Cybersecurity Report Recommends Path to Professional Standards in Cybersecurity Industry
A nationally recognized, professional association deemed critical to standards, status, and successful efforts to secure the nation’s infrastructure
NEWPORT, R.I. – In a new study released today by the Pell Center at Salve Regina University, fellow Francesca Spidalieri and Lt. Colonel Sean Kern, USAF, call for the creation of a professional association to address shortcoming in the cybersecurity industry. In an era of countless studies identifying skills gaps and expanding opportunities for qualified individuals, this study charts a path to professionalizing the field. The key element of the proposal is the creation of a professional association for the cybersecurity industry.
“There is a widening gap between the supply and demand of qualified cybersecurity professionals,” said Spidalieri. “As schools and training institutes proliferate to meet that need, basic standards are needed to assure that someone claiming special skills actually has them. Fortunately, there are analogues in medicine—the American Medical Association—and law—the American Bar Association—that demonstrate sound models for professionalizing the cybersecurity workforce.”
“Achieving cybersecurity is far more than a technical problem: it is fundamentally a people problem,” said Kern. “And since cybersecurity is a people problem, there must be a people solution. This requires developing an overarching organizational framework to develop, manage, and oversee the training, education, certification, and continuous professional development of a qualified cybersecurity workforce along a career continuum, and to guide leaders across society in harnessing the right people with the right knowledge, skills, and abilities to the right challenges in a rapidly-evolving environment.”
The study is part of the Cyber Leadership Project at the Pell Center and follows previous reports that explored the failing of America’s most prestigious civilian and military graduate programs to educate their students—and ultimately the nation—for an era of persistent cyber threat.
“The U.S. is clearly struggling to develop and sustain the talent needed to meet the wide variety of cyber threats we face,” said Jim Ludes, Pell Center Executive Director. “The need for a cadre of cyber-strategic leaders and a knowledgeable and experienced cyber workforce has never been greater, yet their present capabilities lag behind the current threat.”
“Unfortunately,” noted Spidalieri, “the cybersecurity industry in this country is highly fragmented and characterized by a fog of competing requirements, disjointed development programs, conflicting definitions of security roles and functions, and many different competing and often confusing commercial certifications. In short, the present reality is inadequate to address the threat at hand.”
Spidalieri and Kern’s proposed alternative to today’s decentralized approach to cybersecurity workforce development is to create a national professional association in cybersecurity to solidify the field as a profession, to support individuals engaged in it, to establish professional standards and prescribe education and training, and, finally, to support the public good. A nationally recognized independent professional association would serve as a clearinghouse for the cybersecurity profession and a focal point for education, training, communication, participation, facilitation, support, and negotiation within the cybersecurity workforce. Additional member professional associations could then act as representatives of each cybersecurity specialty, similar to how the American Medical Association (AMA) has a professional association for each medical specialty.
“Cyber attacks on both public and private entities are becoming increasingly common, and estimates of the value lost through cyber crime targeting intellectual property run into the hundreds of billions of dollars each year,” said Congressman Jim Langevin, who serves on the House Armed Services and House Select Intelligence Committees, and is the ranking Democratic member of the Subcommittee on Intelligence, Emerging Threats and Capabilities. “We currently face a critical shortage of cybersecurity professionals. In order to successfully combat cyber crime and cyber terrorism, we must not only improve our standards of cyber protection, but also develop a workforce of highly skilled individuals for this emerging field. That will take a serious commitment to recruitment, training and education efforts in the cyber disciplines, and I applaud the Pell Center for its continued focus on improving cybersecurity.”
“We do not consider this study as providing a final solution to the shortage of an advanced cybersecurity workforce, and we recognize that the professionalization process would unfold over the course of several years and would involve many different stakeholders,” Kern said. “But we hope that this work catalyzes additional research and efforts to unify this complex ecosystem under a common purpose, seek ways to mobilize commitment to change, develop a shared vision, foster consensus, and institutionalize a commonly accepted approach.”
The full report, “Professionalization of Cybersecurity” is available to download here.