For longtime Department of Defense and cybersecurity leader Simone Petrella, the oft-noted gap between open cybersecurity jobs and the available talent to fill them is by no means a new issue.
“There’s been a talent shortage for 15 years,” Petrella told Technical.ly. “It’s just getting more exasperated and worse and worse today, but it’s not a new problem.”
On the hiring side of the desk in her cybersecurity career, Petrella found problems that kept resulting in turnover: Hires from within the cybersecurity field didn’t necessarily work out at a company. Or, she said, she’d bring in entry-level talent and train them to do what the company needed, only to have them leave and go to the bigger companies in a year or two.
In 2016, it led her to start CyberVista, a workforce development company based in Rosslyn, Virginia. The 40-person company, which has made $5 million in revenue, offers a diagnostic assessment among current talent at a company to help employers understand the skills within their employees. Then, it offers an online training program with digital and video modules to help train new or current individuals on the company’s needs. For teams training together, it also has simulations for people to practice what they’ve learned together. The company is a fully-funded subsidiary of Graham Holdings Company.
The offerings of CyberVista are only one solution to the problem, Petrella noted. She said many are looking at the cybersecurity employment shortage from an “ivory tower perspective,” leaving a large gap between what employers need in the workforce and what people are being trained to do.
“I fundamentally think that we have the whole paradigm wrong,” Petrella said. “Employers need to drive the skills that they need for jobs to get done in the workforce, and then they need to not only articulate that to training providers, but they actually need to take responsibility to grow a lot of this talent internally and do so in a deliberate and conscientious way.”
In order for this to happen, according to Petrella, employers need to be investing in training and maintaining talent. Hopefully, that will help the companies have employees with talent tailored to their own company, and help compete with some of the larger conglomerates seeking cybersecurity employees.
“The employers, I don’t care if that’s an agency, I don’t care if it’s a private sector company, they need to actually take ownership of the issue,” Petrella said. “They are currently exacerbating the problem by thinking that they can either poach from each other, or that talent just going to come out of university. There’s just not enough [people], the numbers don’t work, so stop thinking that that’s going to solve the problem.”
Petrella added that she hopes people start thinking about cybersecurity jobs differently, as well. She said there are also a lot of unique positions in cybersecurity beyond monitoring audit logs and data, including, but not limited to, legal, technical coding, architecture and design. Plus, she’d like to see more outside industries trained in cybersecurity, which CyberVista can help with, she said, to help expand protections. Plus, careers like auditors and data protection attorneys need more than a cursory knowledge of cybersecurity to do those those jobs properly.
“Cybersecurity is a much more dynamic and interesting and engaging field than I think the stereotypes lend themselves to,” Petrella said. “…There are just so many different avenues that one could pursue in a career in cybersecurity and they’re incredibly diverse and require people with an equally diverse set of skills to be successful.”-30-