Microsoft — now the world’s most valuable company — has launched a program to train the next generation of cybersecurity experts, with a special emphasis on the role of community colleges in expanding the industry's workforce.
The news will fall on welcome ears; the number of industry vacancies out there is huge, and the threat from cybercriminals will only be thwarted by filling these roles and developing antivirus software, as well as other related technology, at a rate that outpaces the work of malicious actors.
The initiative is one of several cybersecurity-related investments Microsoft has made recently, and the tech giant is joining forces with organizations in the private sector — as well as government departments — fighting similar battles.
What Does The Shortage Look Like?
Brad Smith, President & Vice-Chair of Microsoft, said that thousands of data breaches “could have been prevented…if they had applied cybersecurity best practices.” The problem is already severe, and it's getting worse, not better; more data breaches occurred between January and October of this year than during the entirety of 2020.
The tech chief went on to say that organizations, government departments, and institutions just “don’t have the people they need to fill the jobs they’ve created.”
“Many businesses don’t have the people that they need, either to implement the protections they, in some cases, are already paying for.” – Brad Smith, Vice Chair & President of Microsoft.
In 2014, there were roughly 1 million unfilled cybersecurity jobs worldwide, and companies were already decrying the shortage en masse. In 2020, the ISC had recorded 3.12 million open positions — and although its findings suggest the figure has fallen to 2.72 million this year, there's still very much a mountain to climb.
Organizations like Cyberseek estimate that there are almost half a million cybersecurity jobs left unfilled in the United States alone – which accounts for 6% of all job vacancies in the country. Currently, there is one open position for every two jobs in the industry that are filled.
What Will Microsoft’s Program Achieve?
Microsoft will create around 25,000 scholarships, which should make a significant impact in a market that is short of qualified professionals. The end goal is to fill around a quarter of a million empty cybersecurity roles by the year 2025 — around half of the total US figure.
Microsoft will also make its entire cybersecurity curriculum free at the point of use for all community colleges in the US, which should ensure that the opportunities are not reserved for wealthy, university-educated individuals.
Indeed, Smith has confirmed the goal is not just getting people into these positions, but creating a more diverse workforce of cybersecurity specialists — 80% of cybersecurity professionals are white and a similar percentage (82.4%) are male.
Microsoft has identified three obstacles it will have to overcome to make this program a success. Community colleges need adequate resources and materials, teachers to teach the courses, and provisions to offer more financial aid to students in this field. “If we can address these barriers,” a blog post on the issue reads, “we can harness the power of the nation's community colleges to address the cybersecurity workplace shortage.”
How Big Tech Plans To Improve The Cybersecurity Landscape
Microsoft is quadrupling its own cybersecurity funding for the next five years, bringing the investment to a total of $20 billion. The company has also committed $150 million to joint cybersecurity ventures that will involve cooperating with the federal government to improve protection for the public.
University of Texas System has agreed to upskill and reskill over 1 million workers in the US by making entry-level cyber educational programs available via San Antonio’s Cybersecurity Manufacturing Innovation Institute.
Google announced last year that it plans to train 100,000 Americans to help fill the open vacancies, as well as committing $10 billion over the next five years in training grants to various communities and nonprofits across the country. Amazon, on the other hand, has pledged to make the security training it makes its employees complete open to the public too.
Elsewhere, after a meeting with US President Joe Biden in August, Apple also agreed to establish a new program “to drive continuous security improvements through the technology supply chain.” This will reportedly include pushing the adoption of things like multi-factor authentication to deal with the rise of credential phishing and the persistence of brute-force attacks — which can also be combated with other tech, such as password managers.
Nonprofits have made promises themselves, like Code.org, which is aiming to teach cybersecurity concepts to more than three million students over the next three years.
Both filling these vacancies and diversifying the cybersecurity sector is a huge challenge, one that will require massive efforts from stakeholders across the public and private sectors. This means cooperation is key, and although Microsoft and Co.'s pledges are encouraging, only time will tell whether Big Tech will deliver.