W. Hord Tipton, executive director of (ISC)2 and former CIO of the Interior Department, is a FedScoop contributor.
If you received the Oct. 10 edition of The Washington Post, you likely could not overlook the six-page special report dedicated to cybersecurity. Given the fact the topic of cybersecurity wouldn’t have received even a small mention in The Post 10 years ago, I was pleasantly surprised to see so much space dedicated to this crucial topic.
One article in the WP report described the transformation of Fort Meade as a thriving cybersecurity Mecca now sustaining a level of growth with “no end in sight.” It stated that while formerly just 10 office buildings occupied the base, the complex is now about half the size of the Pentagon.
If you consider Fort Meade as an example of just one of the many locations around the world expanding its physical capacity to accommodate the boom in cybersecurity and intelligence work, questions remain: Who will fill these expanded halls? Where will all of the necessary cybersecurity workers come from?
The cyber boom is in no way limited to the D.C. Metro area. (ISC)2 is a global organization with nearly 100,000 members around the world, and I can tell you meeting the demands of this booming field is a resounding challenge from South America to Asia and everywhere in between.
Yet, constructing new buildings, architecting bigger data centers and developing cutting-edge, intelligence-sharing technology are by no means the biggest challenges of the cyber boom. The greatest overarching challenge is finding qualified people and building a global “workforce” capacity in a field where demand is growing at such an alarming pace.
Analysts of the (ISC)2 2013 Global Information Security Workforce Study forecasted the number of information security professionals will be 332,000 worldwide in 2013, and the Total Compound Annual Growth Rate 2012-2017 is expected to be 11.3 percent globally. While both public and private sectors have dedicated significant resources to programs in an effort to fix this problem, there have been no silver bullets.
So what efforts are recognizing success in contributing toward building global capacity? Here are just a few my organization supports:
(ISC)2 participates in education-to-workforce initiatives around the world with various academic institutions with the intent of creating a career path for students to pursue a career in cybersecurity.
Through the (ISC)2 Foundation, we offer a scholarship program that includes scholarships for women, undergraduate, graduate and post-graduate students as well as certification exam vouchers for qualifying faculty to ensure a sufficient supply of qualified instructors at the university level.
Also through the foundation, (ISC)2 and Booz Allen Hamilton provide cybersecurity career training to qualified veterans who served in the U.S. military through the U.S.A. Cyber Warrior program.
The (ISC)2 Chapter Program, now with more than 100 chapters, provides cybersecurity education for professionals and vulnerable publics worldwide.
These are just a few of the efforts that are successfully targeting publics of potential. Other groups that represent significant potential for recruitment into the profession are those pursuing business or liberal arts degrees who might be inspired to finish their degree in cybersecurity or the man or woman who is either underemployed or unemployed who sees cybersecurity as a chance to transition onto a rewarding career path.
Yet, we have found recently one of the greatest areas of potential for solving the shortage lies in the elementary, junior high and high school levels of academia. (ISC)2-certified member volunteers teach children about online safety and responsible computing in the classroom through the (ISC)2 Foundation’s Safe and Secure Online program.
A subsequent goal of the program is to pique the students’ interest in a cybersecurity career at a young age and, once interested, we feed that interest by guiding them to one of the many cyber camps, challenges and competitions we support.
So, to answer the question, “Where will all of the necessary cybersecurity workers come from?” In my opinion, sound security practices are developed with shared experience, as will success be achieved in building global capacity for a professionalized workforce. Governments, corporations and professionals around the world must be committed to making it happen.
As the world’s largest information security professional body, we believe we have a duty to help lead in the effort. Certainly, raising awareness of the nation’s cybersecurity priority — whether in The Washington Post or in a fifth-grade classroom — is a step in the right direction.