Seizing the Opportunity to Close the Cybersecurity Skills Gap

Albert Einstein has been quoted as saying “In the middle of difficulty lies opportunity.” By that measure, the federal government has an enormous chance to boost its workforce’s IT and cybersecurity skills.

It’s no secret that there’s been a big federal IT cybersecurity knowledge gap for the past couple of years. Look no further than 2016, when the Office of Management and Budget released its Federal Cybersecurity Workforce Memorandum. In that document, representatives from the OMB wrote: “both federal and private sector executives cite the lack of professionals with the requisite knowledge and skills as a significant impediment to improving their cybersecurity.”

While the problem still exists, the Trump administration has begun putting in place some noteworthy steps to seize the potential opportunity. In September the OMB announced the 2018 Federal Cloud Computing Strategy, or “Cloud Smart.” A core tenet of the program is to “upskill, retrain, and recruit key talent for cybersecurity, acquisition, and cloud engineering.”

Cloud Smart lays out precisely what agencies need to concern themselves with training and retaining skilled employees, and acknowledges the disadvantages the federal government faces in its competition with the private sector. But Cloud Smart does not explicitly spell out the steps agencies should consider taking to enhance their employees’ skills and bridge the gap.

Fortunately, there are a number of options that the federal government can explore. Pursuing these options will not only result in a more highly trained, knowledgeable, and effective employee base—they may even give the public sector a bit of an advantage when it comes to competing with the enterprise space for cybersecurity talent.

Explore Open-Source Training Options

The government has always been good at providing education and training, but it has not always been cost-effective to offer these services. That was especially true when proprietary software ruled the day. Agencies would often have to pay large sums to send their employees to be trained on a specific type of application that the organization had already spent a significant amount of money to license. That was a daunting barrier of entry that made investing in training less appealing.

The proliferation of open source software has changed the training landscape dramatically. Today, there is a plethora of low cost or even free options available, ranging from books to online forums to go-at-your-own-pace training programs. It can be relatively easy and cost-efficient for agencies to set their employees up on a detailed training regimen designed to provide them with in-depth cybersecurity skills. Employees themselves can also seek out programs and engage with them on their own time, often for little or no money.

In short, the open source community has put effective training on a number of topics, including cloud migration and deployment and cybersecurity, well within the reach of every agency and IT administrator. Indeed, the training programs offered by many open source providers and the community itself can be highly instrumental in helping agencies achieve the OMB’s goal of ensuring that agencies’ “workforce is knowledgeable enough to understand all of the considerations in planning a migration, as well as to support the cloud environment once deployed.”

Look for Certified Professionals

When hiring new employees, it’s important to be able to separate the wheat from the chaff. Many people can put the words “experienced cybersecurity manager” or “expert in Linux” on their resume, but how do you know if they’re really as good as they claim to be?

Certifications can help agencies differentiate between those who are good at what they do and those who have a higher level of expertise. A certified Linux professional, for example, has gone through multiple rounds of training and a specialized exam to test their knowledge. That person may also have gone through rigorous steps to become certified in Linux security, too. The seal of professionalism they’ve earned may make them worth considering ahead of other job candidates.

Provide a Sense of Mission

People managing cybersecurity in the private sector may not find the same sense of mission that the public sector offers. After all, it’s one thing to protect a company from the efforts of industrious hackers; it’s quite another to protect your country from similar threats.

This ability to instill employees with an unparalleled sense of pride is the trump card that the government has in its favor--and it must start at the top. Senior leadership must create a culture that everyone is willing to rally around and wants to be a part of. If government agencies do this, they will have a better shot at keeping their employees after the initial training is complete.

A commitment to training and establishing a great work environment that starts at the top are the keys to building a happy and knowledgeable workforce that can defend agencies today and in the future. If the public sector can achieve these objectives, it can seize the opportunity to close that cybersecurity knowledge gap and build a culture that could become the envy of enterprise organizations everywhere.

Dave Egts is chief technologist, North American Public Sector at Red Hat.