What is needed to begin to bridge that gap is an increased focus combining education and experience with both federal and private sector job markets.
While this has been a difficult combination to obtain in the past, more and more countries are seeing the need for and instituting programs to fill the gap and stack their bench.
In the United Kingdom, the UK government’s CyberFirst Initiative will collaborate with private companies on not only providing the education but, more importantly, the experience needed for new cyber security professionals to succeed.
Further, those enrolled in this program receive “both financial assistance for those studying relevant science, technology, engineering, and mathematics (STEM) courses at undergraduate level and include work experience with government or UK private sector firms within the field of national security. There is a guarantee of employment upon graduation.”
Israel is another country that applies this concept. In Israel, those selected for Talpiot are considered the best of the best, not just in hand-to-hand combat, or military tactics, but also in cyber warfare. This generates a labor force with a variety of skills and capabilities.
Even beyond government efforts, corporations are tackling the problem collaboratively. This can be seen by Lockheed Martin’s endorsement of the UK initiative, or the joint venture between an Israeli and Japanese company that set up a training facility to provide hands-on experience to cyber security professionals to help address the cyber security workforce shortage in Japan.
In contract, most US-led initiatives lack the experience and job components that would further incentivize individuals to obtain the required skills needed.
For instance, the National Institute for Standards and Technology’s National Initiative for Cybersecurity Careers and Studies provides a consolidation of course information, but unless you are currently working in the federal government or a veteran, most courses require fees to third parties, such as SANS.
A recent government report indicates that much more needs to be done to address the lack of skilled cyber security professionals. The US needs to build stronger relationships with industry knowledge centers such as ISACA and (ISC)², as well as private corporations, to ensure that individuals receive the training, experience and vocations needed to strengthen the cyber security workforce.