It seems CISOs have been complaining about the cyber skills shortage ever since the first hacker was found. But finding people with identifiable and particular skills on their resumes isn’t easy.
After all, students want to know what is a cyber security specialist? How many certifications are needed? Where are courses offered? In what areas is there job demand…?
The industry-led Information Technology Association of Canada (ITAC) will try to bring some order into this chaos.
The group said this month it has secured a three-year grant from the Employment and Social Development Canada to create a useful framework for students, hiring managers and Statistics Canada’s labour market needs forecast.
The association hopes to bring in other groups such as colleges, universities and vendors to help create an online go-to resource for information on cyber security careers and education.
“We will be developing industry-validated national occupational standards and a competency framework, [and] a certification and accreditation regime to address skill shortages,” Gina van Dalen, executive director of ITAC’s talent and business technical forum said in an interview. “The goal is to accelerate learning, skills development and career development.”
To save time the framework will be based on the extensive U.S. National Initiative for Cybersecurity Education (NICE) framework, but tailored for Canadian needs.
For example, that framework has a number of workforce categories (securely provision, operate and maintain, oversee and govern, protect and defend, analyze, collect and operate, investigate), each with definitions (a person with securely provision skills is expected to be able to conceptualize, design, procure and/or build security IT systems).
“Following from that we’ll be looking at developing national occupational standards, which are job descriptions, and learning outcomes that can be used by post-secondary institutions.”
After the framework has been finalized workplace development tools will be easier to create, such as an online workforce supply-and-demand heat map similar to the NICE Cyber Seek map.
Not only does that site offer a map of all U.S. states showing job openings that a user can drill down into (as of Tuesday there were 107 job openings in Bismark, N.D., and 6,006 in the Phoenix area), it is broken down by public and private sector opportunities.
In addition, the site has a Career Pathway graphic that shows five common feeder roles, and the entry/mid-level/advanced jobs it may lead to (for example, a career in security intelligence could start with a job as a cyber security specialist, which could lead to being an analyst, consultant or penetration tester)
Another tool to be developed under the ITAC program will be an automatic job description generator that will help organizations link into the framework to identify the skills they’re looking for. Van Dalen said it would be particularly useful for small firms looking to hire someone who isn’t a cyber security specialist but is “a person with many hats.”
Finally, the framework will also link to an online catalog of cyber security training and education courses across the country.
Van Dalen hopes the initial components of this plan will be online in mid-2020. She said because there is a moratorium on parts of the agreement with the government the amount of the grant can’t be divulged yet.
The project also includes a survey of the artificial intelligence job market.