BLOG: US Government Claim on Cybersecurity Shortage Doesn't Hold Up

BLOG: US Government Claim on Cybersecurity Shortage Doesn't Hold Up
The US government's claim that no shortage of cybersecurity professionals exists doesn't hold water.

The growing threat that cybersecurity poses to industries such as oil and gas has raised the question of whether enough skilled cybersecurity professionals are available to meet demand. In the oil and gas industry, cybersecurity professionals are one of five jobs expected to grow as oil and gas companies address cyberthreats.

Karen Boman
Karen Boman, Senior Editor, Rigzone
Senior Editor, Rigzone

However, the U.S. government says that shortage is a myth.

Reporting on the success of its July 2016 cybersecurity hiring event, the U.S. Department of Homeland Security (DHS) refuted the belief that not a lot of cyber talent is available for hire. In a Nov. 21 blog post, DHS reported about how more than 14,000 people applied for positions with DHS, with more than 2,000 people walking in to apply. Not all of these applicants were qualified, Angela Bailey, DHS’s chief human capital officer, said in the blog. But the agency continues to hire from “the wealth of talent” made available as a result of the hiring event.

The government’s pronouncement goes against what I’ve heard about the shortage of cybersecurity professionals, not only in oil and gas, but other business sectors as well.

The deficit of cybersecurity talent is a challenge for every industry sector, and the lack of trained personnel “exacerbates the already difficult task of managing cybersecurity risks,” according to the Center for Strategic and International Studies’ July 2016 report "Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills".

The study focused on total cybersecurity spending, education programs, employer dynamics and public policies in the United States, Australia, France, Germany, Israel, Japan, Mexico and the United Kingdom. According to the report, one to two million global cybersecurity workforce positions are expected to be unfilled by 2019, Last year, approximately 209,000 cybersecurity jobs went unfilled in the United States alone.

The study found that:

  • 82 percent of respondents reported a shortage of cybersecurity skills
  • 71 percent said this shortage of cybersecurity skills does direct and measurable damage
  • 53 percent said the cybersecurity skills shortage is worse than talent deficits in other IT professions

David Deering, founder of LEO Cyber Security, told me that the U.S. government report “is somewhat of an apples and oranges scenario”.

“What we observe in terms of cybersecurity employment is more of a “skills gap” as opposed to a number of applicants,” Deering said. “These findings fly in the face of what I’ve experienced firsthand or from highly – informed sources, including security execs, security program managers, security services providers, security vendors and any number of hiring managers.”

Many of the government posts being referenced are more commoditized positions that focused on basic security or compliance measures, Deering explained. They are not dealing with the latest threats, nor are they equipped to address them.

“In short, there are plenty of IT people who try to position themselves as cybersecurity experts, but lack the acumen and experience to tackle sophisticated attacks that plague enterprises across industries and verticals. The skills gap is very real, and it’s widening,” Deering explained.

Oil and gas companies looking to thwart cyberattacks have plenty of technologies, tools and physical resources to choose from today. But not enough qualified cybersecurity professionals are available to manage these tools, Thomas Moore, advisor with LEO, said. Even when companies do have good people, these workers are difficult to keep as higher salaries lure them away. Alex Philips, a LEO co-founder and chief information officer with National Oilwell Varco, told me that manpower is the hardest component to find. Either people aren’t qualified, or they’re so expensive a company can’t afford them.

“Technology alone can’t solve all the problems – it takes products, policies, compliance and people to tie an effective cybersecurity solution altogether,” Philips commented.

To conclude, these insights and my own experience covering the oil and gas industry lead me to believe that the skills gap in cybersecurity is real. This problem won’t be solved overnight either. If you’re looking for a new job in 2017, this could represent a great opportunity.


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.