Authored by Laura Lee
The rapid increase in global demand for skilled cybersecurity practitioners presents many similarities witnessed in the field of medicine a century ago when illnesses, treatments, and medical procedures evolved faster than training and education for practitioners. The difference from the threat presented in medicine then and the threat of cyber-attacks now is the availability of technologies to fast-track educating, training, and recruiting a well-qualified cyber workforce. Yet, we still face a cybersecurity workforce gap.
While recent advancements in technology can help solve the global cybersecurity workforce shortage, several crucial factors to closing this gap exist:
1. Well-defined entry points and subdisciplines to reduce the intimidation barrier of getting into cybersecurity and help navigate educational pursuit.
2. More dynamic, hands-on, modern teaching methods.
3. Cybersecurity aptitude assessments to better identify potential for talent and improve an organization’s hiring process and training investments.
Well-defined Entry Points & Subdisciplines
One considerable shortfall when it comes to closing the cybersecurity workforce gap is the general lack of awareness of what a career in the field looks like. This lack of awareness limits many young people from being exposed to the field and pushes them towards careers they better understand how to prepare for.
To counter this shortfall, well-defined entry points to and subdisciplines in cybersecurity can help. Entry points can look like less (or even non-) technical cybersecurity competitions, internships or apprenticeships, afterschool clubs and programs, and summer camps. These experiences can help reduce the intimidation barrier for cyber-interested individuals by offering them an opportunity to explore the field, become more familiar with tools and tasks involved in cybersecurity work, and learn firsthand whether the field is a fit. Subdisciplines break down the generalizations of work roles in cybersecurity into more accessible academic and career pathways. Providing subdisciplines to individuals curious about cyber is encouraging and offers the needed structure for them to envision a future role in the field.
A Paradigm Shift in Cybersecurity Education & Training
The constantly evolving and highly complex nature of cybersecurity poses unique challenges to the status quo when it comes to educating and developing the next generation of cybersecurity professionals. Learning experiences must be engaging and persistent, incite passion for life-long learning, and encourage new and different students to explore and pursue cybersecurity as a career choice. And while educators have long been dedicated to creating opportunities for students, a paradigm shift in how teaching and learning cybersecurity happens is critical.
Teaching methods that rely on lectures, PowerPoint, rote memorization, and other stale and static approaches do not adequately prepare individuals for work for this field. Being a cybersecurity professional demands an ability to understand and/ or perform hands-on, technical work. Immersive learning experiences in real world environments are imperative to producing well-qualified cybersecurity talent.
Cybersecurity Talent Identification & Aptitude Assessments
In 1943, Kathryn Briggs and Isabel Briggs Myers developed the Myers-Briggs Type Indicator (MBTI)® to help identify career preferences for women entering the workforce in an effort to fill shortages stemming from World War II. In 1945, the MBTI was first used by the George Washington Medical School to screen potential candidates for an aptitude in medicine. Today, approximately 89% of Fortune 100 companies use MBTI in the hiring process. Replicating this effort to match an individual’s personality-specific competencies to roles within cybersecurity is a giant leap toward closing the skills gap in this field.
My own professional work efforts follow the Myers-Briggs approach by uniquely applying similar personality-based research to cybersecurity using the NIST Cybersecurity Framework and the NICE Cybersecurity Workforce Framework. The Cyber Aptitude Typology Indicator (CATI, pronounced kay-tee), provisionally patented from By Light Professional Services, LLC, identifies an individual’s cyber personality type by looking at one’s natural tendency to gather and process information, and make decisions. This new method of cyber assessment predicts a person’s cyber aptitude and suggests work roles they may find to be a more natural fit.
Moreover, complementing cyber personality types with subdisciplines in cyber caters to varying intrinsic preferences for information gathering, communicating findings, and ideating on solutions. A better understanding of this, combined with the knowledge that everyone has their own effective methods for learning (i.e. whether they absorb information by hearing the conceptual theory, benefit from seeing example problems and solutions, enjoy independent or group work, thrive with visual aids, etc.), further enables the development of learning content and environments that support both individuals entering the field and those who are upskilling their current knowledge and competencies.
Today there is a global crisis in cybersecurity; cyberattacks continue to mount as millions of cyber-related job openings remain unfilled. This is a challenging field with high rewards but one that can seem daunting to academic instructors, corporate hiring managers and potential cybersecurity professionals. By reviewing decades of lessons learned from MBTI and the potential of cyber aptitude assessments, we can create new learning environments that serve to identify, teach, train, and continue to evolve practitioners in cybersecurity. This approach will create a dedicated cadre of cyber professionals who can meet the current and future needs of the field.