How Groups Are Closing the Security Skills Gap, Boosting Diversity


Today, there is a massive shortage of cybersecurity talent across the globe.

According to a 2015 study from Frost & Sullivan and the (ISC)² Foundation, there could be more than 1.5 million unfilled cybersecurity positions globally by 2020. As cybersecurity attacks and data breaches, unfortunately, become a matter of not if but when, security talent is more important than ever. Companies around the world are reevaluating their methods for recruiting and retaining top talent and, even in innovation hubs like Boston, there is serious competition for talent. We need a long-term solution that addresses the core of the growing cybersecurity skills gap problem, rather than a quick fix.

Identifying the Holes

It is no secret Boston is a hub for technology startups, but some might be surprised to learn that a recent report from CrunchBase expects the Boston area to surpass New York City in total venture capital investment in 2018. Qualified graduates are coming out of our universities and young tech professionals are moving to the city, but there just isn’t a large enough supply of skilled workers to meet the demand of employers. In fact, a February report from LinkedIn names Boston as one of the top-10 cities with the largest skills gap. In the tech sector, this is largely due to both the increasing number of startups in the area that are expanding to meet the demands of their growing user bases, and also the large organizations (including Amazon, which might put its second headquarters here) with deep hiring needs coming to Boston.

As threats evolve and become more complex, organizations across industries are increasingly relying on security technology vendors and managed service providers to ensure the safety of their sensitive data. In fact, according to IDC, worldwide spending on security-related hardware, software, and services will reach $91 billion this year. As such, organizations of all kinds require more qualified talent to research, develop, manage, or deploy new security technology.

The influx of open positions are not easy ones to fill, and the specific set of skills and experience needed to work in cybersecurity are not common in the general workforce. Consequently, the increased complexity of the industry has made the profession even more difficult to enter. There are advanced educational requirements to apply for a cybersecurity job, with many recruiters seeking applicants with master’s degrees in computer security and cybersecurity certificates.

Closing the Gap

Closing the skills gap should start from the bottom up, with education. Organizations like the National Integrated Cyber Education Research Center are working to build a strong cyber workforce by providing resources at a state level to educate students. Massachusetts is leading the way with more and more colleges and universities offering security courses to prepare them for careers in the industry.

For example, the Center for Reliable Information Systems and Cyber Security (RISCS) at Boston University won a $10 million grant from the National Science Foundation in 2014 for the Modular Approach to Cloud Security (MACS) project, which seeks to build systems with multi-layered security. To help shine a light on these efforts in Boston and around the country, the second week of National Cybersecurity Awareness Month (NCSAM) in October focuses on the need for more education around cybersecurity. Furthermore, the Northeastern University Institute of Information Assurance is a multidisciplinary center that connects four campus labs: the Systems Security Lab, Energy-Efficient and Secure Systems Lab, Computer Architecture Laboratory, and Network and Distributed System Security. Northeastern is also partnering with ObserveIT to help provide real-life experience through internships. In an effort to make learning a lifetime objective, ObserveIT is also getting its security teams trained with CERT (ITPM), a certificate in insider threat program management.

This skills gap also creates an opportunity for women, who only make up a shocking 11 percent of the world’s information security workforce, according to the nonprofit Women’s Society of Cyberjutsu (WSC). As the lack of security talent widens, organizations such as Women in CyberSecurity (WiCyS), a nonprofit aimed at bringing women in cybersecurity together, are working to close the gap. Recruiters should utilize organizations like this to find the qualified female applicants who are interested in a career in cybersecurity.

Even with the mounting pressure to fill positions, it’s important not to rush into a solution. At ObserveIT, we follow a “hire slowly” approach. Taking the time to properly get to know individuals will help determine an individual’s and a company’s success long term. Ensuring a new applicant not only has all the required skills, but is also a proper cultural fit, helps us to save time, money, and resources—and ultimately prevent employee turnover. Jumping the gun on the recruiting process may fill the skills gap, but only temporarily.

As Boston continues to attract large, established companies as well as creative, agile startups, it’s important to prioritize educating the next generation of security professionals.

Mike McKee is the CEO of insider threat company ObserveIT, based in Boston. Follow @mmckee45

Trending on Xconomy