The daily lives of Americans are increasingly dependent on cyber infrastructure. Personal data, medical records, and banking information are a few examples of critical information that is stored electronically, and the security of that data depends on both the capacity and capability of the cybersecurity workforce.
There are indications that the need for cybersecurity workers will continue to rise, but the rapidly evolving nature of the field leaves open the question of what types of jobs those will be and what abilities will be necessary to do them. Cybersecurity encompasses a wide variety of occupations in both the public and private sectors, and the skills required for each job range from technical expertise to behavioral and management aspects.
Right now, there is an insufficient number of highly trained individuals across the broad spectrum of cybersecurity occupations. Professionalization of certain occupations could help enhance workforce quality, much as medical and law schools prepare students to become doctors and lawyers. It could even attract workers by creating formal pathways into the field. But professionalization measures come with tradeoffs that should be weighed carefully before being implemented.
For example, certification or formal education programs could provide a way for hiring managers to vet candidates and hire those with the necessary skills, but they could also prevent the hiring of candidates who have gained skills in less conventional ways yet possess the type of creative and innovative thinking needed at a time when technologies, threats, and defensive measures are constantly evolving.
A National Research Council report identifies the tradeoffs that come with professionalization and lays out a set of criteria for decision makers to determine when and how to professionalize a given occupation within the workforce. It says that an occupation should have defined and stable characteristics, and should also have a clear deficiency that can be remedied directly through an appropriate professionalization measure. Cybersecurity is too broad and diverse to consider professionalizing the field’s range of occupations in the same way at the same time.
-- Lauren Rugani
Professionalizing the Nation's Cybersecurity Workforce: Criteria for Decision-Making. Committee on Professionalizing the Nation's Cybersecurity Workforce: Criteria for Future Decision-Making, Computer Science and Telecommunications Board, Division on Engineering and Physical Sciences (2013, 66 pp.; ISBN 978-0-309-29104-6; available from National Academies Press, tel. 1-800-624-6242; $34.00 plus $5.00 shipping for single copies).
The study was co-chaired by Diana L. Burley, associate professor of human and organizational learning at the George Washington University in Washington, D.C., and Seymour E. Goodman, professor of international affairs and computing at Georgia Institute of Technology in Atlanta. The study was funded by the U.S. Department of Homeland Security.