals who responded to its survey believe there is a shortage of skilled cybersecurity professionals. Compare that to the over 300,000 unfilled cyber security jobs in the U.S. -- estimated to grow to 1 million to 1.5 million globally by 2020 -- and it is safe to say we have a talent crisis.
"We really screwed things up this time. Somehow, we are in a situation where the sector of technology with the greatest potential negative impact on our lives, businesses, governments, peace, safety and security happens to have a severe deficiency of qualified people to fill its jobs," says Trevor Halstead, product specialist, Talent Services, with online education and training provider Cybrary.
Cybrary is trying to address that deficiency by making cybersecurity training both affordable, accessible and relevant, and to close not just the skills gap, but to increase the number of women and other underrepresented groups in IT as a whole and in cybersecurity in particular.
In a study by Raytheon and the National Cybersecurity Alliance, published in October, 67 percent of U.S. men and 77 percent of U.S. women said no high school or secondary school teacher, guidance or career counselor ever mentioned the idea of a cybersecurity career. Globally, 62 percent of men and 75 percent of women said no secondary or high school computer classes offered the skills to help them pursue a career in cybersecurity.
"Cybersecurity training is the problem; or rather, the cost and the lack of access to that training. It can be as much as $5,000 for a one-week class; entry-level classes average $2,000, which means someone's going to have to take a pretty big gamble with their money to test the waters and see if they want to jump into the field without knowing much about it," Halstead says.
[ Related Story: How to solve the STEM gender equality equation ]
Inaccessible and impractical
Such training is often inaccessible or impractical, Halstead says, and even if a student or their company can afford to shell out the big bucks for training, those skills and knowledge become obsolete very quickly.
"You pay for a class knowing that, within a year, the content and the threats are going to change drastically. What today is a viable, useful malware analysis class won't be worth a damn in a year because the technologies, the exploits, the tools all will change," Halstead says. Not to mention that, for more specialized, niche skills, it can be difficult for training providers to find enough students in their geographic area to recoup their investment, and many classes are cancelled because of "lack of interest," according to Cybrary co-founder, Ryan Corey.
"You need a better way to develop a thriving talent market, and to decrease cost and increase accessibility for these critical skills. That's why we offer completely free hacking, forensics and cybersecurity training classes, all but eliminating that major barrier to entry," Corey says.
[ Related Story: Cybrary and WIT partner to help women advance in cybersecurity ]
Talent at your fingertips
Cybrary's newest initiative is a Talent Services platform that will connect job seekers with employers who desperately need skilled cybersecurity talent at all levels, says Cybrary's Halstead.
"On Cybrary, you can begin a career in the field with absolutely no experience, whether you are technical or non-technical. People with experience can further their training, with classes that can deepen their knowledge of niche skill sets or broaden them horizontally. People writing software, looking for great new career opportunities, looking to become the next great cybersecurity leader and so on, all have the barrier of cost removed and can learn whenever and wherever they want," he says.
Only 10 percent of information security professionals are women, and that needs to change, according to the International Information Systems Security Certification Consortium (ISC)2. Cybrary's Corey says that, with women making up approximately 16 percent of Cybrary users, more IT job seeking women will be able to connect with potential employers through Cybrary's talent services to close the skills gap and the gender gap. Cybrary also works with organizations like Women in Technology (WIT) to achieve greater gender parity and increase cybersecurity skills in the workforce.
[ Related Story: Don't overlook your biggest security flaw: your talent ]
SANS Immersion Academy for women
"Cybersecurity is the single most important business issue for so many CIOs right now, and the situation is going to get worse before it gets better," says Jim Michaud, director of HR and business development at the SysAdmin, Audit, Networking, Security (SANS) Institute, an information security and cybersecurity training company.
In October 2015, SANS launched its CyberTalent Immersion Academy for Women, an accelerated training and certification program to help women fast-track their careers in the cybersecurity field. Participants that successfully completed the program gained Global Information Assurance Certifications (GIAC) credentials, and were guaranteed cybersecurity employment opportunities, says Michaud.
SANS Institute is working with the National Center for Women & Information Technology (NCWIT), a nonprofit focused on increasing women's meaningful participation in computing, to increase awareness of the academy among the thousands of technical women participating in the NCWIT Aspirations in Computing Community.
"The cybersecurity industry urgently needs skilled professionals to fill critical jobs, and women have been a largely untapped resource. The Immersion Academy for Women was developed to provide a fast track for women who are interested in a career in cybersecurity," says Michaud, and initially targeted several thousand women of high school and college age, as well as women already in IT careers, through NCWIT. The Immersion Academy for Women shares the goal of introducing highly talented, yet untapped, individuals to the cybersecurity industry, and is an intensive, accelerated program that can be completed in two to four months, and it's free, Michaud says.
"We're paying travel, lodging, and other expenses; otherwise this would be anywhere from a $15,000 to $20,000 investment. We feel it's well worth it, and employers do, too," he says.