By Jim Richberg, Fortinet Public Sector Field CISO
With an estimated 3.4 million people needed to fill the global cybersecurity workforce gap, it’s time for organizations to start turning to new ways to recruit and keep talented cyber professionals. The federal situation mirrors what’s happening globally, but the stakes are even higher with civilian, defense and IC agencies all aiming to protect networks that keep the country up and running.
According to Fortinet’s 2023 Global Skills Gap report increases in breaches can be attributed to a lack of cyber skills. In fact, about 68 percent of organizations indicated they face additional risk because of cybersecurity skills shortages.
While that stat is daunting, there are ways to bolster the ranks and give more people opportunities to help defend federal networks.
Look Beyond Typical Candidates
Federal agencies are struggling to keep up with a flood of new attacks. For example, seven major new wiper strains targeting government, military and private organizations were identified in the first six months of 2022. That’s almost as many as the total identified since wiper ware came into existence a decade ago. Beyond that, the motive behind wiper ware attacks have broadened, running the gamut from vandalism to extortion to sabotage – and even as potentially deniable weapons of cyberwar.
This presents a unique challenge for agencies as the federal government often serves as a training ground where new employees enter the cybersecurity workforce. Many of them spend a few years supporting their agency, then migrate to the private sector.
To that end, government agencies need think differently about who they hire and how they recruit cyber workers. Prioritizing diversity in race, gender, age, and, crucially, life experiences, allows for a diversity of perspectives that are essential in this field. For example, hiring analysts from diverse educational backgrounds brings immense value to security teams by providing differing perspectives on a problem.
With their skills working as part of a team and demonstrated ability to work under pressure, veterans are well-suited for many cybersecurity jobs. But when it comes to hiring veterans, the Fortinet report showed that there was an overall decrease compared to the previous year, with 47 percent of organizations stating they hired veterans in cyber roles compared to 53 percent in 2021.
This is a missed opportunity. Teamwork is essential in cybersecurity positions such as incident response and security operations. Former service members bring experience in teamwork, attention to detail, and work in fast-paced, high-stress environments – all skills needed in the next generation of cyber defenders.
Provide Access to Continuing Education and Upskilling Opportunities
Beyond that, by providing better and more available training, agencies can quickly upskill their current cyber workforce and enable current employees who are interested in cybersecurity to more easily transition into cyber careers. Both the government and its private sector partners need to lower the barriers for entry when it comes to cybersecurity training, and formal education and continued learning programs are options that should always be available for closing the gaps numbers and cyber skills in the federal cyber workforce.
High quality training in cybersecurity should be available to anyone who wants to take on this challenge. Such opportunities open cyber careers to people who never thought they’d be a cyber professional and that, in turn, means a more diverse and creative workforce is available to solve federal cyber problems. This should include give the opportunity for employees at all levels – even those with no interest in a career in cybersecurity – to build a solid foundation of cyber awareness.
Remember that cybersecurity isn’t solely the responsibility of cybersecurity professionals – it’s about ensuring that everyone in the organization understands cyber hygiene and their role in ensuring the security of the data and services their agency provides.
Closing the cyber skills gap will be challenging. It will take diversifying the types of talent we draw from and positioning cybersecurity as a career for more than just computer science majors and others with college degrees. The federal government has an opportunity – and the need – to create and employ a large and diverse cyber workforce. This will not only help to protect the data and operation of our agencies but also fuel our nation’s innovation and growth and bolster our critical infrastructure.