This feature first appeared in the Fall 2017 issue of Certification Magazine. Click here to get your own print or digital copy.
Cybersecurity is one of the greatest problems facing the digital community today. Hardly a week goes by without reports of a big box retailer, government agency, financial institution, healthcare facility, or small business being attacked by hackers with malicious intent. While their motives vary from cybercrime to espionage, from cyberterrorism to boredom, bad actors have one thing in common — across the globe they are intent on gaining entry to digital systems and creating havoc.
To combat these evildoers, organizations have trained and developed IT staffs to install and monitor defensive systems to protect their digital assets. Unfortunately, there is a paucity of skilled cybersecurity professionals to operate those systems.
Those with a vested interest in cybersecurity employment trends recognize that currently there is a critical shortage of skilled personnel in the cyber field. Writing for Forbes.com, Steve Morgan notes that, "More than 209,000 cybersecurity jobs in the U.S. are unfilled ... with a projected shortfall of 1.5 million by 2019." (1)
How will this shortfall be addressed? Where will we find these much-needed skilled professionals? Perhaps more importantly, when and how will these professionals be trained and educated?
An educational solution
Currently our IT professionals tend to follow one of several paths: Some rise through the IT ranks and learn on the job. Some take advantage of concentrated skills training via certifications, boot camps, and other means. Some attend high-level learning institutions, either online or at traditional brick-and-mortar schools, to acquire a degree.
Increasingly, institutions of higher learning are expanding their IT programs and developing cybersecurity curricula to assist in filling the pipeline with skilled individuals. More instructors are being hired, improved study plans are being developed, and more lab space is being made available. There is more that must be done to solve the cybersecurity employment crisis, however, in three specific areas.
1) Encourage better "hygiene"
First, we need to begin educating our youth early, not only in the use of computers, but in cybersecurity itself. In many cases, learners in middle school and high school are not even aware of basic cybersecurity precautions, and unintentionally invite viruses into their mobile devices and computers due to a lack of proper cyber "hygiene."
A recent article in MediaSmarts notes that "teens use the Internet as much, and in similar ways, as adults. But they also often engage in risky behaviour such as downloading illegal copies of movies and music. Popular social networking sites, like Facebook, can also expose teens to a variety of security risks." (2)
We need to win the "hearts and minds" of our youth and illustrate to them the importance and value of cybersecurity, as well as their specific role in the big picture of security. Early on, we need to instill in them a sense of responsibility for their own actions, and help them realize the impact their actions will have not only on themselves but on others.
Some institutions are providing assistance for students to obtain IT certifications, and this is a good first step. It would be beneficial, however, if such programs were instituted at all schools and begun no later than at the middle school level.
Taking these actions would win students over to utilizing safe cyber hygiene practices that would benefit them in their day-to-day digital activities. To ensure this education is successful, school boards need to hire instructors skilled in cybersecurity, as well as provide adequate lab facilities in which to pursue whatever training and education is necessary.
2) Choose the right
We also need to instill in young learners a sense of ethics. Writing for The Center for Parent/Youth Understanding, Chris Wagner notes, "Interestingly, teens do not notice — or are unwilling to concede — that though they may lie, cheat and steal, these actions are harmful to their personal character and what others may think of them." (3)
This dovetails with learning about the impact of their actions so they will be able to distinguish right from wrong. Teens need to make appropriate decisions before they take actions that might adversely affect them — now or in the future — or that would affect others and cause harm, whether intentionally or unintentionally.
Making correct ethical decisions in life can be difficult. Kids can benefit, however, if mentored and coached early on about the intrinsic value of ethical decision-making, as well as the impact (both positive and negative) it can have on their future. Especially if they choose to work in IT, or in the cybersecurity profession, knowing how to draw clear and prudent ethical lines will benefit them immeasurably.
3) The other 50 percent
Finally, we need to encourage more females to join the STEM programs in their respective schools. In an article for Reuters, Jim Finkel notes, "Women account for just one out of 10 cyber security professionals, as the gender gap widened over two years in a male-dominated field with a drastic workforce shortage." (4)
With only one in 10 females choosing a career in the cyber field, a huge pool of talent in going untapped while organizations struggle to find skilled individuals to fill vacant positions. To reverse this trend and encourage young women to enter the cybersecurity arena we need to do several things:
Mentor Young Women — Teachers and guidance counselors should recruit and encourage young women to pursue technical careers. Too often, females are steered to careers that are traditional for their gender while ignoring their potential in other fields that may be more challenging.
Provide Role Models — Young learners are influenced by what they see or perceive to be acceptable. To encourage young women to join the cybersecurity field, efforts should be made to expose students to successful women in the area who can be held up as role models for them.
Level the Playing Field — Teachers and guidance counselors should provide equal opportunities for girls in the classroom. Far too frequently, the opportunities that are afforded to males are withheld inadvertently by teachers and guidance counselors.
Those who are entrusted with the education of young women should be aware of the opportunities that are available to them, and promote increased inclusion in the IT and cybersecurity classrooms. Families, too, must promote the challenging opportunities that young women may otherwise pass up in these cutting-edge fields.
Action needed now
Defending our digital systems is of primary concern to IT professionals. By every indication, the attacks on these systems by those with malicious intent are only going to increase in intensity and sophistication. To meet the challenges that lie ahead, we are going to need a great many more skilled cybersecurity professionals than currently exist.
In order to attack that shortfall, we must educate and train substantial numbers of individuals to fill those expected vacancies. We can begin to fill the cybersecurity pipeline by encouraging young learners, male and female, to pursue a career in the technology fields.
This pursuit should begin as early as possible in the middle schools and carry into the secondary grades by offering a curriculum that includes cybersecurity and a pathway to early certification. Such credentials will not only benefit those who will directly enter the cybersecurity arena, but in general will provide for a more educated, prudent, and knowledgeable citizenry.
As we focus on educating our college-age students to enter the workforce today, we must keep tomorrow's workforce in mind. Cybersecurity education should be a priority and a requirement for younger students. Longer-term thinking must prevail if we are to develop a reliable and continuing pipeline of cybersecurity professions prepared to defend our country's future.
1. Morgan, S. (2016). One Million Cybersecurity Job Openings In 2016. Forbes. Retrieved from: https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#58a87f8f27ea
2. "Cyber Security: Special Issues for Teens." MediaSmarts. Retrieved from: http://mediasmarts.ca/cyber-security/cyber-security-special-issues-teens
3. Wagner, C. (2008). "Youth Ethics." Center for Parent Youth Understanding. Retrieved from the Internet at: https://cpyu.org/resource/ youth-ethics/
4. Finkle, J. (2015). "Gender gap widens in cyber security field long dominated by men." Reuters. Retrieved from: https://www.reuters. com/article/us-cybersecurity-women-employment-idUSKCN0RS11J20150928