My assignments involved programming, systems and network administration, cryptanalytic programming, database design and administration, white- and black-box software testing, and other functional roles. While none of those roles directly involved security per se, they all involved security when done properly.
The tactic that the NSA used was to add security skills, gained through experience, to competent individuals, rather than to take cybersecurity graduates and throw them into security matters with no experience. Even the highly accomplished NSA Tailored Access Operations unit was not staffed with people with degrees or certifications in cybersecurity, but with really smart IT professionals who understood the underlying technologies and were able to figure out how to exploit them.
When you look at the early experts in security, including those at the NSA, none was a formally trained security expert. They were either transplants from other areas of information technology, or they were considered to have exceptional ability and were mentored.
So when you look at the cybersecurity skills shortage, think about what is already working, at the NSA and in other industries: starting with capable people (even though their skill sets might be tangential) and having them apprentice under skilled people.
This approach takes time, effort and money. It's not easy. It is, however, what actually works.
Sign up for CIO Asia eNewsletters.