We can see it, we talk about it, yet we sit back and hope it goes away, like the ostrich who puts its head in the sand when it is afraid; we just hope the crux preventing of cyber resiliency goes away too. What am I referring to—the vaunted skills gap that exists across the globe’s cybersecurity workforce. While we have made incredible leaps in technology related to network defense, we have FAILED to address cybersecurity’s the key component—the human. Our workforce development efforts designed to create the requisite skills to perform cybersecurity-related tasks have fallen short. Our pedagogic models only focus on knowledge transfer do not address the needed skills and abilities required to prepare individuals for a dynamic workplace. As an industry and even a profession, we have accepted this methodology without understanding there are two additional components to performing tasks within the scope of a job—skills and abilities and they are perishable.
We are up to our necks
Nefarious actors continue to breach organizations to gain access to critical information, costing organizations on average $7M per incident per the 2016 Ponemon Cost of Breach Study. Why are the number of breaches increasing and the costs per incident rising—the industry can point a December 2016 survey conducted by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) found that human issues are the top cybersecurity and business risks facing companies today. Their post-survey report states that 69% of cyber security professionals say the global cyber security skills shortage has had an adverse impact on their organizations leading to increasingly successful and costly breaches. The most nagging cybersecurity issues presented include:
An abysmal skills shortage.
Inappropriate skill levels of the existing workforce.
Acute talent shortage in security analytics, cloud security, and application security.
Thus, the current staff is overloaded and burned-out
Repeatedly, organizations recognize the problem—yet the conversation continues. So, what can be done?
Stop Talking and Start Doing
It is not as difficult as it seems, but it will require a paradigm shift. Simply stop talking (lecturing) and start doing (put hands on the keyboard). We must transition to an experiential-based education, training, workforce development model that emphasizes skill and abilities focused instruction integrated into existing knowledge-based instructional delivery. By adding more practicum in the classroom, student will develop skills and abilities by experiencing the environment, tools, and threats on a range where professional development can occur. An instruction design model that transitions to an equal lecture and hands-on educational model will play a significant role in reducing the skills gap at every level. When student hear it, see it, do it and repeat the process they parlay knowledge into skills and abilities through the development of experience…employers recognize this and are always looking for experience…experience can be gained during initial, mission, and advance training if a range is available to build hands on skills and make students job ready.
Next week, I am going to discuss a process that can immediately begin the process addressing skills development through a academic-private sector partnership.