| 来源类型 | Report |
| 规范类型 | 报告 |
| The Cybersecurity Workforce Gap | |
| William Crumpler; James Andrew Lewis | |
| 发表日期 | 2019-01-29 |
| 出版年 | 2019 |
| 语种 | 英语 |
| 概述 | The CSIS Technology Policy Program examines the gaps in the nation’s cybersecurity education and training landscape$and highlights successful programs that can serve as a model for policymakers$educators$and employers to address the cyber skills gap. |
| 摘要 | Do Cybersecurity Graduates Possess the Skills Employers Need? 10 11 12 MASTERING THE FUNDAMENTALS 13 14 15 16 HANDS-ON EXPERIENCE 17 18 19 20 21 22 23 24 25 26 SOFT SKILLS 27 28 29 30 Exemplars UK CYBER RETRAINING ACADEMY 31 32 CAE-CO 33 34 35 36 37 38 39 40 41 U.S. Cyber Challenge 42 43 44 45 46 47 48 49 Conclusion and Recommendations GOVERNMENT NSA and DHS should raise the eligibility criteria for CAE-CD schools based on the success of the CAE-CO program. New standards should emphasize instruction in computing fundamentals, as well as engagement with hands-on learning experiences. NIST’s National Initiative for Cybersecurity Education (NICE) should bring together educators, employers, and cybersecurity competition providers to work towards standardizing performance measurements across cyber competitions and aligning these challenges with the NICE Cybersecurity Workforce Framework and the job competency model proposed by the Council on Cybersecurity. The UK Cyber Retraining Academy demonstrates the potential of short, intensive training programs to reskill workers to take on critical cybersecurity roles. Policymakers should work to support and expand similar initiatives here in the United States and create incentives for companies to institute similar internal programs for their own employees. EDUCATORS Educators and those who fund them should ensure that cybersecurity curricula include a strong focus on computing fundamentals to help prepare students to take on critical technical roles. Instructors should work to incorporate hands-on learning opportunities like competitions, challenges, and cyber ranges into cybersecurity curricula to build practical skills in students and forge partnerships with local employers to allow students to partake in apprenticeships and internships that will expose them to the cybersecurity work environment. Educators should support the growth of soft skills in cybersecurity students by emphasizing team assignments throughout educational curricula and by developing approaches to teaching and assessment that stress written and verbal communication. EMPLOYERS Companies should build relationships with local educators to communicate critical workforce needs and skills gaps. Improved communication between employers and learning institutions will help align the cybersecurity talent pipeline with the needs of industry. Companies should hire cybersecurity applicants with non-traditional backgrounds—like those graduating from short-term, intensive cyber reskilling programs—as a way to fill critical workforce needs. Organizations should consider establishing internal retraining programs to draw from existing talent pools to fill workforce shortages. This report is made possible by general support to CSIS. No direct sponsorship contributed to this report. This report is produced by the Center for Strategic and International Studies (CSIS), a private, tax- exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s). © 2019 by the Center for Strategic and International Studies. All rights reserved. 1CSIS, Hacking the Skills Shortage (Santa Clara, CA: McAfee, July 2016), https://www.mcafee.com/enterprise/en-us/assets/reports/ rp-hacking-skills-shortage.pdf. 2CyberSeek, “Cybersecurity Supply/Demand Heat Map,” accessed January 4, 2019, https://www.cyberseek.org/heatmap.html. 3Ariha Setalvad, “Demand to fill cybersecurity jobs booming,” Peninsula Press, March 31, 2015, http://peninsulapress. com/2015/03/31/cybersecurity-jobs-growth/. 4Frost & Sullivan, 2017 Global Information Security Workforce Study (2017), https://iamcybersafe.org/wp-content/uploads/2017/06/ europe-gisws-report.pdf. 5Karen Evans and Franklin Reeder, A Human Capital Crisis in Cybersecurity (Washington, DC: CSIS, November 2010), CSIS Commis- sion on Cybersecurity for the 44th Presidency, https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/101111_ Evans_HumanCapital_Web.pdf. 6CSIS, Hacking the Skills Shortage. 7John Carrese et al., Cybersecurity: Labor Market Analysis and Statewide Survey Results (California: California Community Colleges Cen- ters of Excellence for Labor Market Research, June 2018), http://business.ca.gov/Portals/0/Files/CASCADE/cybersecurity-labor%20 market-analysis.pdf. 8Franklin S. Reeder and Katrina Timlin, Recruiting and Retaining Cybersecurity Ninjas (Washington, DC: CSIS, October 2016), https:// csis-prod.s3.amazonaws.com/s3fs-public/publication/161011_Reeder_CyberSecurityNinjas_Web.pdf. 9The U.S. Secretary of Commerce and the U.S. Secretary of Homeland Security, A Report to the President on Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce: Building the Foundation for a More Secure American Future (Washington, DC: May 2018), https://www.nist.gov/sites/default/files/documents/2018/07/24/eo_wf_report_to_potus.pdf. 10Evans and Reeder, A Human Capital Crisis in Cybersecurity. 11ISACA, “State of Cybersecurity 2018 Part 1: Workforce Development,” April 17, 2018, http://www.isaca.org/Knowledge-Center/ Research/Documents/cyber/state-of-cybersecurity-2018-part-1_res_eng_0418.PDF?regnum=458196. 12John Costanzo, Bridging the Cybersecurity Talent Gap in Hampton Roads (Hampton Roads Cybersecurity Education, Workforce, and Economic Development Alliance, July 2017), http://securitybehavior.com/hrcyber/doc/HRCyber%20Mid-Project%20Report. pdf; Ray Lapena, “Survey Says: Soft Skills Highly Valued by Security Team,” Tripwire, October 17, 2017, https://www.tripwire.com/state-of-security/featured/survey-says-soft-skills-highly-valued-security-team/; Arthur Conklin, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure: Workforce Development – Request for Information Response,” August 3, 2017, https:// www.nist.gov/sites/default/files/documents/2017/08/03/university_of_houston_center_for_information_security_research_and_ed- ucation.pdf; Sara Castellanos, “Cybersecurity Requires ‘Insatiable’ Problem-Solving Skills; Technical Skills Can Be Taught,” Wall Street Journal, May 24, 2018, https://blogs.wsj.com/cio/2018/05/24/cybersecurity-requires-insatiable-problem-solving-skills-techni- cal-skills-can-be-taught/. 13George I. Seffers, “National Security Agency Program Fills Critical Cyber Skills Gaps,” Signal Magazine, June 1, 2014, https://www. afcea.org/content/national-security-agency-program-fills-critical-cyber-skills-gaps; Chris Krebs, “Why So Many Top Hackers Hail from Russia,” Krebs on Security, June 22, 2017, https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/; Intelli- gence and National Security Alliance, Cyber Intelligence: Preparing Today’s Talent for Tomorrow’s Threats (Arlington, VA: September 2015), https://www.insaonline.org/wp-content/uploads/2017/04/INSA_Cyber_Intel_PrepTalent.pdf; Workforce Intelligence Network for Southeast Michigan, Cybersecurity Skills Gap Analysis (Michigan: July 2017), https://winintelligence.org/wp-content/uploads/2017/07/ FINAL-Cybersecurity-Skills-Gap-2017-Web-1.pdf; Laura Lee, “Circadence responses to NIST RFI on Cybersecurity workforce education or training,” August 2, 2017, https://www.nist.gov/sites/default/files/documents/2017/08/02/circadence.pdf; 14Steve Sharkey, Drew Morin, and John Hunter, “Comments of T-Mobile USA, Inc.” August 4, 2017, https://www.nist.gov/sites/de- fault/files/documents/2017/08/04/t-mobile.pdf. 15Martin C. Libicki, David Senty, and Julia Pollak, H4ackers Wanted: An Examination of the Cybersecurity Labor Market (RAND, 2014), https://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf; Homeland Security Advisory Council, CyberSkills Task Force Report (Washington, DC: Fall 2012), https://www.dhs.gov/sites/default/files/publications/HSAC%20Cy- berSkills%20Report%20-%20Final_0_0.pdf; Evans and Reeder, A Human Capital Crisis in Cybersecurity. 16CloudPassage, “CloudPassage Study Finds U.S. Universities Failing in Cybersecurity Education,” April 7, 2016, https://www.cloud-passage.com/company/press-releases/cloudpassage-study-finds-u-s-universities-failing-cybersecurity-education/. 17Conklin, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure”; U.S. House Committee on Homeland Security, Challenges of Recruiting and Retaining a Cybersecurity Work Force: Hearing before the Subcommittee on Cybersecurity and Infra- structure Protection, 115th Cong., 1st sess. (September 7, 2017), https://docs.house.gov/meetings/HM/HM08/20170907/106359/HHRG- 115-HM08-Transcript-20170907.pdf; ISACA, “Preparing Cybersecurity Professionals to Make an Impact Today and in the Future,” August 1, 2017, https://www.nist.gov/sites/default/files/documents/2017/08/01/nice_rfi_final_isaca.pdf; Lee, “Circadence responses to NIST RFI on Cybersecurity workforce education or training.” 18CSIS, Hacking the Skills Shortage; ISACA, “State of Cyber Security 2017: Part 1: Current Trends in Workforce Development.” 19Ponemon Institute LLC, 2014 Best Schools for Cybersecurity (Michigan: February 2014), https://www.ponemon.org/local/upload/ file/2014%20Best%20Schools%20Report%20FINAL%202.pdf. 20US Cyber Challenge, “Cybersecurity Workforce RFI,” August 1, 2017, https://www.nist.gov/sites/default/files/docu- ments/2017/08/03/20170801_nist_rfi_comments_us_cyber_challenge.pdf. 20ISACA, “Preparing Cybersecurity Professionals to Make an Impact Today and in the Future.” 22National Initiative for Cybersecurity Education, “Workshop on Cybersecurity Workforce Development: Notes from Panel Discus- sions,” August 2, 2017, https://www.nist.gov/sites/default/files/documents/2017/09/28/chicago_workshop_summary_notes.pdf. 23Michael Prebil, “Teach Cybersecurity with Apprenticeship Instead,” New America, April 14, 2017, https://www.newamerica.org/ education-policy/edcentral/teach-cyber-apprenticeship-instead/. 24David Raymond, “Using Cyber Ranges for Cybersecurity Education,” Virginia Cyber Range, https://csrc.nist.gov/CSRC/media/ Events/Federal-Information-Systems-Security-Educators-As/documents/24.pdf. 25Tim Polk, “Building the Workforce through Cybersecurity Competitions,“ The White House, July 27, 2016, https://obamawhite- house.archives.gov/blog/2016/07/27/building-workforce-through-cybersecurity-competitions. 26Katzcy Consulting, Cybersecurity Games: Building Tomorrow’s Workforce (Reston, VA: April 2017), https://www.nist.gov/sites/de- fault/files/documents/2017/04/24/cyber_games-_building_future_workforce_final_1031a_lr.pdf. 27Ray Lapena, “Survey Says: Soft Skills Highly Valued by Security Team,” Tripwire, October 17, 2017, https://www.tripwire.com/ state-of-security/featured/survey-says-soft-skills-highly-valued-security-team/. 28CSIS, Hacking the Skills Shortage. 29Sarah K. White, “Cybersecurity skills aren’t taught in college,” CIO from IDG, December 13, 2016, https://www.cio.com/arti- cle/3149098/it-skills-training/cybersecurity-skills-aren-t-taught-in-college.html. 30Costanzo, Bridging the cybersecurity talent gap in Hampton Roads; Castellanos, “Cybersecurity Requires ‘Insatiable’ Problem-Solving Skills; Technical Skills Can Be Taught.” 31Eleanor Dallaway, “All You Need to Know about the Cyber Retraining Academy,” Infosecurity Magazine, March 31, 2017, https:// www.infosecurity-magazine.com/news-features/all-you-need-cyber-retraining/. 32Ibid; Nick Ismail, “The Cyber Retraining Academy: training industry-ready cyber professionals,” Information Age, January 24, 2017, https://www.information-age.com/cyber-retraining-academy-123464137/. 33Homeland Security Advisory Council, CyberSkills Task Force Report (Washington, DC: Fall 2012), https://www.dhs.gov/sites/de-fault/files/publications/HSAC%20CyberSkills%20Report%20-%20Final_0_0.pdf; David Wennergren et al., Increasing the Effectiveness of the Federal Role in Cybersecurity Education (Washington, DC: National Academy of Public Administration, August 2015), https://www. napawash.org/uploads/Academy_Studies/Cyber-CAE-Report-FINAL-10-15.pdf. 34Homeland Security Advisory Council, CyberSkills Task Force Report. 35Upasana Gupta, “NSA Launches Cyber Operations Program,” Careers Info Security, June 14, 2012, https://www.careersinfosecurity. com/nsa-launches-cyber-operations-program-a-4860. 36Eamon Javers, “Meet the NSA’s hacker recruiter,” CNBC, October 1, 2014, https://www.cnbc.com/2014/10/01/meet-the-nsas-hack- er-recruiter.html. 37George I. Seffers, “National Security Agency Program Fills Critical Cyber Skills Gaps,” Signal Magazine, June 1, 2014, https://www. afcea.org/content/national-security-agency-program-fills-critical-cyber-skills-gaps. 38National Security Agency, “CAE Requirements and Resources,” https://www.iad.gov/nietp/CAERequirements.cfm. 39National Security Agency, “Criteria for Measurement for CAE in Cyber Operations Fundamental,” https://www.nsa.gov/resources/ students-educators/centers-academic-excellence/cae-co-fundamental/requirements.shtml. 40Ibid. 41Lynne Clark and Heather Eikenberry, “Centers of Academic Excellence in Cybersecurity,” National Cryptologic Schools, 2016, https://www.fbcinc.com/e/nice/presentations/2016/Track_D_Century_C/D-10_Clark_CAE_in_Cybersecurity_Programs_-_NICE_2016. pdf. 42Eric Chabrow, “U.S. Cyber Challenge Seeks to Boost Number of Security Pros,” Bank Info Security, September 16, 2015, https:// www.bankinfosecurity.com/interviews/us-cyber-challenge-seeks-to-boost-number-security-pros-i-2915. 43US Cyber Challenge, “US Cyber Challenge Virginia Tech Summer Camp Schedule,” https://www.cyber.vt.edu/uscc/USCC%20 Camp%20Schedule.pdf. 44National Board of Information Security Examiners, US Cyber Challenge Research (Air Force Research Laboratory, February 2017), http://www.dtic.mil/dtic/tr/fulltext/u2/1027888.pdf. 45Katzcy Consulting, Cybersecurity Games: Building Tomorrow’s Workforce. 46Polk, “Building the Workforce through Cybersecurity Competitions.” 47Homeland Security Advisory Council, CyberSkills Task Force Report. 48Jane Lute, Deirdre Durrance, and Maurice Uenuma, “Mission Critical CyberSecurity Functions: Critical roles with the most tech- nically sophisticated knowledge, skills and abilities for enterprise cybersecurity,” Council on CyberSecurity, February 2014, http://ccs- dev.azurewebsites.net/bcms-media/Files/Download?id=df2894a5-1368-4ff7-838e-a34201036520; M. J. Assante, D. H. Tobey, and T. J. Vanderhorst Jr., “Job Competency Modelling for Critical Roles in Advanced Threat Response and Operational Security Testing,” Council on Cybersecurity, 2014, http://ccs-dev.azurewebsites.net/bcms-media/Files/Download?id=560b7ac8-4ba1-4657-9358-a3420103a069. 49National Board of Information Security Examiners, US Cyber Challenge Research. |
| URL | https://www.csis.org/analysis/cybersecurity-workforce-gap |
| 来源智库 | Center for Strategic and International Studies (United States) |
| 资源类型 | 智库出版物 |
| 条目标识符 | http://119.78.100.153/handle/2XGU8XDN/328024 |
| 推荐引用方式 GB/T 7714 | William Crumpler,James Andrew Lewis. The Cybersecurity Workforce Gap. 2019. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 资源类型 | 版本类型 | 开放类型 | 使用许可 | ||
| 190129_Crumpler_Cybe(126KB) | 智库出版物 | 限制开放 | CC BY-NC-SA | 浏览 | ||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
