Cybersecurity’s Human Side Is A Problem

The challenge in building cybersecurity resilience is that it is not only about software, code and laws, but also about people. 

This is where there is concern about the new US administration’s planned cybersecurity executive order; the last drafts to circulate online lacked any strategic effort to solve looming workforce challenges.

Across government and industry, the growing need for cyber-security professionals is outstripping the supply. At last report, 40 percent of the cyber-security positions at the FBI remained unfilled, leaving many field offices without expertise. The consultancy Frost and Sullivan estimates that, worldwide by 2020, there will be 1.5 million more security jobs than skilled people to fill them.

Diversity is also a problem. Some 11 percent of cyber-security professionals are women, lower than the already dismal rates in the broader IT world. Even worse, they are on average paid lower wages than men at every single level of the field. How can we fill key gaps if we are only recruiting from less than half the population?

So what can US Congress do, and with an executive branch that has been, shall we say, unsteady so far on cybersecurity issues?

The first step is to not reinvent the wheel. The Obama administration created a “Cybersecurity Human Resources Strategy” (the link has since disappeared from the White House website) that should serve as the basis of any move forward. 

Congress should oversee implementation of the strategy, or its descendant, making sure milestones are hit and targeting gaps with scholarship programs and other incentives. The Congress should also task the Department of Education to report on where it can best aid states and cities, where education policy sits in the US, to start to develop genuinely effective cybersecurity education and workforce strategies to fill needed national, state, and local gaps, as well as steer students towards this valuable and well-paying field. 

Filling the human resources pipeline is a long-term challenge. Of immediate concern is the executive branch’s federal hiring freeze, which has stopped the government from filling vital cyber-security positions. 

Any human resources strategy, however, will fail if it only puts new people in old organisational boxes, using the same pipelines.

Attracting more talented civilian expertise into the government though new channels will be a key to supporting a “deterrence by denial” strategy across our broader networks. 

Another area where Congress can help, and do so by in a way that transcends traditional partisan lines, is to jumpstart more best practices that bring together the public and private sector. A good illustration is the Pentagon’s adaption of a “bug bounty” program. 

This is a program used by many top companies that offers small rewards to encourage a crowd-sourced solution to cyber-security. In essence, it enlists the ingenuity of citizens in the open marketplace to find the holes in our security before the bad guys do. 

Congress should establish a US cybersecurity program to draw upon our nation’s wider technology talent and sense of volunteerism. Today, in the new issue of cybersecurity, there is much to learn from others, past and present, as they wrestle with similar problems. 

We need to stop looking for quick and easy answers in cybersecurity policy discussions. Instead, we have to recognise that this seemingly technical realm is also a people problem. As the saying goes, the most important space is between keyboard and chair.

DefenseOne

How To Eliminate Insider Threats:

Cybersecurity In 2017: Recruitment Is The Key:

How Much Do IT Graduate & Intern Jobs Currently Pay?:

 

« Security & Encryption After Edward Snowden
Google Search For A Fraud Victim »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.