- The federal government, spurred by an Office of Management and Budget (OMB) initiative, is looking to a tackle a skills gap that is "a significant impediment" to improving cybersecurity, according to a 2016 memorandum by OMB officials.
- As part of efforts to address the skills gap, the OMB announced in September 2018 the "Cloud Smart" strategy. In a notice of proposed rulemaking requesting public commentary on the strategy, OMB said the strategy would focus on three specific areas to improve cloud technology adoption and further modernize existing legacy technology used by the government: security, procurement and workforce. However, the announcement didn't provide a lot of detail, Dave Egts, chief technologist of the North American public sector organization at technology provider Red Hat, wrote in Nextgov.
- Egts said the federal government "has not always been cost-effective" in offering training and education to employees, but suggested that agencies look at open source training as an alternative to large budget expenditures. Egts also said the government should seek to hire professionals who have certifications, and added that senior leadership at federal agencies could play a part in creating a a more attractive culture for candidates. "After all, it's one thing to protect a company from the efforts of industrious hackers; it's quite another to protect your country from similar threats," Egts wrote.
The advice may be aimed at a federal audience, but private sector employers and recruiters at other types of firms can apply similar lessons to their own strategies. And no matter the organization, research by cyber firms suggests there's much work to be done in educating employees about the risks businesses face.
A study last month by Mimecase showed employee error can create cybersecurity vulnerabilities, yet only 25% of workers understand common threats that could lead to a breach. A separate study by MediaPro suggests 70% of employees don't know how to prevent an attack against their company. Rather than stepping up efforts to educate staff, less than half of businesses surveyed provide mandatory training to mitigate risk, according to the Mimecast study. Training against cyber threats is a top priority for chief information security officers, according to one global study, but most CISOs agree training is trailing need at an alarming pace.
One suggestion to increase awareness is to promote a culture that supports cybersecurity. But training is a crucial component, and employers can invest in new formats like simulation programming. Others are looking to one hobby in particular for a solution: gaming. Three-quarters of senior managers in a 2018 McAfee report said they would consider hiring a gamer as part of their cybersecurity staffing strategy, even if a gamer candidate lacked cybersecurity experience.