Private sector firms who supply the government with security technologies and the professionals that make them work are seeing this year’s Cybersecurity Awareness Month and its theme – See Yourself in Cyber – as a call to jumpstart the skills training needed to fill the expanding deficit in the U.S. cybersecurity workforce.
For each of the past 18 years, the White House has declared October as Cybersecurity Awareness Month, but the monthly designation long ago became a quaint notion. Since the first declaration of an awareness month in 2004, security has increasingly become the most vital element in protecting our technology-driven society and economy.
In other words, cybersecurity awareness – and making gains in the fight against adversaries – is every day of the week.
“To build a more resilient nation, everyone – from K through Gray – has a role to play” in cybersecurity, said CISA Director Jen Easterly earlier this month, continuing the unending drum beat for better cyber hygiene across the board. “This October, we are taking this message directly to the American people because whether you’re a network defender or anyone with an internet connection, we all have a role to play in strengthening the cybersecurity of our nation.”
The core of CISA’s message: “simple but effective ways to keep Americans safe online through basic steps like enabling multi-factor authentication; using strong passwords and a password keeper; recognizing and reporting phishing; and promptly updating software.”
Private sector experts told MeriTalk that more cyber skills training should be a top-level priority, and they also emphasized the long-term focus of the security campaign.
“Over three million open cyber roles are available across industries, including the government,” said Mike Wiseman, Vice President, Public Sector, at Pure Storage.
Federal government agencies, he said, “are not as prepared and protected as they need to be – and it will only worsen as attacks become more frequent and sophisticated. It’s time for agencies to focus on filling the cybersecurity needs by prioritizing cyber skills training and keeping cyber decision-making top-of-mind.”
“The Federal government faces unique challenges when it comes to recruiting, retaining, and developing cyber talent – as agencies often cannot attract workers with the same perks and advantages that private sector firms can offer,” commented Gary Barlet, Federal Chief Technology Officer at Illumio.
“But that doesn’t mean they can’t get creative in their recruiting techniques,” he said.
“One way that Federal firms can better attract and retain top cyber talent is to take the current student loan forgiveness program a step further, offering one year of loan forgiveness for each year of cybersecurity service,” Barlet suggested. “A program like this could be transformative – enabling agencies to better compete with the advantages afforded by Silicon Valley tech giants and startups while helping workers shrink their student loan debt.”
Looking to how an upskilled workforce could be used, Wiseman said that Federal agencies “can facilitate stronger data security by driving meaningful infrastructure and application decisions.”
“By building and improving in-agency cybersecurity skills, leaders can leverage technical knowledge to select and apply the most advanced and data-savvy systems – which will lead to more reliable data protection,” he said. “The most advantageous solutions are those that utilize As-a-Service capabilities – as they help shift costs and augment the shortage of skills needed to manage technology platforms.”
“This year’s Cybersecurity Awareness Month theme – ‘See Yourself in Cyber’ – underscores the importance of building a strong, diverse, and dedicated cyber workforce, and puts a spotlight on ways to address workforce shortages and challenges facing agencies,” Barlet said.
“Most recently, the White House National Cyber Director called on tech industry stakeholders to provide insight and expertise on a new national cyber workforce strategy,” he said. “We need to see more action and change in this direction. Because as cyberattacks are growing more frequent, expensive, and devastating, the Federal government has a responsibility to think outside of the box to improve cyber resilience.”
“Cybersecurity Awareness month is a good time for organizations across the public and private sectors to take stock of their cybersecurity goals and measure their progress,” said Dr. Matthew McFadden, Vice President, Cyber at General Dynamics Information Technology.
“Every year, we are facing cyberattacks with greater velocity and sophistication from zero-day vulnerabilities, software supply chain risks, increases in ransomware, and targeted operational technology threats,” he continued.
“Organizations across our nation should continue to monitor and maintain their environments, continue to reduce their attack surface and drive toward zero trust architecture,” McFadden said. “This includes inventorying what data they have and who is accessing their networks, updating policies and enhancing security standards, and identifying technologies and capabilities needed to continue to defend and protect their missions.
He also pointed out that cybersecurity awareness is a top task every day of the year.
“While we observe Cybersecurity Awareness Month, it’s important to remember that cybersecurity can’t be idle the rest of the year,” McFadden said. “It’s critical to remain vigilant at all times. We at GDIT stand ready to support Federal agencies in their fight against cyberattacks and do our part in enhancing our nation’s cyber resilience.”