Mind This Gap: Criminal Hacking and the Global Cybersecurity Skills Shortage, a Critical Analysis

"This paper addresses a number of increasingly urgent questions about the defence of information systems against criminal hackers, the fi rst of which is this: can the world produce enough appropriately skilled human defenders of digital systems to defeat the humans who seek to compromise such systems for nefarious purposes? Multiple studies suggest that a signifi cant ‘cybersecurity skills gap’ currently exists and is hampering efforts to defend information systems against criminal hackers. Based on this assumption, many countries are scrambling to increase the supply of cyber-skilled humans capable of making a worthwhile contribution to the defence of the digital infrastructure on which so many economies now depend. Massive education and recruitment efforts are being funded in numerous countries to attract more people to the profession. The success of these efforts is predicated on the assumption there will be an adequate supply of willing entrants who possess the necessary traits and abilities to become effective cybersecurity professionals. In other words, it is assumed that a wide range of people can be trained to become effective cybersecurity professionals, and that enough of them will want to do so. In questioning that assumption, this paper provides a critical review of existing efforts to assess cyber-aptitude and ability, and considers the results of a number of experimental fast-track cybersecurity training programmes. The challenge of recruiting and retaining participants in a profession that can be both highly demanding and lacking in some traditional forms of job satisfaction is also discussed. To address the problems raised, the paper presents several positive scenarios for consideration in the areas of technology, economics and governance."