Most of the discussion about solving the skills shortage and staffing pipeline in cyber/information/data/computer security has focused solely on training people to be the “next cyber professional.” However, this methodology is woefully misplaced and can be equated to just how first responders, such as EMTs, firemen, police, and others are acquired, developed, and deployed in their operating environment. You can’t get everybody to choose to be on the front lines, nor have them run into a burning building without exhausting your supply of ready volunteers, and burning out those who are already dealing with a high stress, intense, and critical role that is already woefully understaffed.
As a senior technology executive who has risen from a start in engineering and front-line security incident handling and analysis passing through multiple industry sectors and organizations, I believe that the strategy currently being promoted in the highest levels of the public sector, but also peddled by many in the private sector and academia, could be adjusted to produce a better overall outcome. In my presentation I propose leveraging and exploiting the diverse source of skills we already have in place and in development to ensure we can use them as a force multiplier for those in the security field, and in turn, create more secure systems and technology.