Technology is not the only critical element of a trusted security process – a holistic security conversation includes people and processes as well. In fact, a technology-only approach is not a good security strategy. People, processes and technology together form the best defense against today’s cyber threats.
What’s concerning is that there’s an IT security skills shortage occurring in the industry today as the volume and sophistication of cyber and physical attacks continue to rise. According to the Bureau of Labor Statistics,the demand for information security analysts will grow 37 percent from 2012 to 2022. And yet by 2017, there will be a shortage of 2 million cybersecurity professionals worldwide, according to the UK House of Lords, Digital Skills Committee. Organizations need cybersecurity specialists with the skills to match the advancing abilities of hackers and malware. Solving this skills gap challenge will take an effort bigger than any one organization.
Partnering to Fill the Gap
The shortage of cybersecurity skills requires innovative thinking and partnerships across private- and public-sector organizations. We would like to share some examples of partnerships that Cisco is actively participating in to address the cybersecurity shortage today:
- CyberPatriot, the Air Force Association’s national youth cyber education program, partners with volunteers from private companies to offer a special cybersecurity camp that provides students with little to no cybersecurity experience an opportunity to learn more about the field and how to safely use the Internet.
- US2020, an organization whose mission is to dramatically scale the number of STEM professionals by mentoring and teaching students through hands-on projects, with a focus on serving underrepresented communities (females, underrepresented minorities and children from low-income families).
- Sponsorship and mentoring of women and young girls in cybersecurity through programs like Cyberjutsu and performing outreach to educational institutions for early education and awareness on cybersecurity.
- The Cisco Security Ninja Program, which challenges participants to reach for higher degrees of competency and proficiency in product security. Employees can earn four belts – white, green, blue, brown and black – that represent their growing cybersecurity knowledge.
- A partnership between Cisco and San Jose State University to offer an advanced degree program opportunity with a cybersecurity master’s degree program.
- The Cisco Networking Academy is an IT skills and career-building program for learning institutions and individuals worldwide that has helped more than 5.5 million people prepare for the IT workforce since its inception in 1997. Courses include Intro to Cyber Security and CCNA Security.
- SecCon, Cisco’s internal employee security conference, which brings together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and increase the overall security posture of Cisco products.
- Cybersecurity communities of interest within the company to build a network of mentorship and knowledge transfer and organizational rotation opportunities within security to continue professional growth.
Creating a Better Future
These programs demonstrate our commitment to our ongoing efforts to build a better and safer tomorrow, in our schools, at home and at work. But the journey to identify, prepare, train and enrich the cyber workforce industry needs today will take a collaborative effort among industry, government and educational forces alike. Using the mission of National Cyber Security Awareness Month as a catalyst, here’s a challenge for readers. What new initiatives can you help launch, both within your organization and via strategic alliances and partnerships, to empower the workforce with the cyber security skills that the industry needs today and tomorrow?
About the Author
John N. Stewart is senior vice president and chief security and trust officer for Cisco. Stewart leads Cisco’s Security and Trust Organization, underscoring Cisco’s commitment to address two of the most critical issues that are top of mind for boardrooms and world leaders alike. Under Stewart’s leadership, the organization’s core missions include protecting Cisco’s public and private customers, enabling and ensuring Cisco Secure Development Lifecycle, Trustworthy Systems and Value Chain efforts across Cisco’s solutions portfolio, and protecting the Cisco enterprise from ever-evolving cyber threats. To learn more visit trust.cisco.com.