2021 was a thrilling roller coaster of peaks, dips, twists and turns for cyber professionals across the United States in both the public sector and private industries. As the new year has begun, the US government and critical infrastructure sectors are seeing a steady stream of attacks, often involving Zero-Day strikes and relentless exploitation of vulnerabilities. This includes the recently discovered Log4j vulnerability and ranges from simple to complex compromises. From ransomware attacks to White House Executive Orders to protecting grids and pipelines, the focus on cybersecurity has never been greater.
Throughout 2021, ISACA worked with the US Administration and Congress on policies to improve opportunities for people in the cybersecurity profession within the federal government and private sector – as well as to attract more people to the profession. A number of these efforts have been included in the Biden Administration’s Executive Orders and in legislation that is pending in Congress. As we enter 2022 we will continue to assist the governments all over the globe as they prioritize cybersecurity.
As has been widely reported, there are ongoing discussions on the tools and strategies needed to better align the talent demand and available pipeline around cybersecurity. In a speech on 25 August 2021, President Biden directly addressed the need for building a strong cybersecurity workforce, stating, “Our skilled cybersecurity workforce has not grown fast enough to keep pace. We’re about — the estimates many of you have given us and we’ve concluded are — on our own — about half a million cybersecurity jobs remain unfilled. That’s a challenge, but it also is a real opportunity.… This a priority for my administration from the outset.”
The issues ISACA cares about are firmly cemented in the concerns of the Administration. We continue to seek robust engagement with the newly installed National Cyber Director, Chris Inglis, who is leading the President’s effort on the cyber workforce. In a letter to Inglis, ISACA CEO David Samuelson described how ISACA products can bolster the US’s cyber capabilities and “capture immediate success in both resilience and bridging the public-private divide.”
Congress is investing significant sums to build the cyber workforce of the future. There are several legislative initiatives pending that would fund workforce development within the US government itself – including talent exchanges with the private sector, internships, and new apprenticeships – plus a cyber reserve corps that can be on-call to support the federal government in a time of need.
Efforts to bolster professional training and competence should exist on a spectrum. The government cyber leadership is engaged in an effort to upskill across the board using a tiered approach to cyber intelligence where all need a requisite baseline of knowledge, some need to have greater technical or strategic skills, and a few need advanced cybersecurity expertise to defend networks and systems. The diversity of needs continues to grow across physical systems in the operational technology (OT) space, traditional IT, ransomware, threat and vulnerability sharing/analytics, and the associated business disciplines to align cybermaturity objectives to strategy, risk and budgets.
We continue to work with the US Congress (and governments around the world) on efforts – particularly those related to competitiveness and education – to support initiatives that would build computer science in school and cyber education platforms for students, enhancing the baseline of sophistication and awareness of individuals across the country. These cyber fundamentals are also becoming a bigger priority for federal, state, and local governments, with cyber literacy playing an important new role in training and development efforts.
The landscape and level of attention around cybersecurity has rarely received this level of national attention – providing many opportunities for ISACA and its members to take the lead. We are ready!