Pell study calls for professional cybersecurity association
IN A NEW STUDY released Monday, Pell Center Fellow Francesca Spidalieri and Lt. Col. Sean Kern of National Defense University said the cybersecurity industry would benefit from a professional association to organize training and address a widening skill gap.
COURTESY THE PELL CENTER AT SALVE REGINA UNIVERSITY
NEWPORT – A professional association in cybersecurity should be established to standardize training for a growing but still limited cybersecurity workforce, according to a new study by The Pell Center at Salve Regina University.
The study, released Monday morning, identifies an “acute” gap between market demand and supply for professionals in the field, a gap the study found is expected to grow over the next five years at an annual rate of 11.3 percent. A professional association could help measure training, education and experience, the study stated.
Referencing this “widening gap,” Francesca Spidalieri, one of the report’s authors, said that “basic standards are needed to assure that someone claiming special skills actually has them.”
Counterparts in other fields – like the American Medical Association and American Bar Association – could be models for professionalizing the industry, she added.
Spidalieri is cyber leadership fellow at the Pell Center for International Relations and Public Policy at Salve Regina. Co-author Lt. Col. Sean Kern is a cyperspace operations officer assigned to the Joint Advanced Warfighting School, Joint Forces Staff College at National Defense University.
In a disclaimer, Kern and Spidalieri said the opinions in the study do not reflect those of the United States government or the U.S. Department of Defense.
The report documented a “persistent” threat to cybersecurity by a “spectrum of hackers, criminals, terrorists, state and non-state actors,” and also identified a shortage of cyber talents accompanied by an expansion of technology innovations in Web, mobile, cloud technology, social media, and the Internet of Things that the authors believe are “introducing new vulnerabilities and increasing companies’ exploitable attack surfaces.”
Spidalieri argued in the report that today’s cybersecurity industry is “inadequate to address the threat at hand.”
She characterized the industry as “highly fragmented and characterized by a fog of competing requirements, disjointed development programs, conflicting definitions of security roles and functions, and many different competing and often confusing commercial certifications.”
A professional organization could serve as a clearinghouse for the profession and a “focal point” for education, training, communication and other forms of support within the workforce, Kern and Spidalieri said.
The evolution of such a group could take “several years” and involve a variety of stakeholders, Kern added.
“We hope this work catalyzes additional research and efforts to unify this complex ecosystem under a common purpose,” he said.