Sergey Nivens - Fotolia

Cyber security skills shortage can be addressed, says (ISC)2

The shortage of cyber security skills can be addressed, starting with training anyone who is unemployed, according to information security professional training and certification body (ISC)2

There could be up to 1.8 million information security-related roles unfilled worldwide by 2022, according to the latest Global information security workforce study from (ISC)2, but the organisation believes there are ways to address this potential shortfall.

“There are unnecessary barriers that have to be removed to open up the cyber security profession to more people,” John McCumber, director of cyber security advocacy at (ISC)2, told Computer Weekly.

“It makes no sense that we have employment issues for veterans and other communities on the one hand, and information security jobs being unfilled on the other,” he said.

In this newly created role of advocacy for the information security profession, McCumber is engaging with the US government on issues such as workforce development and supporting information security professionals in the work they do.

McCumber, who has been working in information security in military, national security and civilian roles for the past 30 years, argues that in the light of the fact that there are jobs for people coming out of trade schools, there is no reason that aspects of cyber security cannot be turned into trades.

“By treating cyber security as a trade, it will enable school leavers to get some basic skills without having to do a four-year course and to provide valuable services in well-paid jobs in the cyber security field,” he said. “There are a lot of productive jobs in the cyber security field that do not need a four-year degree.”

“There are a lot of productive jobs in the cyber security field that do not need a four-year degree”
John McCumber, (ISC)2

In line with this approach, McCumber is working on a project with US military veterans in the state of Virginia to provide the training necessary to begin a career in information security. In Virginia alone, the current shortfall of information security professionals is currently estimated at around 17,000.

The training is aimed at enabling veterans to join the (ISC)2 associate membership programme, which provides them with the experience required to qualify for various information security certifications.

“By enabling veterans to get certified as information systems security professionals, systems security practitioners and cloud security professionals, we are able to connect them with well-paying jobs,” said McCumber, who is also working with the governor of Massachusetts on a similar project.

Read more about information security skills

“We work with industry to ensure we are training people to meet industry’s needs, and government that wants to drive down unemployment rates, and provide transportable certifications that are recognised by government, industry and academia,” he said.

McCumber predicts that cyber security jobs will also begin changing in future as new technologies enable organisations to automate a lot of their cyber attack responses.

“Things like penetration testing are also likely to be automated with advances in so-called artificial intelligence, so (ISC)2 is working with information security professionals to position themselves for the new world of work and show organisations how they can help them understand their cyber risk and provide an objective way of managing that risk,” he said.

McCumber, a US military veteran, believes that once the pilot programmes in Virginia and Massachusetts are fully operational, they will serve as a roadmap for getting unemployed people into the cyber security profession.

“As a result, that projected 1.8 million cyber security skills gap will not look as insurmountable in two to three years’ time,” he said.  

Read more on Hackers and cybercrime prevention