How to prepare the 21st century cybersecurity workforce

Last month, a first-of-its-kind cybersecurity grant program specifically for state, local and territorial (SLT) governments across the country was announced. This State and Local Cybersecurity Grant Program (SLCGP) will provide $1 billion in funding to SLT organizations over the course of four years to support efforts to address cyber risk to SLT information systems.

The need for this funding has become increasingly apparent following a significant increase in sophisticated cyberattacks against state and local organizations. However, there are widespread concerns that the workforce is not yet prepared to implement such funding successfully due to a lack of cybersecurity and IT expertise at the local level. Additionally, this funding is meaningless without the personnel in place to utilize it, and scale solutions for the future.

Fittingly, one of the four primary objectives of the SLCGP is “workforce development.” While there are a variety of ways state and local organizations can go about training and incentivizing their workforce, it’s imperative each state achieves this goal of developing a 21st century cybersecurity workforce. Without a robust and technically advanced workforce, communities across the country will continue to struggle against malicious actors that threaten the secure and sustained access to the digital and physical resources our country depends upon.

Education as the foundation
In the case of cybersecurity, ignorance is certainly not bliss. It may seem obvious, but it is also important to underscore that one cannot defend against a threat or vulnerability they are unaware exists.

Part of the SLCGP states that cybersecurity plans must explain “how input and feedback from local government and associations of local government was incorporated.” This is a vital component of the program and it’s intended to ensure the needs of all organizations throughout the state, regardless of size, are represented in the plan to utilize the available funding. However, feedback cannot be incorporated about issues that are not understood or even known.

Therefore, it’s paramount that the local level cybersecurity workforce be better educated and trained on the cutting-edge threats of the modern remote environment. In the meantime, local regions can partner with organizations who can identify vulnerabilities on their behalf. Critically, they should also look for organizations who offer training programs for their local staff to master the tools they’ll be using to detect vulnerabilities and secure systems.

The initial cybersecurity plans developed will only be applicable for two years, meaning that constant evaluations and modifications must be made to respond to the changing threat landscape. Only by developing a robust, well-educated IT workforce can local governments prepare for future iterations of their cybersecurity plans.

Scaling solutions for the future
Cybersecurity vulnerabilities are an evergreen challenge given the nature of technology to constantly, and rapidly, develop. The cybersecurity workforce of the future, at all levels of government, must be able to evolve at the same pace as our technology.

Notably, the funds made available by the SLCGP can be used to hire cybersecurity personnel. If qualified, well-trained personnel are available, this would be a prudent investment for state or local governments to make to optimize their cybersecurity posture in the future. Even if the talent is not readily available, states may wish to consider using some of the available funding to recruit and train young cybersecurity professionals because without the personnel to implement the solutions or strategies determined by each state’s cybersecurity planning committee, the tools procured or developed will be impractical.

While taking the time to educate, train and hire personnel, public sector entities should lean on industry leading organizations with a proven history of collaborating successfully with state, local and territorial organizations. The adoption of certain industry leading tools can alleviate strain on government employees, allowing them to repurpose their time on mission critical projects; improving productivity while bolstering their workforce. Moreover, given the current and growing threat of ransomware and phishing attacks, in conjunction with the vulnerabilities posed by our modern remote workforce, state and local governments should seek partners who can implement their solutions as swiftly as possible.

One thing is for certain, and that is that privilege and identity are often at the center of every attack. Any organization would benefit from taking the first steps to adopt a comprehensive privileged access management (PAM) solution today. A decent portion of the SLCGP funding should undoubtedly go towards building a capable IT workforce for the future, but there are immediate, urgent threats that must be addressed. Therefore, while taking the time to build a 21st-century workforce, lean on trusted, easily auditable industry leaders who can assist in training the present workforce about how best to use the procured cybersecurity tools.

This grant program will be the first of many similar initiatives, particularly in terms of investing in the future cybersecurity workforce. For now, state and local agencies must do all they can to utilize the currently available funding strategically and with an eye towards the future. In conjunction with training the future cybersecurity workforce, public sector entities should immediately seek out solutions that enable their current IT employees to recapture as much time as possible. Reducing the burden on state, local and territorial public sector workers will help them to effectively deliver the critical government services constituents depend upon.

With more than a decade of experience in public sector IT security, Josh Brodbent has acquired a trove of knowledge on identity and privilege access management. In his capacity as regional vice president of solutions engineering at BeyondTrust, Brodbent works diligently with public sector organizations and government agencies to defend their networks. He also currently serves as industry chair of the ATARC Zero Trust Working Group. Prior to his five-year tenure with BeyondTrust, Brodbent worked as a security architect at Dell Technologies to develop secure solutions for multiple state and federal agencies.