Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A simple cure for the cybersecurity skills shortage

Ira Winkler | April 17, 2014
An approach that has worked for centuries in all sorts of industries is just as applicable to the security field.

My assignments involved programming, systems and network administration, cryptanalytic programming, database design and administration, white- and black-box software testing, and other functional roles. While none of those roles directly involved security per se, they all involved security when done properly.

The tactic that the NSA used was to add security skills, gained through experience, to competent individuals, rather than to take cybersecurity graduates and throw them into security matters with no experience. Even the highly accomplished NSA Tailored Access Operations unit was not staffed with people with degrees or certifications in cybersecurity, but with really smart IT professionals who understood the underlying technologies and were able to figure out how to exploit them.

When you look at the early experts in security, including those at the NSA, none was a formally trained security expert. They were either transplants from other areas of information technology, or they were considered to have exceptional ability and were mentored.

So when you look at the cybersecurity skills shortage, think about what is already working, at the NSA and in other industries: starting with capable people (even though their skill sets might be tangential) and having them apprentice under skilled people.

This approach takes time, effort and money. It's not easy. It is, however, what actually works.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.