By Jon Check, senior director of cyber protection solutions, Raytheon Intelligence & Space
As cyber threats continue to grow, we will see ransomware attacks become more directed towards companies that can pay enormous sums and those who have insurance to protect themselves. This will also include an increase in IoT-related cyber attacks. Devices connected to a lucrative target’s network can be quickly infiltrated and create an entry point for a breach. Unfortunately, any criminal penalties for such attacks will have little effect, as the next attacker will only become smarter and harder to catch.
We must combat these threats by bringing our best thinking to the table while welcoming and inviting unconventional and diverse talent that historically have not been connected to the cybersecurity industry. The best ideas and most impactful solutions will come from taking a new path shown to us by an unexpected guide.
Recognizing the lack of diversity in the cyber workforce
Women in cybersecurity represent just 25% of the global workforce and overall, minorities comprise only 26 percent of the cybersecurity workforce in the United States. Cybersecurity leaders need to understand this disparity as it limits the diversity of thought that leads to more creative brainstorming, problem solving, and new ideas that are essential for fighting cyberattacks. The business case for diversity is well-documented – the Boston Consulting Group showed that companies with more diverse management teams have 19% higher revenue from innovation than companies that score low in diversity.
We also need to remember that people don’t stop learning when they complete their highest institutional education level. Valuable education and skills can be learned outside of academia, and some of the best and brightest minds out there don’t necessarily have the resources to obtain the formal education they need. With a virtual workforce more available and in-demand than ever, it’s up to the entire cybersecurity industry and its leaders to figure out how to engage the best and most diverse thinking from across the nation and from all backgrounds. To start, tuition reimbursement, scholarships, and student loan repayment programs can go a long way in making sure that individuals of all socioeconomic backgrounds can help us fill the cyber talent gap.
Unique opportunities of the “Great Resignation”
Given the current climate, we should not be surprised by the high resignation rates we’re seeing in the technology sector. The gap within the cybersecurity industry is especially clear; there’s a shortage in the workforce, which means that many people are being stretched thin and expected to wear multiple hats— and maybe more than they can handle. This leads to feelings of burnout and dissatisfaction. With a market that is now favoring employees, people are going to look for new opportunities that offer more benefits and a better work-life balance.
With that said, there are some advantages for the cybersecurity industry when dealing with the current so-called “Great Resignation” which is affecting the entire workforce as a whole no matter the industry. Some of these individuals leaving their current jobs for new challenges and opportunities to expand their skills and the opportunity to work from anywhere will find their dream profession within the cybersecurity industry. While these individuals will still need to be trained, there is tremendous value in considering those who may not have the perfect resume for cyber jobs but may offer an unconventional point of view in solving the next cyber challenges. This diversification will increase the importance of positive work culture as candidates will have a lot of choices in the direction they take within the cyber workforce.
Exploring a heavier reliance on automation
We will never be able to hire all the cyber professionals we need, so while we must enforce a shift in how we hire for the cyber workforce, the industry must still determine how best to perform those functions that will remain vacant – no matter our efforts. In these instances, automation is key.
As organizations undergo planning and budget allocation, they are looking to invest in enduring solutions that will ensure a strong security posture. This should include a deeper analysis of specific cyber positions that can be automated. Utilizing automation will help fill long-standing vacant positions and offer relief and support to current employees. The additional benefit is that attracting and retaining talent will improve as the boring and predictable tasks are minimized. Cyber professionals want to work on the cool stuff! Automation allows them time to innovate and lend their unique skills to addressing other, even more prominent challenges. Automation will also help to identify weaknesses in an organization’s security structure quickly. By addressing necessary patching, updates, and validation through automation; cyber employees can spend more time proactively protecting the enterprise. Let automation handle the repetitive and mundane while zeroing out human errors and countless cyber-professional hours.
It’s important to note that automation should not be used to replace security personnel. As discussed, diverse and unconventional thinking from all backgrounds is the key to solving future threats. Automation should be used to fill the gaps that continuously remain empty as the pace of change for the entire industry accelerates.
Expanding the cyber workforce will be an ongoing challenge. Fortunately, recognizing industry drawbacks, unique advantages, and potential automated solutions now, will help to build a brand-new community of security professionals prepared to tackle the next big threat in ways never thought of before.
About the Author
Jon Check, senior director of cyber protection solutions, Raytheon Intelligence & Space.
Jon Check is the senior director of Cyber Protection Solutions (CPS) for Raytheon Intelligence & Space. Raytheon Intelligence & Space Company, with 2017 sales of $25 billion and 64,000 employees, is a technology and innovation leader specializing in defense, civil government, and cybersecurity solutions. With a history of innovation spanning 96 years, Raytheon Intelligence & Space provides state-of-the-art electronics, mission systems integration, C5ITM products and services, sensing, effects, and mission support for customers in more than 80 countries. Raytheon Intelligence & Space is headquartered in Waltham, Massachusetts.
Jon joined Raytheon Intelligence & Space from CSRA Inc. where he was the vice president of the digital solutions organization. In this role, Jon was responsible for the direction, strategy, and operations of the services provided by CSRA’s delivery centers. The Digital Solutions team was committed to delivering next-generation technology and enterprise solutions for customers across CSRA’s portfolio.
Before CSRA, Jon served as vice president of the solutions organization at Computer Sciences Corporation’s (CSC) North American Public Sector where he led a team of brand managers and solution architects developing IT solutions for new pursuits.
Jon joined CSC from IBM where he was executive operations manager – global business services, within IBM’s public sector. In this role, he managed IBM’s federal data centers and managed services, delivering the IBM smart cloud for the government.
Jon also held numerous leadership positions with Northrop Grumman. During his tenure, he provided service strategy, design and delivery of IT professional services to commercial, federal and state markets. Jon has also served in IT leadership roles with Synarc, Inc., Dell Computer and the University of Texas Health Science Center.
Jon holds a Bachelor of Arts in Environmental Science from the University of Virginia.