The cybersecurity workforce skills gap is hampering the nation’s ability to combat cyber threats that target our way of life, economy and national security interests, according to U.S. Rep. Cedric Richmond (D-LA), who serves on the House Committee on Homeland Security.
Delivering the first keynote at the 2018 (ISC)2 Security Congress, taking place this week in New Orleans, the Congressman said more work is needed at the federal, state and local levels, as well as in the private sector, to address the problem of cybersecurity and the skills gap.
“We need a robust cybersecurity workforce,” Richmond said, citing a government estimate that 350,000 cybersecurity positions currently are unfilled. Addressing the problem will require a rethinking of how to train security professionals and where to find talent. “We need to make cybersecurity cool,” he said.
Rather than focus only on four-year academic institutions to deliver cybersecurity talent, the congressman said, government and industry also should consider vocational training, minority programs and veterans groups.
In addition, Richmond said more is effort is needed to fill the skills gap with women and minority candidates. Currently, women make up about 11% of the cybersecurity workforce. That’s a lot of untapped talent that could be recruited to help address the problem, he said.
Richmond mentioned several legislative initiatives are under way in Congress to address cybersecurity funding and preparedness at all levels of government – federal, state and local. Currently there is a woeful lack of resources and preparedness, he said, and pointed the finger at the White House for not doing enough to address ongoing cybersecurity risks that threaten our institutions, economy and national security. The next attack of the magnitude of 9/11 won’t involve planes; it will be a cyber attack, the congressman said.
Challenges can be addressed if Congress moves to allocate funds to local and state government to develop cybersecurity strategies. Without help, local and state governments cannot handle the threat.
“Local governments are overwhelmed and they don’t get it. They run from it because they are overwhelmed.” Meanwhile, the states have a better understanding of the problem but lack the resources to do anything about it, while the federal government also understands it but refuses to spend the necessary money.
Richmond appealed to the more than 1,900 Congress 2018 attendees to “keep doing what you’re doing” in regards to cybersecurity but doing it “louder” in order to raise awareness about the urgency to address the challenge.
Defining the ‘Why’
Before introducing Richmond to the Congress audience, (ISC)2 CEO David Shearer said cybersecurity professionals must do a better job of defining the “why” of what they do, just as first responders and the military have a clear sense of their mission. For its part, Shearer said (ISC)2 will work hard to explain how its work of training and certifying cybersecurity professionals adds value by helping to protect the infrastructure and solutions that our lives depend on.