I’ve been reading and listening to information related to cybersecurity and cyberwarfare recently, and one thing which comes up often is the gap in cybersecurity talent. It’s been said that unemployment in cybersecurity positions is right around zero percent. There are simply not enough people with the skills necessary to fill private sector and government positions, especially as the risk of cyberwarfare and cyberespionage increase exponentially due to steadily moving advances in technology. I have a couple ideas about how this could be addressed going forward, specifically with adaptations made by the military to their recruitment and enlistment conditions.
Typically, military branches in the United States have recruited for cybersecurity and cyberwarfare from within their own ranks as well as the private sector when possible. As the necessity for cyberdefense has become more prominent in recent years, the traditional methods of bringing in talent has continued to work well, albeit not at numbers significant enough to fill the hiring gap nationwide. One major area of hesitation for those considering serving in this field is the length of time which an individual is generally expected to serve in the military. Given the speed at which the cybersecurity industry has developed and continues to develop, it is perhaps a bit too optimistic to think that everyone with talent would be willing to commit to long-term service.
I believe that this could be addressed by creating a cybersecurity tour of duty which is two years in length, at as competitive a salary as can be afforded within military spending limits. After that tour ends, individuals would be able to choose whether to enlist for an additional tour or go into the private sector. Written into their contract would be a caveat that they could be called on again by the military two or three times each year for a set number of years after their tour for consulting purposes. This consulting process would last one week and the individual would be paid a set rate, below what they would otherwise be paid to consult within the private sector. This would create a vast workforce with established security clearance and quality training who could use and hone their skills in the private sector, and could then be called upon again to serve in the defense of their country. This would not only increase military talent but also carry over good cybersecurity protocols into the private sector. At times of high risk to the country via cyberwarfare, a vast number of well trained individuals could be called upon in an instant to defend it, and all without the considerable costs which would normally be incurred hiring a team of high level cybersecurity professionals.
This strategy still requires finding talent, and that is an area which is currently being explored thoroughly both in the military and in the private sector. The most effective course of action in my opinion would be to think outside the box, find people who have an interest in and familiarity with computers and cybersecurity, individuals who typically would not be looked at for recruitment, and train them if needed. These subjects aren’t necessarily all that difficult to learn for someone interested, though obviously they can be quite difficult to master. Finding individuals who already have the skills needed but haven’t been recruited yet is a much more difficult proposition than finding people who think creatively, who can adapt to changing scenarios, who have an intuitive grasp of computers and the tenets of cybersecurity, and thus could be trained to become the cybersecurity professionals of the future.
It’s also important to consider that those professionals may not fit the mould of what is currently expected. Recruiting people from universities who have potential and interest is a good start, but one must also consider that not everyone is able to afford higher learning. When it comes to national security and the defense of our nation I believe that there is an imperative to not limit recruitment of talent based on preconceptions and stereotypes. Considering the stakes involved, I have difficulty understanding how our country can afford to exclude good people, especially if it’s due to outdated notions.
There are countless individuals in this nation who have the analytical abilities, the problem solving and pattern recognition skills, the interest and the motivation to serve in this specific capacity, yet who haven’t been considered for a variety of reasons. Finding individuals who show potential and training them is a win-win, bolstering the nation’s defenses while providing a future career path in a growing industry and simultaneously reinforcing the cybersecurity of the private sector to help prevent future cyberespionage and sabotage meant to undermine our economy. The threat from cyberwarfare and the ever dissipating line between traditional warfare campaigns and cyberwarfare campaigns necessitates, in my opinion, a thorough and uniformly profound reexamination of current practices, and consideration of alternative solutions. We cannot afford to get this wrong.
(And also, as a side-note: excluding autistic people from serving in these areas is, in my humble opinion, a mistake. Studies have shown that some autistic people have superior visual abilities, problem solving abilities, logical reasoning, ability to notice irregularities in patterns, and general pattern recognition compared to non-autistic control groups. All of these could prove beneficial here.)