EXPEL BLOG

Black Hat USA day 2: Workforce challenges and the so-called cyber “skills gap”

· 2 MIN READ · BROOKE MCCLARY · AUG 11, 2023 · TAGS: Careers / Company news

Kembe Walden, Acting National Cyber Director, Executive Office of the President, opened her fireside keynote on day two of Black Hat USA with an observation: ONCD (the Office of the National Cyber Director) is essentially a startup within the White House—it’s going to take a lot of effort and time to achieve the goals of the National Cybersecurity Strategy Implementation Plan and the National Cyber Workforce and Education Strategy, but the energy (and even funding) is there.

The key, Walden says, is collaboration between the defender community and the government to unite against our common adversaries in a way that hasn’t happened before. Gone are the days of playing “spot the fed” at DEFCON, as Walden hopes to usher in a new age of partnership for these two (historically opposed) sides.

As Jeff Moss, Black Hat founder, noted in his address on day one, the defender community has a rare opportunity to help shape policy that will ensure a more secure future—especially as it pertains to rapid advancements in technologies like generative artificial intelligence (AI), which present a new frontier of risk.

This includes leaning into “security by design,” which is a main component of the Cybersecurity and Infrastructure Security Agency’s (CISA) effort to foster a technological ecosystem of security. In their session, CISA senior technical advisors Bob Lord and Jack Cable reiterated the need to shift the burden of security from those least capable to those best equipped to address and solve problems (i.e., the developers and manufacturers).

Another of the shared challenges affecting both the cybersecurity industry and as a result, national security, is the workforce. According to Walden, there are a few strategic components to tackling this problem in a way that’s sustainable and repeatable.

The first is a focus on resilience, going beyond awareness and moving towards a culture where everyone is digitally literate. It also means considering the pipeline for the next generation of cybersecurity professionals by baking cybersecurity into the early phases of digital literacy and ensuring information is not only accessible, but a teaching and learning priority.

So what does that mean for the jobs that need filling today? Walden believes it’s a matter of not only casting a wider net, but rethinking what that net looks like entirely.

We hear a lot about the cyber “skills gap,” but what if it’s a matter of reimagining how we spot talent? Walden says it’s time to look past the on-paper qualifications that have traditionally defined job requirements and expand our searches to include the skills and character traits that translate well but aren’t always obvious. (BTW, this approach aligns pretty closely with our thinking at Expel. Check out what our co-founder and CEO, Dave Merkel, wrote in Forbes to see what we mean.)

We heard on day one that disruptive technologies, such as AI, aren’t going to take jobs from cybersecurity pros, but they will require us to evolve, to develop new skills, and to remain curious about the challenges that lay ahead. As a community, we can apply that same thinking to our applicant pools—widening the search to include those with transferable skills and a desire to learn.

That’s a wrap on Black Hat USA 2023. We can’t wait to take the lessons learned and relationships built on the show floor and in the briefing rooms back with us as we continue to fight the good fight, and protect our customers with security that makes sense.