While computer network breaches and vulnerabilities are discovered daily, failure to develop an adequate cybersecurity workforce remains a critical shortcoming for companies and nations. Traditional education and policies have failed to supply sufficient talent. A new solution is needed to develop a robust cybersecurity workforce, including education reform, focused government spending, more opportunities for hands-on training like gaming and technology exercises, improvements in workforce diversity, and technological advances to fill the skills gap.

The Cybersecurity Workforce Gap

Organizations today face severe challenges recruiting the talent they need to protect their systems from cybersecurity threats. With cybercriminals now responsible for billions in losses per year and state-sponsored hacking groups posing an ever-greater threat, the need for individuals capable of securing networks against attackers has never been greater. However, education and training institutions in the United States have so far found it difficult to keep pace with the growing need for cyber talent. While shortages exist across the board, the greatest need is for professionals with deep technical training who are able to take on high-value roles like secure system design, tool development, and penetration testing. Currently, the U.S. system of cybersecurity training and education is failing to prepare students for these roles. Employers find graduates from many programs to be lacking in fundamental knowledge, practical experience, and critical soft skills. To improve cybersecurity education in the United States, we should look to the most successful cybersecurity workforce initiatives to identify best practices that can be adopted by other programs to help prepare students for cybersecurity careers. This paper highlights the gaps that exist in the nation’s current cybersecurity education and training landscape and identifies several examples of successful programs that hold promise as models for addressing the skills gap. It then highlights recommendations for policymakers, educators, and employers.

Recruiting and Retaining Cybersecurity Ninjas

This report identifies the factors that make an organization the employer of choice for what the authors call “cybersecurity ninjas.” Much has been written about the shortage of cybersecurity professionals, but little work has been done on the factors that help high-performing cybersecurity organizations build and keep a critical mass of high-end specialists. This is a first attempt that the authors hope will prompt discussion and drive changes in how organizations attract and retain high-end cybersecurity talent.

Hacking the Skills Shortage

CSIS and Intel Security produced an international cyber workforce study that surveyed eight countries—Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom (UK), and the United States (U.S.) We looked at four dimensions of their cybersecurity workforce development efforts: cybersecurity spending, education programs, employer dynamics, and public policies. Our findings are based on open-source data, targeted interviews with experts, and an eight-nation survey of information technology (IT) decision makers in both public and private sector organizations.

Some highlights from our report launch include a Q&A session with keynote panelists Phyllis Schneck, Deputy Under Secretary for Cybersecurity, National Protections and Programs Directorate (NPPD), U.S. Department of Homeland Security; and Candace Worley, Senior Vice President and General Manager, Intel Security. Phyllis and Candace discuss changes in the cybersecurity workforce and their experiences as women in the cybersecurity industry.