TickTockTech: Addressing the talent gap crisis in cybersecurity
By Miranda Sanders
From Bletchley to Biden
In 2021, the Biden administration slipped a digital Easter Egg into the software code for the newly updated White House website. Buried within the site’s HTML was a message encouraging tech workers to apply for jobs within the U.S. Digital Service, an executive branch division whose staff builds and improves digital tools used by people interacting with the federal government online. The hidden message stated, “If you’re reading this, we need your help building back better.”
The effort was part of President Biden’s $1.9T COVID-19 relief plan, which included $200M in funding for hiring support employees. It was also part of the administration’s commitment to do more in response to the SolarWinds hack that made private organizations and many government agencies victim to Russian nation-state security threats . And the cyber threats haven’t stopped coming – more recently, the U.S. Justice Department indicted Iranian hackers for attacks on our country’s critical infrastructure. Two weeks ago, the U.S. government warned that ransomware attacks on schools are likely to increase. Conservative estimates on the cost of cyberattacks on government agencies alone sits at around $13.7B per year. The costs – both financially and economically – will skyrocket if the talent gap remains unaddressed.
This may have been the first time in modern history that the U.S. federal government laid an Easter Egg for recruiting purposes, but the recruitment tactic wasn’t the first of its kind. During WWII, British intelligence agencies circulated crosswords and other puzzles in newspapers to recruit code breakers, hiring those candidates to work in top-secret locations such as Bletchley Park in the UK. Today, companies like Microsoft regularly drop Easter Eggs into their products to attract the best talent and encourage recreational enthusiasts to engage with its products. Soon after the White House’s revamped website went live, the U.S. Digital Service reported that it received a “large number of applications.”
Fast Forward to 2022…
But…did it work? Did the large number of applications from the Easter Egg stunt of 2021 result in meaningful hires to help address the cybersecurity talent gap? And what are some of the other tactics the U.S. government (and companies partnering with it) is using to address this challenge?
The answer to those questions is not crystal clear, but it’s apparent that the talent gap is a serious concern and has the Biden administration’s attention. As of August, there were over 714,000 cybersecurity jobs open in the U.S. and the president has characterized the talent gap as the country’s “core national security challenge.”
In July, National Cyber Director Chris Inglis hosted the National Cyber Workforce and Education Summit at the White House, which included participation from top White House officials and executives from the private sector and the academic community. Attendees discussed solutions to several specific topics within the cybersecurity talent gap, including the need to create new skills-based pathways to cybersecurity jobs in schools and training programs; improve Diversity, Equity, Inclusion and Accessibility in the cyber field and use the talent shortage as an opportunity to build pipeline for historically untapped talent; bring together entities both public and private who employ, train and educate cyber professionals; and examine how to improve practices in cyber adjacent fields that are not focused solely on cyber but are still impacted by it, are related to it or benefit from it.
Most importantly, the White House shared significant programming coming out of the summit to close the talent gap, such as developing a National Cyber Workforce and Education Strategy, creating a 120-day Cybersecurity Apprenticeship Sprint and an effort to strengthen the K-12 system to prepare students more effectively for cybersecurity job opportunities. Additionally, 16 organizations made substantial announcements, commitments or pledges in connection with the summit, including Accenture, Cisco, The Cyber Readiness Institute (CRI), Girls Who Code, IBM and The Linux Foundation, among others.
Why it matters + what to do about it
This is an excellent start to addressing our country’s critical cybersecurity talent shortage, but it’s important to note one key — and missing — link: the value of communications in the effort to close the cybersecurity talent gap. Here’s how organizations can help:
- Leadership within organizations must not only identify the size of their cybersecurity talent gap, but also clearly communicate to internal and external stakeholders about how they will address it. This should be a clear missive with specific steps and performance metrics.
- Regularly report on progress toward those goals and cultivate an employer brand that attracts the top talent. This means not only reporting hard numbers, but clearly communicating about specific challenges the organization is seeing and what they are doing to adjust the strategy for recruiting talent as a result.
- Identify employee champions who can speak to cross-functional roles. For example, communications plays a key role for most cybersecurity actions a company may take. In many cases, these employees are already baked into the organizational structure around threat intelligence research, employee trainings, incident response and much, much more. So why aren’t we also putting these individuals to work to try and help close the security talent gap? This will not only establish a new skills-based pathway to cybersecurity jobs in training programs but could also improve practices in cyber adjacent fields – hitting not one but two key suggestions for leaders coming out of the White House Summit.
With the start of Cybersecurity Awareness Month just over a week away, this looming talent gap remains top of mind and will certainly be a central conversation topic. There is still much work to be done but finding creative ways to inspire interest in the field is the first, most critical step.