Implementing the Cyber Workforce and Education Strategy in your organization
– Josh Eklow
The Biden Administration recently released another cyber strategy document: the National Cyber Workforce and Education Strategy. While parts of the document focus on how the Federal government will work to further the cyber education of potential government employees and to grow the cyber workforce available to the public sector, they also outline a strategy that strives to raise the general level of cybersecurity awareness and training of all organizations and citizens, enrich the workforce for the private sector, and close the cybersecurity employment gap in the US in both public and private sectors. There are several tactics laid out in the strategy that can be implemented in your organization to manage the cybersecurity workforce gap. Much of the Biden Administration’s strategy is focused on long-term planning and many of the goals will not be realized for many years. In the meantime, businesses should position themselves to be part of the solution, both in their own organization, but also in their industry and national economy.
One tactic that the government plans to use in its efforts to close the cybersecurity gap is to work more closely with private entities to fill positions and ensure protection. This is something businesses already do: working with vendors and outsourcing to partners. Integrating third parties and private companies in the public sector will mean a great opportunity for practitioners and organizations to contribute to public and Federal cybersecurity efforts. These efforts will benefit from the experience and knowledge developed within the private sector. They also will try to benefit by doing something many businesses have already done: reform and rethink their hiring requirements and strategy. By looking more widely at the skills and experience of potential practitioners, they not only access resources they previously eschewed, but they also widen the knowledge base and diversity of their own organization.
Another tactic that can be implemented in private organizations at any level is to integrate cybersecurity and best cyber practices into the design, management, and operation of all parts of an organization. The government will make the cybersecurity of the organization the responsibility of all and will develop this culture across all departments, beginning with training and education. Instilling a similar understanding in your team will greatly raise the cybersecurity maturity of your organization. Employees must understand that every position at the company holds a vital role in cybersecurity, not merely the IT or IS staff. All staff should receive training on cybersecurity, especially as it relates to their positions. Management should consider cybersecurity issues in team meetings, planning, and assessment. By making everyone at the company a stakeholder in the cybersecurity of the organization, you greatly increase the digital resilience of your organization and employees. Much as the Federal strategy includes measures to generally educate the public in order to create a safer ecosystem for all, the efforts an organization takes to create more secure employees will mean that they bring this higher level of awareness and best practice home and to other parts of their life online. This indirectly helps your organization by raising the general level of security around you, but also will directly impact your organization. The line between personal and business is often fuzzy online, and bad security practices at home can lead to vulnerabilities in your business.
Part of the strategy touched on in Pillars 2 and 3 is to integrate with the greater cyber ecosystem, specifically in the area of education and training. Time and energy spent developing the cybersecurity climate of tomorrow will pay dividends to your organization for many years. There are many ways that your company can do this today and you can start however makes the most sense for your team. Many industries have cybersecurity groups that are focused on their particular businesses. Attend events, as a company and as individuals, and get involved in boards and information-sharing groups. Incentivize your team to get involved in areas relating to their particular role, in CISO groups for example. Sponsoring events is a great way to show that your company is a stakeholder and to build culture at your company. Get involved with local colleges and educational and training programs. Attend cybersecurity events that are tailored to students or hosted at universities.
As the National Cyber Workforce and Education Strategy is put into practice, it will be to the benefit of all to consider how these ideas and tactics can be enacted in our own organizations. The hybridization of the workplace, accelerated by the COVID pandemic, is not slowing, and the future of the workplace itself is online. It is the American way to innovate and take advantage of the opportunities new technology presents. With this strategy, our leaders have laid out a plan to do so, while also acknowledging that they will need to adapt and change.