Today’s threat landscape is a dynamic collage of cyber exploits perpetrated by sophisticated and agile crime syndicates, religious and political groups, and others with malicious intent. The organizational victims of stealth cyber warfare-commercial companies and government agencies-must fortify their traditional technology-based defenses in order to effectively combat this pervasive and constantly evolving threat. The battlefield has expanded and matured…so must the fighting forces of the human perimeter.
A broader perspective that encompasses all critical aspects of people, process and technology is required to attain a state of resilient cyber readiness. Cybersecurity no longer falls within the exclusive purview of the security organization; it now encompasses every job that touches technology acquisition, deployment and operations. Leading agencies (e.g., Department of Homeland Security, intelligence) are leveraging proven workforce planning strategies and solutions to overcome the acute shortage of cybersecurity professionals. Similar approaches should be adopted across all federal agencies and in the private sector as a matter of national security.
Increasing Demand for Hybrid Cyber Professionals
Given the sheer number of cybersecurity professionals required, public and private sector organizations are challenged to attract, hire and retain competent workers who demonstrate the necessary skill sets vital to protecting our nation from cyber threats. It is now more critical than ever to acquire and engage next-generation cyber warriors who possess a potent mix of hybrid skills that supplement technical ability, enabling engagement and effective collaboration with stakeholders in other disciplines and business leaders across the organization.
Not only has the number of job titles consisting of cybersecurity components grown exponentially in the past several years, but so has the number of ways to conceptualize and define global cybersecurity. Without concentrated targeted effort, it is increasingly difficult to determine the specific positions that fall under the cybersecurity umbrella, identify current deficiencies and vulnerabilities, and evaluate job candidate and existing workforce capabilities.
Raising Public Awareness and Establishing a Common Language
The National Initiative for Cybersecurity Education (NICE), an imperative supported by federal government agencies, subject matter experts and industry partners, focuses on cybersecurity awareness, education, training and professional development. The National Cybersecurity Workforce Framework defines cybersecurity work and workers according to a unified lexicon and taxonomy. The Framework leverages human capital management best practices in workforce planning to address the cybersecurity talent challenge. Jane Homeyer, Ph.D., Chief Human Capital Competencies, ODNI, recently stated: “The National Cybersecurity Workforce Framework serves as the focal point for existing and future cybersecurity workforce development initiatives.”
Organizations must develop specific, targeted cybersecurity talent management strategies tailored to their own workforce performance goals and mission objectives. Integrating these critical elements will help determine what cybersecurity professionals your organization needs, how many, and at what levels of expertise. The Framework serves as a foundation for security experts to use in engaging the human capital management experts in their organizations to build sustainable programs for hiring, training and retaining cyber talent.
“Establishing and implementing standards for cybersecurity workforce planning is a matter of national security. The National Cybersecurity Workforce Framework provides a foundation that CISOs across government and industry can use in working with their human capital management experts to build sustainable programs for hiring, training and retaining cyber talent,” according to Margaret Maxson, Director, National Cybersecurity Education Strategy, DHS.
Today, Chief Information Security Officers (CISOs) must enhance their resources by forging partnerships with Chief Human Capital Officers (CHCOs), proactively working together to develop cohesive strategies that integrate the entire talent management lifecycle into the cybersecurity workforce. Human capital experts can offer support in determining how many cybersecurity professionals the organization needs, how to best define and categorize critical skills, and how to attract and retain talent to enable long-term development, management and security of the organization’s cyber domain.
Hiring, Training, Developing and Retaining Next-Generation Cyber Warriors
Legacy approaches cannot ensure that organizations have enough cybersecurity professionals and that the people with relevant skills and attributes are in the right jobs. PDRI, a leading talent management consulting firm, works with government (civilian, military, and intelligence) agencies and industry to develop best practices for applying proven workforce planning solutions to address the cyber workforce shortage. The following solutions are essential for implementing a holistic human capital strategy to meet current and future cyber challenges:
- Competency Modeling: Define the skills, knowledge and abilities that are critical to the success of your cyber readiness strategy. A starting point for workforce planning, competency modeling empowers organizations to define the knowledge, skills and abilities required for success in various cyber positions, leading to a targeted cybersecurity human capital strategy to address the organization’s specific challenges and vulnerabilities.
- Assessments: Optimize hiring and employee development success with advanced tools for assessing cybersecurity skills, knowledge and abilities. Given the number of occupational roles that now encompass cybersecurity, assessments are an even more critical component of performance management and career development.Delivering objective information about a candidate’s skill set prior to hire, employers can rely on assessments to identify cybersecurity professionals who supplement their technical knowledge with interpersonal, communications, integration and strategic thinking skills that demonstrate flexibility and agility. This leads to smart hiring decisions that leverage good fit between employee and organization, positively impacting job satisfaction, employee engagement, productivity and retention.
- Custom Training: Maximize tacit knowledge retention and performance with cyber training customized for your organization. Since end users are the easiest attack targets, people are the weakest link in the cybersecurity landscape; user and professional awareness training are required to address concerns. It’s important to consider return on investment; conventional employee training and awareness lack requisite accountability and vigilance. Savvy organizations offer flexible, engaging, immersive, self-directed learning programs tailored to specific needs and goals, and continually take into account the unique nature of cybersecurity work in designing effective training solutions
- Career Management: Develop and retain your best-qualified cyber workforce with self-directed career advancement solutions. Leaders must actively and continuously engage cyber professionals at all levels of government agencies via meaningful work, cost-effective internal learning and development programs, and rewarding growth opportunities. Throughout our nation’s history, the best and the brightest have seized opportunities to address public sector challenges. Today, government plays a more critical role than ever in defending the country against cybersecurity threats. There are many enticing opportunities available to qualified cyber professionals who want to make a fundamental difference. Today’s cyber warriors will become tomorrow’s cyber heroes.
Today’s dynamic threat landscape dictates that technology alone cannot sustain a powerful frontline defense. People are the most significant component of the artillery; the human perimeter is critical to cyber readiness. Security and human capital experts must collaborate and spearhead proactive long-term strategies to ensure that organizations have the resources and infrastructure in place to attract, hire, develop, manage and retain the next-generation cyber workforce. As part of cohesive cyber readiness, organizations must elevate workforce planning to the forefront of cybersecurity strategy.
Best-in-breed government agencies and commercial organizations will adopt a synergistic talent management approach that integrates cybersecurity strategy into robust and sustainable workforce planning strategies that enable acquiring and engaging the world’s best and brightest cybersecurity professionals.
Maya Yankelevich is a Senior Human Capital Consultant for PDRI. She has seven years of experience providing human capital consulting to private and public organizations, leading and contributing to innovative client solutions.