Industry Perspectives Blog

How State and Local Governments Can Solve Their Cyber Security Staffing Shortage

By 2019, the world will face a shortage of 1.5 million cybersecurity professionals.

That shortfall will especially challenge state and local governments. These entities control sensitive information like medical records and credit card statements, which makes them prime targets for cyber criminals. Yet they often have a hard time attracting qualified professionals.

To improve their chances of preventing breaches, state and local governments can foster cyber education and implement new recruiting models.

Currently, states face a severe shortage of security personnel. Two out of three states admit that their IT initiatives are hindered by a lack of qualified candidates. And over 85 percent of states cannot fill available IT positions.

Many states -- nearly 92 percent -- readily acknowledge that this shortage results from low salary rates and pay grade structures. Typically, private sector firms can offer salaries that are $25,000 higher than those paid by state governments.

State and local governments won't ever win the salary competition against the private sector. That means they'll need to get creative to attract and retain top cyber security talent.

One way to do so is to enlarge the pool of potential recruits. Currently, just one percent of New York City public school students receive computer science training.

In a world in which coding proficiency and IT systems knowledge are increasingly prerequisites for career success, vastly expanding computer training -- as New York City and other municipalities have pledged to do -- will prepare students for the jobs of the future. And it will no doubt pique some students' interest in government cybersecurity careers.

State and local governments can more directly steer students towards careers in cyber security with targeted education aid. The National Science Foundation already offers scholarships to students who choose to earn a cybersecurity-related degree and then work in federal, state, local, or tribunal governments.

State and local governments could replicate such scholarship programs to encourage aspiring cyber security professionals to work for them upon graduation.

Perhaps the most promising staffing solution comes in the form of private-public partnerships.

Private firms have plentiful financial resources but generally want candidates with prior experience in the cyber security field. Government entities -- though they can't match the private sector's compensation packages -- have robust infrastructures that provide excellent training opportunities.

Government entities and private firms could take advantage of their respective strengths to establish joint cyber security fellowship programs. Government organizations, with partial funding from the private sector, could offer professional training and experience to recent graduates. After several years, these experienced workers could transition to a sponsoring company if they so desire.

Such programs would provide government organizations with eager, highly talented recruits who wouldn't feel the need to forgo government work for fear of missing out on private sector opportunities. And the fellowships would prove private organizations with professionals who need minimal on-the-job training.

Of course, state and local governments can also improve their cyber defenses by partnering with private sector firms in a more traditional way: outsourcing their security needs.

Relying on contractors for managed security services offers numerous advantages. In an era of tight budgets, contracting provides government officials with a sustainable and predictable cost model -- major capital expenditures and unexpected expenses related to attacks are borne by the contractor, not the government entity. It also enables state and local officials to take advantage of security experts they'd be unable to hire themselves. Managed security services are gaining market share and acceptance due to the growing need for, and lack of, cyber expertise among concerned organizations.

State and local government organizations face severe cyber risks. Minimizing those risks requires the talents of top-notch cyber professionals. To recruit such people, state and local governments must recognize their weaknesses and take advantage of their strengths by improving cyber education and partnering with private firms.