CXO Magazine
CXO report Closing the cybersecurity talent gap
Close menu
The global talent search
Part 08

The global talent search

From Texas to Tel Aviv, public-private initiatives aim to fill the worldwide cybersecurity skills gap.

Two years ago, IBM coined a term for professions between blue- and white-collar jobs.

The so-called “new collar” positions prioritize skills, knowledge, and a willingness to learn over traditional degrees. These are primarily careers in tech, and many of the roles are in cybersecurity. The computing giant is investing $1 billion to help local governments and school officials launch new educational initiatives that combine skills learned in high school with community college courses and on-the-job training and mentoring. IBM also shifted its approach to recruitment. By late 2017, 20 percent of IBM’s new hires for cybersecurity jobs were considered new collar professionals.

The IBM effort is a prime example of how the private and public sectors—in the U.S. and abroad—should work more closely to bridge the cybersecurity talent gap. Washington can’t defend the nation’s cybersecurity on its own. In the U.S., “cyber power is not at Ft. Meade,” Jason Healey, senior research scholar at Columbia’s School of International and Public Affairs, said in a March 2017 Congressional hearing, referring to the National Security Agency headquarters. Since it’s really the tech sector that holds the keys to better cybersecurity, this field requires much more robust public-private collaboration.

Around the globe, this collaboration is starting to happen, from initiatives to increase the public’s role in improving cybersecurity to retraining soldiers for jobs in the field. Here’s a look at some of the most promising examples of how businesses, governments, and educators can work together.

Estonias model

The all-volunteer Estonian Defence League boasted 25,001 members in 2015 in a country of 1.3 million. Established in 2008 as part of the league, the Cyber Defence Unit includes professionals from a wide array of fields. The unit enables private-sector workers interested in the field—some without a background in tech—to train with cybersecurity experts in order to gain skills and experience, and to network with others involved in the space. Additionally, Estonia has been teaching youths ages 7 to 19 how to write code since 2012 through the ProgeTiiger pilot program, which has now expanded to 67 percent of Estonian schools.

Spain’s cyber camps

Since 2014, Spain has offered free annual virtual cyber camps, hosted in a different city every year and organized by the Instituto Nacional de Ciberseguridad, the public entity that covers cybersecurity initiatives. It is a well-known event that attracts talent from across the country and connects existing experts with companies that host the effort. Participation has grown from 10,000 in 2015 to 15,000 attendees and 7,000 streaming connections in 2016, according to the most recent data available.


Cultivating new expertise

  1. 20%

    Percentage of IBM’s new hires for cybersecurity jobs were considered 'new collar' professionals.

  2. 67%

    Percentage of Estonian schools teaching 7 to 19 year olds how to write code.

  3. 22,000

    Number of people attending cyber camps in Spain in 2016, up from 10,000 in 2015.

Canada’s job creation program

The current environment is also driving the need to move from a knowledge-based professional evaluation process to a performance-based process. This is why efforts like the job-creation program initiated in 2011 between Willis College, a leading Canadian private career college, and Fortinet, a network security provider, have served both the community and the private sector. This partnership built out a curriculum based on network security technology. It provides students with extensive hands-on training, resulting in recognized certifications and an internship with Fortinet or other top organizations. As of 2016, one of these programs, the Advanced Network Security Professional Diploma program, had graduated more than 200 students.

Israel’s hunt for sources of talent

Israel also focuses on education outreach. The Cyber Education Center oversees efforts such as the Magshimim after-school program that teaches underprivileged high schoolers computer programming, coding, encryption, and computer network defense. Another program focuses on empowering young women in the field through the CyberGirlz community. What follows for many, given that military service is compulsory, is recruitment into the Israeli army’s cyber units. That provides hands-on experience and later a smooth transition into Israel’s cybersecurity industry—allowing for a 360-degree strategy that begins in high school and goes through the military, intelligence community, startup sector, and private sector. Key in its approach is that the center operates in conjunction with Israel’s security and high-tech sectors to stay current.

Chinese supply and demand

In China, the recognition of an existing talent gap has fueled focus on growing the country’s pool of experts. Although it already has a strong community of cybersecurity professionals, supply cannot meet the demand of its 700 million internet users. In 2017, the country’s top internet regulator, the Cyberspace Administration of China, and the Ministry of Education announced its decade-long goal of building four to six internationally recognized schools for training cybersecurity talent. Both government entities invited Chinese universities to sign up for the project and offered to provide resources and investments so they can establish themselves as leading cybersecurity schools.

200+ active-duty service members and vets were trained in cyber programs at Dynamic Advancement

Source: Dynamic Advancement

San Antonio’s effort to retrain soldiers

At the San Antonio, Texas, information technology and cybersecurity training provider Dynamic Advancement, experts help departing military members enter the area’s growing cybersecurity sector. They figure out how the service member’s experience with cybersecurity—and other related skills gained in the military—might qualify them for employment in civilian life. They also help them gain the right training and certifications—through test prep and offsetting the costs of these certificates—to make them attractive job candidates. Since 2016, the program has trained more than 200 active-duty service members and veterans, and it has also offered free introductory courses to civilians.

Partnerships inside the Beltway

A larger initiative was launched in 2016 between the SANS Institute, an information security training and certification organization in Maryland, and NinjaJobs, a Virginia-based community that aids companies in finding experienced cybersecurity professionals. The effort helps pair trained veterans and women with corporate clients. This focus on gender imbalance is essential and long overdue, as women in 2017 comprised only 11 percent of the cybersecurity workforce. In fact, the existing gender gap has driven additional efforts, including the Women’s Society of Cyberjutsu in Arlington, Virginia; the Women in Cybersecurity Project, part of the Washington, D.C., think tank New America’s Humans of Cybersecurity Project; and the Women in CyberSecurity initiative, which is supported by a National Science Foundation grant.

Monica M. Ruiz is the Program Fellow for the Cyber Initiative and Special Projects at the William and Flora Hewlett Foundation. She supports efforts to build a more robust cybersecurity field and improve policy-making and manages the foundation’s portfolio of Special Projects grants. Follow her on Twitter @mruiz12. 

Read from the beginning

Part 01

The race to build a cyber workforce