Shortage of Cybersecurity Professionals Poses Risk to National Security
Jun 17, 2014
The perceived shortage of cybersecurity professionals working on national security may endanger the nation's networks and be a disadvantage in cyberspace conflict. RAND examined the cybersecurity labor market, especially in regard to national defense. Analysis suggests market forces and government programs will draw more workers into the profession in time, and steps taken today would not bear fruit for another five to ten years.
An Examination of the Cybersecurity Labor Market
|PDF file||0.4 MB||Best for desktop computers.
Use Adobe Acrobat Reader version 10 or higher for the best experience.
|ePub file||2 MB||Best for mobile devices.
On desktop computers and some mobile devices, you may need to download an eBook reader to view ePub files. Calibre is an example of a free and open source e-book library management application.
|mobi file||0.8 MB||Best for Kindle 1-3.
On desktop computers and some mobile devices, you may need to download an eBook reader to view mobi files. Amazon Kindle is the most popular reader for mobi files.
|Add to Cart||Paperback106 pages||$22.95||$18.36 20% Web Discount|
There is a general perception that there is a shortage of cybersecurity professionals within the United States, and a particular shortage of these professionals within the federal government, working on national security as well as intelligence. Shortages of this nature complicate securing the nation's networks and may leave the United States ill-prepared to carry out conflict in cyberspace.
RAND examined the current status of the labor market for cybersecurity professionals — with an emphasis on their being employed to defend the United States. This effort was in three parts: first, a review of the literature; second, interviews with managers and educators of cybersecurity professionals, supplemented by reportage; and third, an examination of the economic literature about labor markets. RAND also disaggregated the broad definition of "cybersecurity professionals" to unearth skills differentiation as relevant to this study.
In general, we support the use of market forces (and preexisting government programs) to address the strong demand for cybersecurity professionals in the longer run. Increases in educational opportunities and compensation packages will draw more workers into the profession over time. Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to ten years. By then, the current concern over cybersecurity could easily abate, driven by new technology and more secure architectures. Pushing too many people into the profession now could leave an overabundance of highly trained and narrowly skilled individuals who could better be serving national needs in other vocations.
Why Has Demand Risen Sharply?
What Others Have Observed
Findings from Interviews and Statistics
The Economics of the Cybersecurity Labor Market
Upper-Tier Cybersecurity Professionals and Policy Options
This research was sponsored by a private foundation and conducted within the Forces and Resources Policy Center of the RAND National Security Research Division (NSRD). NSRD conducts research and analysis on defense and national security topics for the U.S. and allied defense, foreign policy, homeland security, and intelligence communities and foundations and other nongovernmental organizations that support defense and national security analysis.
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.