And with all disruption comes opportunity. All Game of Thrones fans know that “chaos is a ladder.” Attackers are better and faster than us at adapting to, leveraging and exploiting disruption. In a future where speed and agility are defining factors, they have the edge.
One of the downfalls of the steel industry was our collective inability to come together and tackle world-changing problems with world-changing thinking. We lacked a diversity by design mindset. We failed to understand that diversity was our strength — diversity enables resilience, adaptability and scalability. Diversity forces us to think outside of the box and create the conditions where we control big bang disruptions instead of succumbing to them.
Ultimately, monocultures die. When a monoculture dies, it wipes out or cripples everything in its wake. So, why a diversity discussion when talking about space? Because cybersecurity today is a monoculture. It’s why we are failing. It’s why we are losing this war. We are the same people we were 20 years ago. We do not even have to look at gender, identity and race; it’s more than that. Our experiences are the same. We all came up through systems administration, network engineering, application development or desktop support. We have the same skills and the same ways of thinking.
If we are to protect and defend the people, companies and countries in our charge, we will need racial, gender, identity, physical and neurodiversity. We will need creative problem-solvers and divergent thinkers. The only way to think outside of the box is to apply the learnings and insights from a diverse set of collective experiences and to do what humans do best: to connect and to share these experiences, and improve upon them. It takes community to truly innovate.
So, having taken a trip through our past and gazed forward into our future, we must ask ourselves: how prepared are we to enter this new age — the dawn of the Fourth Industrial Revolution?
One of our issues is that proper security is inordinately resource-intensive. Regardless of the amount of automation we have at our fingertips, it is not enough. As we have learned with previous industrial revolutions, the opening years are wrought with disruption that impacts whole communities. The difference is that today’s disruptions too often have immediate, often widespread impact.
This new wave of automation is now upon us, and this time we expect to see massive job losses inside the services sector, the exact sector that manufacturing pivoted into when their jobs disappeared.
The World Economic Forum’s Future of Jobs Report 2020 supports this. The report states that:
While it might be exciting to think that 97 million new roles could emerge from this latest phase of the industrial revolution, we cannot ignore the fact that millions of people might be left behind. We need a new way of thinking to solve this, especially when it comes to cybersecurity. We are looking at millions of jobs opening up in security worldwide and no real plan for how to fill them.
Currently, we commonly do not hire people with little to no experience — “junior people” — in the cybersecurity field. Regardless of how many degrees, certificates, will or grit. It does not matter. We want people with 5–10 years of experience and a CISSP just for a junior role. Shame on us. We continue to let the ghosts of the past haunt us into the same group thinking decisions that nearly wiped out a region.
Cybersecurity professionals are working 100+ hour workweeks and killing ourselves to keep our executive leadership from having to testify in front of Congress because of problems that manifested under our jurisdiction. Yet, in this field, we resist hiring trainees.
Training a junior person takes 6–12 months before they can take work off our plates and, of course, makes us less productive in the short term. Yes, there is risk to bringing on a junior person. They do not always work out. But neither do some of the people who have had technical careers their whole life. And the investment lost is greater. We need to stop looking at people as junior, not technical enough or not experienced enough, and start looking at each person as a container of limitless potential with decades of collective experiences that will enable us to once and for all break outside the proverbial box.
Consider this: in 1966, an African-American nurse named Mary Van Brittan Brown, who spent many nights at home alone while her husband was away, and felt unsafe with high rates of crime and unresponsive police in her neighborhood, devised an early security unit for her own home. It involved a camera and a monitor to see who was outside the front door. This type of security system is now widely used in homes across the world.
There is no book we can read, no well-worn path that we can take to solve our cybersecurity staffing needs — it’s the greatest challenge of our collective lives. We will have to start from the beginning.
The answer lies in community. And we need more.