A recent article by Kevin Collier, which appeared in BuzzFeed highlights what seems to be a recurring trend. US officials talk about how important and critical cyber is, and yet top cyber positions remain unfilled and the cyber ranks continue to be understaffed. The article indicates that four key cyber roles: Chief Information Security Officer for the EPA, the CIO for the Department of Homeland Security, the CIO for the Department of the Navy, and the Director of Information Security and Privacy at the Office of Personnel Management are now unfilled.
We continue to hear rhetoric underscoring the importance of our cybersecurity posture, meanwhile, we hear almost daily about new cyberattacks: breaches, ransomware, and voting hacks just to name a few. While at the same time we have numerous leadership positions within cyber that are vacant and similarly the staff positions remain open as the divide seems to grow between the demand for cybersecurity professionals and the number of candidates that possess the requisite skills to fill these slots.
This is a critical issue which plagues the public as well as the private sectors. Until and unless we get serious about cyber and begin to develop a pipeline for a skilled cyber workforce we are going to continue to suffer devastating cyber attacks. We need to act now and it is vitally important that a clear set of priorities is identified and articulated so that we can begin to take the requisite short and mid-term steps necessary both to avert our current cyber issues as well as those that inevitably will plague us going forward.
That starts with leadership and action vs. non-action and disjointed off-the-cuff rhetoric. While we may face imminent threats around the globe from conventional actors, the rise of cyber leaves us exposed and vulnerable both abroad and at-home. If we can’t put people in these leadership positions and give them the tools they need to implement cohesive and intelligent cyber strategies then the coming cyber attacks are likely to increase in both scope and frequency.