![EMC logo]() |
In my last blog post , I started a discussion on my experience at the National Institute for Cyber Education (NICE) Conference 2015. Here, I’ll give you actions and key ideas on how we can make a difference and develop the next generation of cyber professionals.
- We need more industry representation on this issue of cyber security education.
If I had a dime for every time I heard “we need to hear from industry”! The conference was predominately academia and government- industry was virtually non-existent. The academics and government experts want to collaborate with industry and know it’s imperative for broader success.
We ALL have a place in this effort. Academia and Government are desperately trying to develop the talent. However, they are by their nature, siloed…which means they lack the full context about WHAT skills are needed, WHICH roles are critical, and HOW to develop the talent needed. Industry needs to be actively involved to help break down silos and build collaboration. This means putting aside our own self-interests and profit motives to help the greater good. This leads to the next point.
- We need more collaboration to close the gap.
The NICE framework is a good a start but it’s not universally implemented, and doesn’t solve the problem holistically. Several times I heard state agents say “I want MY state to be THE state associated with cyber education”. Such statements are a fast-track to failure and mediocrity. Why not share the knowledge and work together?
There are too many parties involved for us each to re-create the wheel by ourselves. Today we have more competition than cooperation, at a time when we desperately need innovation and agility. Ron Sanders from Booz Allen Hamilton showed a great example of silo-busting. Frustrated by a gap in skills of graduating students, they created a fast-track curriculum for their employees to help them gain client-ready skills. Now they give that training back to the schools. However, they are only choosing schools that prove they are able to bypass academic red-tape and be agile in their partnership.
- We need to get started earlier and more often with students.
A great analogy is how we develop our athletes. We get a large group of kids who try t-ball, then some go to little league and so on to the majors. At each level the field thins out, but along the way we develop large groups of awareness and interest and a base line of skills. Most importantly, starting early helps it take hold by getting them engaged and showing them a path to grow their lifelong interest in it. This model has proven to work for cyber, with the addition that in cyber we also tap into their natural motivation to positively impact their world. Mission counts!
Like the path from the t-ball field to MLB, the most successful way to develop our cyber-athletes is to understand the entire process it takes to make them stars- and start earlier with each student. If we wait until college to educate them on cyber, we self-select into only computer science-minded students. But ALL students today use digital technology and are interested in it. It is an ingrained part of their lives! So let’s get started early explaining to them how digital technology works, why it’s important to use it safely, and then nurture their natural curiosity. If we get in early, we will also get a more diverse population engaged earlier.
- We need to solve the diversity problem.
The glaring issue with diversity was put in to stark focus at the conference with data-driven discussions. The (ISC)2 Women in Infosec report was discussed, which shows declines in women’s representation, down to only 11%. We didn’t even dive into the results on minorities!
One panelist said that he viewed getting more women into cyber as THE way to close the skills gap. Having low levels of representation is a major problem, because as was pointed out numerous times, we need many different viewpoints and talents in cyber. Without more diversity, we will be doomed to suffer from what Andrew Lee at ESET called “rich white guy bias”. In his fascinating opening keynote, he highlighted data that shows that white males have a lower belief in inherent risk than other groups. In cyber, underestimating risk levels could have devastating consequences.
The conference highlighted how much opportunity we have to grow the pipeline of cybersecurity professionals, and also brought into focus the challenges to closing the gap. The need for educated, competent, passionate cyber security professionals will only get more pronounced unless we do something to mobilize the next generation. To do so, we need more industry representation on the issue, more collaboration, early adoption and more diversity. If we do nothing, then how will we continue to protect our digital world?
The post Help Wanted: Growing the Pipeline of Cyber Talent appeared first on Speaking of Security - The RSA Blog and Podcast.
|
