Steve Morgan, Editor-in-Chief. PHOTO: Cybercrime Magazine.

Solving The Cybersecurity Labor Crisis: Every IT Worker Needs To Be Counted In

This article by Fred Donovan originally appeared in Inside Security

– From the Editors at Cybercrime Magazine

Sausalito, Calif. – Jan. 10, 2020

For years, the cybersecurity industry has suffered from a shortage of skilled workers to fill vacant positions. A range of solutions have been proposed, such as starting cybersecurity education in high schools, promoting university-private sector collaboration, incentivizing people to switch to a cybersecurity career, and pumping government money into educational efforts. So far, these efforts have not succeeded in closing the gap. Inside Security asked Steven Morgan, founder of Cybersecurity Ventures and editor-in-chief of Cybersecurity Magazine (pictured at top), about his thoughts on the best ways to address the cybersecurity skills shortage.

1. How bad is the cybersecurity skills shortage, and what effect will it have in the future?

The internet is still very much the Wild West with barely enough law enforcement to protect citizens, businesses and governments. Cybersecurity Ventures predicts that there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million positions in 2014. As a result, we predict that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

2. What can the private sector do to address the problem? Should people from other IT departments or other industries be encouraged and/or incentivized to become cybersecurity pros?

This is how we need to think going forward. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people. Not only do we need to cross IT workers over to cyber, but we need for IT workers to become cyber workers. If we do that, then we’ll make a major gain on the problem. Regarding other industries, anyone with a knack for cat and mouse play is a candidate for cybersecurity. Of course, organizations must decide on training tracks for people at varying levels of skill, but no one should be turned away at this point.

3. What can the educational system do to address the shortage and fill the gap?

Colleges and universities are definitely making big strides by introducing so many cybersecurity programs and degrees. But they need to engage the private sector to make sure that students are getting the type of hands-on education that will transfer to the real world. There are way too many schools that lack professors with real-world cybersecurity experience. One idea might be to align schools with specific businesses that are looking for entry-level cybersecurity people. Then make sure the students are learning exactly what they’ll need to do for those future employers.

4. What can the government do to address the problem?

Funding above all else. Without money, we don’t move the ball forward. The state of Georgia invested $100 million into the Georgia Cyber Center, the largest investment of its kind for a state. Cyber NYC is a $100 million public-private investment intended to make New York City a global leader in cyber innovation; a big part of that is to create the next-generation cybersecurity workforce. We need more of this across the country and the globe.

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.