Inspiring Success

A blog from Creating IT Futures

Back to Listing

October 30, 2019

Why the U.S. cybersecurity talent gap threatens national security on 2 fronts

Which is at greater risk from our nation's cybersecurity talent gap: Public or private IT infrastructure?


But wait, nowadays, does that distinction even matter?


Speaking as a guest on our Technologist Talk with Charles Eaton podcast, Randi Parker, senior director, partner engagement, for Creating IT Futures explains why a senior official in the U.S. Department of Homeland Security (DHS) called our nation’s cybersecurity talent gap a leading “national security risk.”


In this excerpted conversation from a recent episode, Technologist Talk host R.C. “Bob” Dirkes asks Randi whether Jeanette Manfra, who is assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is exaggerating the threat.


Randi:  I don't think it's an exaggeration. I think if we don't have the right people to support our networks, our infrastructure, we could be in really big trouble. At the end of the day, it all comes back down to the people.


When we first started talking about cybersecurity all those years ago, we weren't as connected. And the fact that now… we have computers in our pockets, and we have laptops, and we're working from all different places, the way we work has changed… there's just so many more points of exposure that we need to be aware of. I think it's just the boundaries of where and how we work. Most people don't show up at an office, work 9 to 5 and go home anymore. That's just not realistic. And so, we're working on our phones as we're commuting into the office. And then, we're taking a day or two where we're working from home and using our own network to transmit that information… even if you're using things like VPN and other safe ways to engage, you're still only as protected as the tools that you're using.


We see this at the highest levels of government using personal devices and equipment to conduct official business.


Bob:  To call the cybersecurity talent gap in the U.S. economy a national security risk [is] not only a provocative statement, it adds urgency to the whole issue. What are the dynamics that you think spurred Jeanette Manfra to make this sort of statement now?


Randi:  I think it's just a recognition that we are really coming along way in combating some of these threats, and government and industry are working together in a lot of different ways now.


DHS has been around a bit longer, has some roots to it. They have some really great leadership there now. And some of the technical things that I think might have been a struggle earlier on – are still things that we need to be vigilant about, and make sure that we're continuing to work together in a partnership and keep an eye on – but a lot of those initial concerns are starting to find their groove.


Whereas things like workforce, we are still struggling with, and we're still trying to find a way to get a good pipeline, and get a good talent stream, and make sure that we're pulling in people from different walks of life. So, I think because some of the other, maybe, initially more urgent and pressing things are starting to be settled… it enables something like workforce to move to the top of the list of priorities.


Bob:  So, it sounds as though you're saying that urgency is driven first by, of course, national security concerns, but it's starting to broaden now to an understanding that the business community operating in cyberspace is part of the national security infrastructure. Is that a fair statement?


Randi:  I think it is. We've seen that, while cybersecurity has continued to be this really hot topic, and it hasn't gone away, and it's only become more mainstream, that we are still very much in the same place in a lot of ways as it is when it comes to professionalizing that workforce.


Now, we've seen changes in the certification side of things, and we're seeing moreParker_Randi_name companies like Google and others really start to rely on some of these certifications as well. But there's still not a clear path. It's still not the same as if you want to be a doctor or a lawyer. You know exactly what you have to do to get there. You know, in a way that's good. There's a lot of different ways to get into cybersecurity. But I think it's raising the awareness for ways to get into cybersecurity, dealing with some of the stereotypes – that you have to be a math or science major to do it, which simply isn't true. It's a double-edged sword. There's not one straight way to do it… that's also great, but it also complicates things.


Bob:  Manfra calls it a massive shortage of cybersecurity talent that's contributing to the national security risk. The threats to national security for government entities seem obvious. People can dig espionage and stealing from the government and leaking secrets and all of those things. On the private enterprise side, what are some of the tangible losses of value, the tangible harm that can be done through weak cybersecurity?


Randi:  There's a lot, and I don't think that they're being dramatic when they say that it's a massive shortage. You know, latest numbers show that by 2022, the global cybersecurity workforce shortage will be upwards of 1.8 million unfilled positions. So, we see that it's just going to keep growing. So, to say that it's a massive shortage, in a way, is an understatement because that's what it is today. By 2020, that number can be a lot greater.


When it comes to things that are vulnerable with the private sector, you have to think about things like proprietary information, patents, financial information, personal information, all these things that can really put private companies and individuals at risk. Not only does the government need to protect the government-focused information, but it also needs to protect its people and their information.


And in the private sector, it's the same thing. It's making sure that these technologies and personal information, and what actually enables the business to be a business, is protected. And they both, I think, have pretty significant consequences. Should there be a breach, they're just different. But it doesn't make one more or less significant, especially as government and industry work more closely together in so many areas, particularly around cybersecurity.


Technologist Talk with Charles Eaton is a podcast from CompTIA’s tech workforce charity, Creating IT Futures, where we talk to business leaders, workforce professionals and talent developers about shaping technology careers.


Related Posts from Creating IT Futures and CompTIA