Stephen Scharf, DTCC Managing Director and Chief Security Officer
One of the biggest challenges as a Chief Security Officer is finding people with the unique skills that are necessary to fight the growing threat of cyberattack. In fact, the cyber industry is one of the few in the world today that has negative employment – that is, there are more jobs than people who can fill them. A recent study conducted by Frost & Sullivan and ISC2 forecasts the negative unemployment will only grow worse. The “2017 Global Information Security Workforce Study: Women in Cybersecurity,” projects that the gap between cyber professionals and unfilled positions will expand to 1.8 million globally by 2022.
This trend is all the more concerning because cyber risk remains one of the biggest perceived threats to the safety, resiliency and stability of the global financial system for, at least, the last five years, according to DTCC Systemic Risk Barometer study, which measures and tracks risk trends among financial institutions globally. Some would also argue that cyber attacks are increasing in severity and frequency, but it could also be that organizations are being more transparent about their vulnerabilities than in the past.
The deficit in cybersecurity talent today is attributable to the rate at which governments, businesses and people have increased their digital footprint in the last decade and the rapid change in technology. And as the digital revolution continues, we must work together across the industry to ensure we are training and preparing the next generation of cyber experts.
Gender Diversity in Cybersecurity
One of the primary areas of focus will be on attracting, recruiting and retaining women, who are grossly underrepresented in the cybersecurity profession today. According to the study I mentioned earlier, women held only around 11% of positions in the cybersecurity industry globally. What is more, women in cybersecurity earned less than men at every level, and 51% “experienced various forms of discrimination,” according to the survey. It’s clear the industry must do more to encourage women to pursue cybersecurity as a profession and to decrease pay inequality and discrimination. Further, countless studies find that teams with more gender diversity outperform those dominated by one gender. By incorporating a variety of backgrounds, strengths and personalities, teams can better innovate and problem solve. Unfortunately, the supply and demand problem in cybersecurity will never be fixed if half the population isn’t being encouraged and/or considered for the roles.
Preparing for the Future
How can the cybersecurity industry encourage a larger and more diverse group of individuals to pursue cybersecurity as a profession? The industry is taking steps to close the employment gap. For example, according to Glassdoor, the average salary for a cyber security analyst is $83,314, not including additional cash incentives. The job pays well since these roles are in high demand, which helps to incentivize those considering the profession.
"Unfortunately, the supply and demand problem in cybersecurity will never be fixed if half the population isn’t being encouraged and/or considered for the roles."
An increasing number of organizations, including DTCC, are also providing internal training for those who don’t have experience. In fact, my own educational background was not in technology or cyber security – I majored in History. After deciding not to go to law school, my first job out of college was selling software, but I realized quickly I was more interested in how the software worked than selling it and that’s how I got started down this path. My 25-year career in technology and security is a good example of how skills can be taught on the job.
In recent years, cybersecurity programs are becoming more prevalent at the collegiate level; however, more could be done even earlier. Most high schools teach a generic computer science class, but few go into detail about cybersecurity. If the cybersecurity field was introduced in high school, then it might encourage more students to pursue this exciting and important profession.
Sharing Insights to Advance STEM Education
Toward that end, we are seeing an increased emphasis in recent years on science, technology, engineering and mathematics (STEM) programs aimed at young women.
For example, at DTCC we’re partnering with the NYU Tandon School of Engineering to sponsor its Computer Science for Cyber Security (CS4CS) summer program – a free, three-week intensive introduction to computer science and cybersecurity for high school girls. We’re excited to help young women take this important step in building their knowledge and experience on leading edge issues like digital forensics, steganography, “white-hat” hacking, and cryptography. This initiative builds on the volunteerism of our employees, who have been serving as guest speakers at NYU for several years to share their insights on subjects like operational risk in cyber security and managing cyber risk across the enterprise.
Another way to promote STEM education is through associations like the Information Systems Security Association (ISSA) and the Financial Services Information Sharing and Analysis Center (FS-ISAC). They do an outstanding job of training future cyber leaders through mentorship programs, scholarships and outreach efforts aimed at increasing the supply and diversity of professionals.
While the various sponsorships, training programs and outreach we participate in for cybersecurity is meaningful, the job shortage and diversity issue is an industry-wide challenge and will take a coordinated industry-wide effort to solve. By working together, we can encourage a larger and more diverse group of people to join the cybersecurity profession, helping to protect financial markets and tackle the new challenges that will inevitably arise in a world of constant innovation and change.
About the Author