The time is ripe for industry and government stakeholders to consider professionalizing cybersecurity, according to a report from Salve Regina University's Pell Center for International Relations and Public Policy ( download PDF).
Demand for cybersecurity skills is increasing exponentially, but the educational, training and certification processes to prep people for careers in the field continue to be highly decentralized, ad hoc and non-standard.
"We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer codes" and create the tools needed to prevent, detect and mitigate attacks and system failures, the study said.
Too many organizations lack the right skills for building and managing secure infrastructures and for dealing with attacks. And those wishing to pursue careers in cybersecurity as a career, have few clearly defined roles and career paths, the authors of study noted.
"There remains a noticeable mismatch between [the] burgeoning demand for cybersecurity talents and the efforts under way to develop professionals who can build and manage secure, reliable digital infrastructures," they wrote.
The Pell study calls for the creation of a nationally recognized association to set professional standards and education and training requirements for cybersecurity similar to what the American Medical Association (AMA) does in the medical field.
It calls on government and industry stakeholders to consider establishing professional associations for each specialty within the cybersecurity field and to develop a common body of knowledge for each specialty. In order to professionalize the field, stakeholders will also need to establish certification and licensing requirements for each specialty as well as apprenticeship and residency requirements.
In many ways, the current situation in the cybersecurity field is similar to what existed in the medical field before it was professionalized, said Francesca Spidalieri, cyber leadership Fellow at Pell Center and one of the two authors of the report.
"There were a lot of self-described doctors, but no standards," she said. "We need some kind of focal point to gather around to foster minimum, basic standards and frameworks so people have a way to navigate the cybersecurity field."
Currently, it is difficult to determine the actual skills and abilities of professionals based on their education or certification credentials, she said. It is even harder to map those skills to real-world job requirements, she said.
"There's nothing that prioritizes different educational programs. There are no standards across different specialties. There is no single organization that can take ownership of this field" as the AMA and the American Bar Association do, Spidalieri said.
Establishing a central body to oversee cybersecurity will involve the participation of all stakeholders, including employers and educational, training and private certification institutes, she said.
Sign up for Computerworld eNewsletters.