Seeking Sustainable Results in Addressing Cyber Talent Gap

One the most discussed topics of the past decade has been the growing talent gap in cybersecurity. Conventional wisdom suggests the gap is growing between what is being taught at universities versus what is required by the fast-evolving industry. This may be applicable for most industries but is wider in tech industries and even deeper within the cybersecurity specialization.

Some recent events helped me analyze this challenge closely and recommend some strategies, including a speaking opportunity as a panelist at Pakistan’s InfoSec 2021 event for a session on how to fill the talent gap, mentoring a group of women who are returning to work after a break and being invited to speak at a renowned higher education institute that wanted to offer talks on the topic.

One of the big challenges is that we do not have visibility to the success stories of whatever collaborations are happening. For sustainable results, I would submit:

• Isolated sessions may not help find long-term solutions.
• Having focused discussion in small groups may help to reach deeper insights.
• There needs to be a plan of action, follow-up to the plan and demonstrated success stories.

The gap seems to be widening and it is not local only in my country of Pakistan – it is across the world. One of the reasons is cybersecurity is a relatively newer field of expertise, and the pace of change in technology and the threat landscape is so rapid. Another is that the industry and business environment that would give practitioners career opportunities should be considered as the customer by academia, with KPIs set accordingly. Additionally, there needs to be further investment in development of faculty who are equipped to prepare the students not only for the technical skills they need but also analytical skills, problem-solving and communication abilities that are highly useful in the cybersecurity profession.

If we want to take some meaningful short-term action, it will have to be fast before the gap widens further. In my view, we have to:

• Improve the industry/academia connections for solving real-world problems. Academia is going to have to extend beyond its comfort zone, actively involving faculty members as well as students and industry leaders to set realistic KPIs for success and show patience to achieve the results.
• Create awareness that cybersecurity requires diversity and inclusivity of professions, genders and different abilities to fill the skillsets required, ranging from technical, governance, legal and more.
• Have enterprise leaders set the tone from the top that to develop the needed skills pipeline in cybersecurity, in addition to sourcing talent from the outside, the industry needs to evaluate internal talent for cybersecurity roles, mentor them and give them new opportunities.
• Give opportunities to veterans or those who want to return after a career gap to explore a new career.
• Avoid focusing only on technical/hacker skills. There is much more to cybersecurity. We need people who can understand data, people, business environments and more (see list below). 

This can all be achieved if we recognize the urgency of the challenge and work collectively. Otherwise, we likely will be talking about the skill gap a decade from now, too, at great cost to enterprises and society.