In our “The Virtual Security Podcast” episode with cybersecurity staffing guru Deidre Diamond of CyberSN, Deidre told host John Verry that she considers our industry’s talent shortage “a massive national security issue.” That’s a strong statement—but it’s hard to disagree with. It makes sense that if business and government can’t find the necessary security expertise, hackers’ benefit—including nation state actors targeting our critical infrastructure and defense industrial base.
“… 65% of organizations represented have a shortage of staff dedicated to cybersecurity.”
Another well-informed woman who has voiced this opinion is Jeanette Manfra, former assistant director for cybersecurity for the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and now Google’s global director of security and compliance. According to Manfra, “It’s a national security risk that we don’t have the talent, regardless of whether it’s in the government or the private sector.”
DHS is prioritizing programs to help educate information security professionals starting in grade school. Manfra also envisioned the government paying for scholarships for cybersecurity professionals to build skills in government positions before moving to (presumably better paying and/or more prestigious) private sector jobs.
Meanwhile, the Office of Management and Budget is acknowledging that the US government’s information security posture is weak and behind the times, even as critical leaders and experts like Manfra and others are leaving for jobs in business. President Trump’s May 2019 executive order means little if agencies can’t retain the good people they have.
Another sector that is particularly vulnerable due to the cyber talent shortage is SMBs, which are not only intensively targeted by hackers but also find it hard to compete with larger businesses for limited security expertise. According to the Cybersecurity Workforce Study 2019, “… 65% of organizations represented have a shortage of staff dedicated to cybersecurity.” Outsourcing can help, but the study estimates that the US cyber workforce needs to grow by 62% to meet today’s demand—let alone tomorrow’s.
That leaves a lot of SMBs potentially vulnerable to attack, often as a back door to infiltrate their larger customers and partners. That strategy has worked well enough for our adversaries up until now.
Meeting the growing demand for information security professionals will be an uphill climb. Fortunately, many government agencies, SMBs and other organizations can meet their needs for strategic InfoSec guidance and/or operational expertise by working with an amazing recruiting firm like CyberSN or outsourcing to a trusted partner.