The lack of “cyber human capital” has prompted a new focus on cybersecurity educational opportunities as colleges and universities and businesses seek to develop the right curriculum for a profession that requires a skill set that incorporates technical knowledge, risk assessment capabilities and data analytics.
Human Capital
Panelists at a recent cybersecurity conference hosted by the University of Massachusetts at Boston and the Business Higher Education Forum painted a picture of a workforce in dire need of employees ready to fight against cyber threats that evolve in sophistication every day.
Ronald E. Plesco, Jr., principal and national lead for cyber investigations, intelligence and analytics at KPMG, noted that the existing technology is not good enough and there are not enough people to keep up with the “ever-changing threat picture” his clients face.
“We can’t stay on top of the threat as a nation. I’ve had 16 positions open for the last year. We’ve tried to fill those and we cannot fill those,” said Plesco. Added obstacle includes cybersecurity courses that don’t offer practical experience to students interested in the field.
“Folks are learning theory. They’re not learning how to practice the theory,” he said. “We really need to fill that void. The men and women we’re hiring don’t really understand business operation and business impact.”
“I’ve given up trying to find people with 30 years of security experience and experience in asset management. Those people don’t exist,” said Chris Perretta, executive vice president and chief information officer for State Street Corporation.
Despite the dependence on technology, panelists agreed cybersecurity requires a more personal touch.
“There’s still so much human need in technology,” said Janet Levesque, chief information security officer for RSA, EMC. “You still need a human to take a look at it and determine the impact on the business. They can point to a problem, but then they need to be able to distill it in a way that it can become actual in a business way.”
What to Teach
Kumble Subbaswamy, chancellor of UMass Amherst and head of a new initiative to develop a cybersecurity education program for the university system, cited the frustrations of educators in determining the right course. If businesses want trained professionals, they have to nail down the need.
“The clarity of what training we need to provide is clear as mud,” he said. “This is going to have to be an ongoing dialogue.”
John O’Connor, executive vice president of corporate risk and security at Fidelity Investments, stated, “I think companies are looking for a medley of qualifications. We need people to think and know what they’re looking for before they dig into this big data.”
Perretta said that organizations frequently seek employees with the right sort of skills that will let them grow with the business.
“You hire people for how they learn, not what they know,” he said. “We need sharp security people, but we also need systems people.”
Cybersecurity is fast becoming a field that touches every part of an organization – professionals need to take a systemic approach.
“You’re never going to find them in a world where you’re constraining it to financial services,” Perretta said.
Bill Swanson, moderator of the panel and former chairman, president and CEO of Raytheon, noted, “Fundamental to cyber field is a thirst for learning. It changes so much, you have to have an inquisitive side.”
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
