Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Report Examines Ways to Bridge Cybersecurity Workforce Gap

A new report from the (ISC)² Foundation and University of Phoenix highlights the challenges posed by the shortage of cybersecurity professionals and identifies key ways for schools and businesses to address the situation.

A new report from the (ISC)² Foundation and University of Phoenix highlights the challenges posed by the shortage of cybersecurity professionals and identifies key ways for schools and businesses to address the situation.

Culled from conversations with tech industry, higher education and talent development leaders, the report identifies key gaps challenging employers related to competency, professional experience and “education speed-to-market.”

“The growing frequency, sophistication, and costs of cyberattacks threaten business continuity for organizations of all sizes,” said Julie Peeler, director, (ISC)² Foundation, in a statement. “Preparing and attracting the next generation of cybersecurity professionals is critical to the health of the economy and businesses globally.”

Addressing the first item on the list – competency – can be done through a number of steps, the report recommends.

“With the rising demand for qualified cybersecurity talent, industry leaders are increasingly calling for a common definition of the scope of work that cybersecurity covers—and agreed-upon competencies that cybersecurity professionals must demonstrate,” according to the report. “Defining a standard set of industry-aligned professional competencies can help in educating, recruiting, developing, and retaining the caliber of talent that the industry needs. Striving toward common definitions and competencies, the National Initiative for Cybersecurity Education (NICE) developed the National Cybersecurity Workforce Framework, and the U.S. Department of Labor (DOL) developed the Cybersecurity Industry Competency Model.”

On the higher education level, the report recommends among other things that schools build case studies into the curriculum to ensure students have to apply their knowledge and skills in real-world scenarios. They should also ensure the curriculum is aligned with certification requirements and employ faculty on the frontlines of cybersecurity, according to the report.

In regards to professional experience, the report recommends industry associations support student membership, and advises employers to hire interns and partner with universities. Colleges meanwhile should create networking opportunities for students to use to build their resumes and experience, the report (PDF) adds.

“The multi-faceted cybersecurity field demands a strong workforce comprised of individuals who can adapt to constant shifts in the sector,” said Dennis Bonilla, executive dean of University of Phoenix College of Information Systems and Technology, in a statement. “The industry increasingly needs professionals who possess both technical skills and strong business acumen, and curriculum is shifting to reflect these dynamics. Relevant education and training aligned to industry requirements are crucial to protecting and growing business infrastructure in the U.S. and globally.”

The final set of advice the report gives relates to closing the education speed-to-market gap so that institutions of higher education can more quickly provide qualified applicants into the job pool. For schools, that involves mapping curricula to industry-endorsed competencies such as those outlined in the NICE Framework and the DOL’s Cybersecurity Industry Competency Model. The report also recommends businesses get involved with educators and students take steps to get certifications.

“Having qualified cybersecurity professionals is critical in all industries,” said Peeler. “Employers must act quickly to close workforce gaps and mitigate the risks that threaten enterprises. The roundtable report by the (ISC)² Foundation and University of Phoenix provides practical recommendations to key stakeholder groups that must work together to build the cybersecurity talent pipeline.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Application Security

Hack The Box Raises $55 Million in Funding Round Led by Carlyle

Management & Strategy

Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can...

M&A Tracker

Security awareness training company KnowBe4 will go private after being acquired by Vista Equity Partners for roughly $4.6 billion in cash.KnowBe4 first announced receiving...

Management & Strategy

The US government’s 120-day Cybersecurity Apprenticeship Sprint has come to an end. The initiative has resulted in more than 190 new cybersecurity programs and...

Nation-State

Faced with the daily barrage of reports on new security threats, it is important to keep in mind that while some are potentially disastrous,...