The numbers are in — and the world will face a shortfall of 3.5 million cybersecurity workers by 2021, according to this year’s Official Annual Cybersecurity Jobs Report.
A lack of experienced cyber defense workers poses the biggest threat to society and organizations globally — more so than ransomware and DDoS attacks and more than all conceivable cyber risks combined.
How to solve the cybersecurity labor shortage
To address the cybersecurity labor shortage, CIOs and CISOs may want to consider making every IT position a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.
In late 2013, Cisco reported that there were 1 million cybersecurity job openings globally. Since then, despite a growing awareness of the problem, the numbers have trended in a scarily negative direction.
There’s been tons of industry chatter about how to crack the code on the cybersecurity labor epidemic. But there isn’t a single idea that can be turned into an initiative capable of seriously reducing or eliminating the problem.
A potential solution offered here is for CIOs and CISOs to jointly agree that every technology worker in every organization will be required to know something about cybersecurity in 2018 — and learn something more it about each year until 2021.
What exactly is that something? That’s for each organization to decide on its own. IT support specialists, network administrators, programmers, web developers, systems analysts, database administrators, network architects, IT project managers and so on — they all need to know cybersecurity.
Presumably, every IT worker already has at least a minimal working knowledge of the topic. And they’re all capable of learning more and potentially becoming subject matter experts in cybersecurity.
It shouldn’t be difficult to persuade IT workers to learn even more because it can lead to career advancement for them. A big data analyst becomes even more valuable when they’re a big data analyst steeped in cybersecurity.
The theory here is overly simplistic, but it’s a starting point. If the tech industry can generate enough buzz around the need to cross-train IT workers on cybersecurity, then the idea will germinate.
To get the ball rolling, it wouldn’t be a bad a idea if every IT job posting in 2018 and beyond said “cybersecurity experience preferred” — especially if that’s where organizations hope to be in 2021.
2018 cybersecurity workforce development event
The CyberSmart Summit 2018 in Canada is a unique event devoted to regional, national and global cybersecurity workforce development.
Cybersecurity experts from North America, Europe and Australia will converge in Fredericton, New Brunswick, May 15-16, 2018, to collaborate on how to cope with the shortage of workers and how to move the needle (down) on the number of unfilled positions globally.
Cross-training IT workers on cybersecurity will be one of the themes at the second annual event. And to take it a step further, there will be discussion on cross-training other professions.
CyberSmart is an advocate for increasing the number of professionals in non-IT related disciplines (law, criminology, business, psychology and engineering) engaged in meeting the needs of the cybersecurity sector.
There’s a dearth of events focused exclusively on the cybersecurity workforce, which may turn Fredericton (population 58,220 in 2016) — the capital of New Brunswick — into the capital of cybersecurity for a couple of days.
2018 cybersecurity workforce report
Cybersecurity Ventures is conducting research for its Official Annual 2018 Cybersecurity Jobs Report, which will have a special focus on cross-training IT workers onto cybersecurity. A special blog post will publish in CSO with expert opinion from CIOs and CISOs.
For anyone wishing to offer their commentary on the topic, please submit here.
Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.