Security Workforce: A Report CardProf. Diana Burley on Skills Needed to Grow the Field
Burley is an educator by profession. In fact, she was just named Cybersecurity Educator of the Year by the Colloquium for Information Systems Security Education. So, it is natural to ask her to assign a letter grade to the state of today's IT security workforce.
Burley gives high marks to the pros working in the security trenches. But for those in business, government agencies and education who are trying to address the global IT security workforce crisis, she is less generous. "We have a lot of work to do in getting us up to speed," she says.
Why does the security industry struggle so much with the workforce challenge?
"One of the things we have to focus on is that this is not solely a technical endeavor," Burley says. "Technical skills are certainly a requirement for many of the jobs within this field. But we also need individuals who understand the business, who understand the risk and are able to conduct risk analyses, who understand how to communicate effectively with different audiences."
Training such multi-disciplined people is one issue. But it also is a daunting task to find organizations that can bridge their own silos and find a place for refined security professionals.
Source of Frustration
What frustrates Burley most in her efforts to address the workforce crisis?
"Time," she says. "It takes an incredible amount of time to educate people, and that can be very frustrating because we do want people to get into the workplace right now."
Communication is also a frustration. "We talk past each other quite a bit," Burley says, referring to government, business and academia. "Everyone is trying so hard to solve the problem ... that it's very difficult to take a moment and understand the perspective of the other sectors, so that we can figure out how to best leverage each other and work more efficiently."
In an interview about the state of the IT security workforce, Burley discusses:
- Her assessment of today's workforce and its readiness to protect critical infrastructure;
- New insights on professionalizing the workforce;
- What it will take to attract the right people to the field.
Burley is a professor of human and organizational learning within the Graduate School of Education and Human Development at The George Washington University. She has spent more than 15 years as a researcher and professor designing and evaluating computing education programs to build the IT workforce. She co-chaired the 2013 National Research Council report on professionalizing the nation's cybersecurity workforce, has been twice appointed (2012, 2013) to the Virginia General Assembly JCOTS Cyber Security Advisory Committee, directed the NSF Cyber Corps program, and has been honored by the Federal CIO Council. Burley also was named to the CareersInfoSecurity list of 2014 Influencers.