I personally had a great week last week. Trend Micro was very fortunate to participate in and sponsor the National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE) 2018 Conference and Expo and the IBM Cyber Day 4 Girls at Florida International University (FIU). I truly tip my hat to FIU as they truly made both events a huge success. I think we reached an inflection point at this conference because the greatest risk organizations are facing and will continue to face in cybersecurity will be the lack of cybersecurity professionals. Last year it was predicted the shortage of skilled cybersecurity workers would reach 1.8 million by 2022. But unfortunately the skills gap in revised estimates is already nearly three million (2.9m) — with 500,00 of those in North America. In my keynote I outlined that information technology has been growing exponentially while our cybersecurity educational programs have been growing linearly at best. The answer is simple, we in private industry need to partner at a much deeper level on workforce development with academia and industry certification organizations to collaborate, innovate, and educate.
We have been collaborating operationally around cybersecurity problems for more than 30 years starting from the creation of CERT-CC at Carnegie Mellon University in 1988 and the creation of the U.S. Secret Servicet Electronic Crimes Task Force in New York in 1991. In 1998 and 2003, information sharing analysis centers and organizations were created and grew to lead the effort in cyber threat intelligence sharing between government, private industry and academia. Now we need a similar effort to operationalize collaborative efforts around the cyber workforce development. We need to innovate who, what, and how we are teaching cybersecurity skills. We need to develop a pipeline of future cybersecurity professionals starting in middle schools to high schools. We need to take an idea like DevOPs, which is the latest trend in developing near real-time applications and delivers new features and fixes at an exponentially faster rate. The key to its success is the collaborative framework where operators, developers, and testers work together to develop microservices as building blocks to create larger systems. Doing so creates a continuous software development life cycle loop of design, development, and delivery.
Well, you can probably see where I’m going. This can easily be translated to a workforce development model where instead of operators we have private industry and instead of developers we have educators and lastly instead of testers, we have industry testers from certification organizations. With this type of collaboration, we could then design, develop, and test microskills instead of microservices. These microskills would serve as building blocks for the continuous development of the most important software out there and that’s people. Changing the way we educate is critical and having a Cyber Workforce DevOps could take us from linear to exponential growth to close the cybersecurity skills gap.
Towards a safer digital world
At Trend Micro we’ve been collaborating and innovating to protect consumers, SMBs, enterprises and governments from the latest threats for 30 years. But our mission has broadened over these years. Increasingly we’re looking to complement our industry leading threat protection and R&D with outreach to help reduce critical skills shortages and arm families and small business users with the knowledge to keep them safe. Much of this work is carried out by our Trend Micro Initiative for Education (TMIE).
That’s why it was fantastic to extend and solidify our ties with so many universities, non-profits and government organizations as diamond sponsor of the recent National Initiative for Cybersecurity Education (NICE) conference in Florida. With these partnerships, we hope to accelerate our goal of making the world safe for exchanging digital information.
At the direction and leadership of our CEO Eva Chen, we have launched or expanded some of our most successful outreach programs:
Internet Safety for Kids and Families (ISKF): Launched in 2008, ISKF has now reached millions of parents, teachers and young people, thanks to a winning combination of online resources, fun events, passionate volunteers, media outreach, and more. We’ve been able to arm them with vital cybersecurity knowledge and key advice on everything from fake news to cyber-bullying.
Internet Safety for Small Businesses (ISSB): Small businesses make up around 99% of all private enterprises in the US and employ around half of Americans, so it makes sense to ensure they are armed with the right security skills. The ISSB is committed to doing so, especially as smaller firms have fewer resources to spend on the problem and many don’t have a dedicated IT security professional in charge.
Cybersecurity Education for Universities (CEU): Getting to the heart of the skills problem in the US means going back to education, to ensure there’s a steady pipeline of talent coming through. That’s why we work collaboratively with schools on initiatives to train up the educators; ensure curriculums remain relevant amid a fast-changing threat landscape; provide technical seminars and webinars to students; and support joint research projects.
Accelerated Cybersecurity Workforce On-boarding Initiative: Trend Micro has successfully implemented a new hire emersion program for various offices around the globe. In the past three years, Hernan Armbruster, VP Americas Region & Strategic Products has led this major effort and trained hundreds of technical and non-technical cybersecurity professionals from the Americas to the Middle East. Hernan actually shared our successes in a great presentation at the NICE Conference on the Accelerated Cybersecurity Workforce On-boarding Initiative.
Trend Micro also holds nearly 20 Capture The Flag (CTF) competitions worldwide every year to encourage more young people to develop critical cybersecurity skills.
In short, cyber threats will continue to evolve, and so must our ability to respond. Technology is important, of course, but we can’t underestimate the crucial role that people play in cybersecurity. That’s why we’ll continue to reach out to governments, academia and other non-profits to help fulfill our mission of making the world a safer place in which to exchange digital information.
NICE 2018 was a great event and place to cement and forge new relationships and we’re looking forward to working with you all in the future.