The shortage of cybersecurity professionals in the US is not only a concern for the private sector, but also for the public sector, where salaries for cybersecurity roles are not as high. This shortage could pose risks to national and homeland security, a new report by the RAND Corporation finds.
The shortage of trained cybersecurity professionals is particularly severe in the federal government, according to the report, titled “Hackers Wanted: An Examination of the Cybersecurity Labor Market.”
According to the study’s authors, the demand for cybersecurity professionals began to overtake supply in 2007, mostly due to increased reports of large-scale hacking, including the discovery of advanced persistent threats, and credit card data breaches.
“It’s largely a supply-and-demand problem,” Martin Libicki, lead author of the study and senior management scientist at RAND said in a statement. “As cyberattacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time.”
The study notes that in the private sector, many large organizations have found ways of dealing with the cybersecurity manpower shortage through internal promotion and educational efforts. A report earlier this year from Cisco notes that there is a worldwide shortage of nearly one million skilled cybersecurity professionals.
To address the labor shortage in the public sector, the RAND study outlines a number of recommendations, including waiving civil service rules that impede the hiring of cybersecurity professionals, maintaining government hiring of these professionals through sequestrations, and developing strategies to bring more women into the field.
“Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to ten years,” according to the study. “By then, the current concern over cybersecurity could easily abate, driven by new technology and more secure architectures. Pushing too many people into the profession now could leave an overabundance of highly trained and narrowly skilled individuals who could better be serving national needs in other vocations.”