OPM Attack should put HR Managers on Notice

HR Managers alarmed by OPM attack

Technology has become so engrained and vital to our everyday lives, but with each new data breach, we’re reminded of the price we pay for its access and convenience.

The recent breach of federal government data at the Office of Personnel Management (OPM) is a prime example of the breadth of the cyber threat. When we think of the federal government and the need for cybersecurity, we naturally think of National Security Agency (NSA), National Institute of Standards and Technology (NIST), or the Federal Bureau of Investigation (FBI), but not OPM. And, yet, with this breach sensitive information for nearly four million current and former federal workers from nearly every government agency has been exposed. This demonstrates the proliferation of cyber threats, both privately and publicly, and the need for more cyber personnel to respond to this growing threat.

Over the last few years, security breaches have become all too normal – inevitable even. In 2013, close to 20 major retailers and financial institutions were targeted, while the FBI reports almost300,000 cyber-crimes that same year. In total, these breaches caused more than $525 million in losses.

The solution has been to revisit internal safeguards, analyze where and how the breach happened, and create new ways to prevent it from happening again. This conversation approaches the prevention of cyber attacks by creating and adhering to best practices and tougher security protocols. What this conversation lacks, however, is commentary about the overwhelming imbalance of qualified individuals to address these threats. Quite simply, there aren’t enough people to create secure environments across both public and private sectors.

In the last few years, we’ve seen the need for cyber security talent skyrocket. In the DC Region alone there’s been a 35% increase in cyber security job postings with over 23,000 job openings in the region during 2013 and more than 200,000 positions nationally. Today, cyber security jobs make up 10% of all IT positions. The process of filling open positions has become unbearably lengthy, taking roughly 24% longer to fill than any other IT posting and 36% longer than job openings in other industries.  Far worse, however, is that nearly half of cyber professionals find it difficult to appropriately identify the skill level of candidates, especially in entry-level positions.

With such a shortage of qualified talent, one can see how it’s becoming increasingly difficult to detect and mitigate cyber threats. There’s a clear and urgent need for qualified and skilled cyber security workers. What if we could accelerate the number of viable candidates in the workforce, even if only at the entry level? This is the new conversation we should be having: how we can quickly and effectively prepare an eager workforce with the skills to meet the demands of both private and public sectors.

First, we need to realistically identify the skills needed by cyber security personnel to mitigate future breaches. By reworking tired job descriptions into actionable skills, employers can better articulate exactly what they’re looking for when they recruit and identify talent. The government has built important frameworks like National Initiative for Cybersecurity Education (NICE) and National Initiative for Cybersecurity Careers and Studies (NICCS) to start this process, but we still need the engagement of employers to validate the skills required for cyber security jobs in order to make these frameworks the most effective.

Second, we need a mechanism that allows individuals to demonstrate and understand how the skills they’ve developed from their work and other life experiences may prepare them for the cyber industry. Once they know how their skills translate into cyber, they can identify areas of growth by comparing their skills to what’s actually needed, and clearly identifying which skills or certifications they’re lacking.

Third, we need to highlight where individuals can develop the particular skills they may be lacking. Cyber security professionals have stated with increasing clarity that they’re looking for individuals with the skills needed to perform specialized tasks, but are less concerned with whether those skills were acquired through traditional education. As such, the cyber field – in part because of the prevalence and value of certifications – accepts and supports many avenues into the field. Accordingly, we need to identify the specific skills that traditional or non-traditional programs provide, so students can pursue the programs that develop the skills they need for success.

These three components must work together to quickly create and capture talent and build a pipeline that helps both private and public sectors thrive in combatting cyber threats. SkillSmart was designed to evolve the way employers and individuals interact by connecting them through their shared skills. Applying this model to cyber security could be the powerful tool needed to secure our data.

Learn More

SkillSmart Partner Spotlight featuring Northern Virginia Community College

Partnership between skillsmart and northern virginia community college

As a founding member of the National Capital Region Cyber Security Task Force (NCR Task Force), we’ve partnered with other organizations similarly passionate about solving for data and cyber security. The NCR Task Force is focused on creating viable solutions that will generate a talented pipeline for the 20K+ cyber security jobs in the DC Metro Region, the model for which we’re hoping can be expanded nationwide to accommodate the estimated 200K+ vacancies.

We sat down with Charles Britt, co-chair of the NCR Task Force and Manager, STEM Education Outreach for Northern Virginia Community College to talk about how we can combat the gap in qualified cyber personnel. His valuable insights have been gained over a long-standing career supporting the US Intelligence Community and serving as an education advocate.

In 2014 Charles was awarded the Bruce Oliver Leadership Award by the Fairfax County Government for his work in developing SySTEMic Solutions, a program designed to create a sustainable STEM pipeline in Northern Virginia. This year he was the inaugural recipient of thePublic Sector Innovator of the Year award by the Fairfax County Chamber of Commerce for developing a partnership between the the County’s Department of Neighborhood and Community Services and Office of Public Private Partnerships to bring a VEX robotics program to 10 Intel Computer Clubhouses within high poverty communities across the county.


SkillSmart (SS): Can you explain what the NCR Cyber Security Task Force is and why you felt it necessary to help found it?  

Charles Britt (CB): The NCR Cyber Security Task Force is a group of subject matter experts from workforce development, government, industry, and higher education who have come together to examine the cybersecurity workforce needs in the NCR and propose viable career pathways through skills based training for individuals with little to no direct experience. The task force was borne out of the growing need to provide employers, workforce development organizations, and institutions of higher education with a blueprint for mapping their training to specific industry credentialing and career pathways that lead to employment in cyber security-related positions in the region.

(SS): In your opinion, what’s the great opportunity and greatest threat with cyber security right now? 

(CB): The greatest opportunity is the creation of jobs required to secure networks and systems across all industries. Similarly, the greatest threat is the lack of qualified candidates with the skills and knowledge to work in all of the industries.

(SS): How have you seen the threats and opportunities with cyber security evolve through your career?

(CB): Both threats and opportunities have grown in breadth and depth over the last 10 years. I feel the biggest threat continues to be state-sponsored terrorism against our financial industry. We’ve seen large-scale attacks against Sony, Target, and others in recent years grow even more in scale. Following these high-profile attacks, the opportunities for advancements in cyber security had to evolve, and quickly. Now both public and private industries recognize the importance of cyber security and are actively engaged in thoughtful conversations about the knowledge – and skills – needed to fill existing jobs and create new jobs in the cyber security arena.

(SS): In your experience, what makes students actively seek out and enroll in cybersecurity, what’s the draw?

(CB): Although not totally realistic, the biggest draw by far for students is the idea of becoming a hacker, lurking in the background stealing money and government secrets like the actors portrayed on television. However, once they’re enrolled in a program, they understand the vast scope of cyber security and how they can ethically transition their abilities as a “hacker” for greater purpose and good, and work to outsmart the hackers. That keeps them engaged.

(SS): For those who don’t actively seek out or haven’t considered a career in cyber security, what do you think is the most misunderstood aspect of cyber security that influences people entering the field?

(CB): The idea that you have to be an “expert” in the field. The cyber security and information assurance domain is so large that no one individual is expected to be an expert in every area such as hardware, software, physical security, disaster recovery, etc. Individuals must hone in on the fields they feel most comfortable learning and growing in, understanding each area requires a slightly different set of skills, abilities, certifications, and educational attainment.

(SS): At what age should we start introducing career opportunities to our youth? How do they identify this is something of interest and how can we expose them early enough to create a pipeline of skills training and qualified talent?

(CB): The first step to introducing youth to career opportunities begins with parents and teachers helping children understand their unique talents and interests as early as kindergarten and continuing through the primary grade levels. Then, starting in middle school, we should be talking to students about different career choices by using career profiles to align their interests to one or more of the 16 career clusters.

(SS): What do you find the greatest challenge of engaging the students you interact with? If you could see a change within education that could have the greatest impact on creating more qualified talent, what would it be?  

(CB): The greatest challenge I find with engaging students is getting them to understand the importance of workplace concepts and practices such as time management, critical thinking, and ethics. Increased teacher professional development and decreased reliance on standardized testing would have a tremendous impact on the quality of talent emerging from the public education system.

(SS): From your perspective, what are the biggest challenges to ensuring students are career-ready?  

(CB): The biggest challenge is the lack of opportunities for students to gain real-world experience by working in a professional environment coupled with the lack of teacher exposure in industry workplaces.

(SS): How do you think SkillSmart can play a role in advancing the skills of our workforce to meet the demands of employers?

(CB): SkillSmart can play a pivotal role in helping employers better define their talent needs which in turn helps prospective employees not only determine their suitability for a position but also where and how to gain the additional skills and knowledge to become a fully qualified candidate. This model encourages individuals to seek advanced skills and attain them from the most appropriate provider in their geographical area.

Learn More