A new report from the (ISC)² Foundation and University of Phoenix highlights the challenges posed by the shortage of cybersecurity professionals and identifies key ways for schools and businesses to address the situation.
Culled from conversations with tech industry, higher education and talent development leaders, the report identifies key gaps challenging employers related to competency, professional experience and “education speed-to-market.”
“The growing frequency, sophistication, and costs of cyberattacks threaten business continuity for organizations of all sizes,” said Julie Peeler, director, (ISC)² Foundation, in a statement. “Preparing and attracting the next generation of cybersecurity professionals is critical to the health of the economy and businesses globally.”
Addressing the first item on the list – competency – can be done through a number of steps, the report recommends.
“With the rising demand for qualified cybersecurity talent, industry leaders are increasingly calling for a common definition of the scope of work that cybersecurity covers—and agreed-upon competencies that cybersecurity professionals must demonstrate,” according to the report. “Defining a standard set of industry-aligned professional competencies can help in educating, recruiting, developing, and retaining the caliber of talent that the industry needs. Striving toward common definitions and competencies, the National Initiative for Cybersecurity Education (NICE) developed the National Cybersecurity Workforce Framework, and the U.S. Department of Labor (DOL) developed the Cybersecurity Industry Competency Model.”
On the higher education level, the report recommends among other things that schools build case studies into the curriculum to ensure students have to apply their knowledge and skills in real-world scenarios. They should also ensure the curriculum is aligned with certification requirements and employ faculty on the frontlines of cybersecurity, according to the report.
In regards to professional experience, the report recommends industry associations support student membership, and advises employers to hire interns and partner with universities. Colleges meanwhile should create networking opportunities for students to use to build their resumes and experience, the report (PDF) adds.
“The multi-faceted cybersecurity field demands a strong workforce comprised of individuals who can adapt to constant shifts in the sector,” said Dennis Bonilla, executive dean of University of Phoenix College of Information Systems and Technology, in a statement. “The industry increasingly needs professionals who possess both technical skills and strong business acumen, and curriculum is shifting to reflect these dynamics. Relevant education and training aligned to industry requirements are crucial to protecting and growing business infrastructure in the U.S. and globally.”
The final set of advice the report gives relates to closing the education speed-to-market gap so that institutions of higher education can more quickly provide qualified applicants into the job pool. For schools, that involves mapping curricula to industry-endorsed competencies such as those outlined in the NICE Framework and the DOL’s Cybersecurity Industry Competency Model. The report also recommends businesses get involved with educators and students take steps to get certifications.
“Having qualified cybersecurity professionals is critical in all industries,” said Peeler. “Employers must act quickly to close workforce gaps and mitigate the risks that threaten enterprises. The roundtable report by the (ISC)² Foundation and University of Phoenix provides practical recommendations to key stakeholder groups that must work together to build the cybersecurity talent pipeline.”