Reports have warned for years of a critical gap of cybersecurity talent in the federal government.
According to conventional wisdom, the government simply needed to find a way to recruit more tech-savvy, smartphone-wielding, digital natives to help freshen up the ranks of the federal information-security workforce.
However, a new survey reveals reveals the majority of millennials across the globe haven’t received any specialized cybersecurity education and aren’t entirely sure of the typical range of responsibilities involved in a cyber career.
That’s according to a new report, “Securing our Future: Closing the Cybersecurity Talent Gap,” released Monday by Raytheon and the National Cyber Security Alliance. The report draws on surveys of respondents, age 18-26, from 12 countries including the U.S., the U.K., France, Germany and Japan.
Michael Kaiser, executive director of the National Cyber Security Alliance, points to an overall “awareness gap” among the millennial generation when it comes to cyber careers.
"We have just a straight gap in the knowledge of job skills,” he said Monday at a National Press Club event unveiling the survey results. “People don't know what these jobs are. They just don't know."
For example, nearly 80 percent of millennials said they’ve never spoken to a practicing cybersecurity professional or were unsure if they had, according to the survey. Meanwhile, 67 percent of respondents -- 62 percent in the U.S. -- said they hadn’t even heard about cyberattacks in the news over the past year.
The awareness gap among millennials -- not to mention the lack of formalized cyber training before college -- has implications for the government’s efforts to recruit tech-savvy talent.
Just 31 percent of respondents said high school computer classes had prepared them for a cyber career, according to the survey. And nearly two-thirds of U.S. millennials said neither teachers or guidance counselors had ever mentioned the idea of a cyber career.
"This is the pool that the military services are recruiting from,” said Col. Todd Glanzer, U.S. Air Force chief cyberspace force development officer in the Office of the Air Force Chief Information Officer.
Glanzer said the Air Force is working on a pilot program with the University of Maryland to test prospective recruits’ aptitude for cybersecurity careers, modeled on similar assessments for language-learning ability.
“So they may not have been exposed to it in high school, because the numbers prove that out,” Glanzer said. “But can we give somebody an assessment and say they may have what it takes to do well in this area. And then not only do we lessen training deficiencies, but we also get somebody that perhaps is motivated to excel."
Ben Scribner, who heads governmentwide cyber-workforce development efforts at the Department of Homeland Security, said he’s not all that surprised young people are confused about how to break into cyber careers.
"We have a field of work and study that really is brand spanking new,” he said. “We're making it up as we go along, because nobody has really done this before. It's a brand new field of work and study."
At DHS, Scribner has worked on developing a comprehensive framework of cybersecurity careers, organized by common specialty areas and responsibilities. The federal government is already in the process of mapping its information-security careers in the government to the framework. Colleges and universities can also use the framework to reorganize their curricula, Scribner said.
"We've come a long way, but we are still in terms of the development of professions, we are really at the very bleeding-edge beginning of a career,” he said. “And because of that, we really don't have very clear standards. We don't have clear career paths. We don't have good clear job sets that have been defined over time due to market forces. And we don't have time to wait for that to happen."
Correction: An earlier version of this article incorrectly identified Ben Scribner.