Support the fact-based journalism you rely on with a donation to Marketplace today. Give Now!
If the U.S. is going to get serious about cybersecurity, it should start with hiring
May 3, 2021

If the U.S. is going to get serious about cybersecurity, it should start with hiring

HTML EMBED:
COPY
The unemployment rate in the cybersecurity field is close to 0%.

The Joe Biden administration is planning to issue an executive order intended to help the country better defend against cyberattacks. One thing the government might want to do is just … hire more people to work in cybersecurity. 

The unemployment rate in the cybersecurity field is close to 0%, according to Erin Weiss Kaya. She’s a strategist focused on cyber-organization with the consulting firm Booz Allen Hamilton. Weiss Kaya, who has worked with both the private and public sectors, said the government should focus less on technical skills or coding and more on people who are used to problem-solving in stressful environments. The following is an edited transcript of our conversation.

Erin Weiss Kaya: They tend to be individuals who are very adaptable. They are very effective communicators. And so thinking instead about the kinds of nontechnical skills that might be necessary in order to be a high-performing member of the cybersecurity professional community is a different way of thinking about who you’re posting and looking for.

Molly Wood: So you’re talking about in some cases, skills-based hiring and a more flexible approach to hiring. Like, don’t just put up a job description that says, you know, “We need an awesome coder with a degree in cybersecurity.” I’m not even sure that exists. I don’t even know if anybody’s getting a degree in cybersecurity.

Weiss Kaya: [Laughs] They are now, but it’s emerging. It’s recent. Yeah, don’t put that up. Don’t put up the seven certifications. So it could be skills-based hiring, it may also be aptitude. Are we opening up the field for pools of candidates who could be very successful, who maybe just need some technical training? Because the difference between cybersecurity and where we tend to attach it is that it’s much more a risk management role than a information technology or even form of information assurance.

Wood: Well, then, how significant do you think these changes are? And how much more time do we have to implement them?

Weiss Kaya: I believe cybersecurity is fundamentally a talent issue. And I think we’re in a position where we could potentially have a landscape we cannot manage within the next decade. We’ve been at this about a decade. That’s about how long we’ve really seen cyber as its own stand-alone, true profession. I think we have about one more decade left before it could be out of our hands.

Wood: I mean, are you saying this is a real national security threat over the next decade?

Weiss Kaya: I do believe this is a real national security threat. One which, while the federal government’s protection of its own, is a piece of that puzzle, it also is very intertwined with the infrastructure of our nation.

Related links: More insight from Molly Wood

The Washington Post covered legislation introduced last week that would create a cybersecurity reserve program, like the National Guard or Army Reserves. It would train up elite cybersecurity professionals, by invitation only, who could be deployed by the Department of Homeland Security and the Defense Department. The idea is to have some surge capacity to respond to big incidents, and the whole goal is to address the talent shortage.

NPR spoke with the Biden administration about its forthcoming executive order. The White House confirmed to us that it’s working on the order but didn’t give a timeline. There is growing pressure on the government to beef up resources in the wake of the SolarWinds breach that was reported late last year. The White House has imposed sanctions on Russia, and the executive order would reportedly create a new agency, similar to the National Transportation Safety Board, that would be able to investigate breaches and cyberattacks and centralize the government’s response.

A recent piece in IndustryWeek quoted a bunch of cybersecurity experts who said what we’ve been hearing for years now: It’s time for the U.S. to get serious about cybersecurity, create a centralized point of contact, make more stringent requirements for companies that contract with the government and beef up regulations around disclosure when security breaches have occurred, so we don’t find out about them weeks and months later while companies try their best to cover their behinds.

All that’s great. But according to Weiss Kaya, we only have 10 more years. And with the pace of government….

The clock is ticking, folks.

The future of this podcast starts with you.

Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.

As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.

Support “Marketplace Tech” in any amount today and become a partner in our mission.

The team

Molly Wood Host
Michael Lipkin Senior Producer
Stephanie Hughes Producer
Daniel Shin Producer
Jesús Alvarado Associate Producer