Is the goal to migrate some people from existing IT jobs into security, or are you talking about introducing people from the university level into security?
BENWAY: I think it's both. There are some folks out there thinking, "What do I need to do to get into it?" That's when we talk about professional development opportunities. It's getting their hands dirty and jumping right in. It's very difficult to learn cybersecurity from a book. It's really hands-on. You have to be engaged and you have to understand the threats and understand the intelligence. So I think the hands-on piece is important, in addition to any academic training and education.
If you listened to Andy Ellis from Akamai [Chief Security Officer] at the recent meeting in Boston, his view is the lack of cybersecurity talent is overblown. He says we should just be looking for smart, motivated folks to bring into cybersecurity, whether they're microbiologists or whatever. That's one view, but I've also heard others say, "I don't really have time to develop these folks." So it's a real Catch 22.
Okay. Anything you want to leave us with?
GUENTHER: I guess just to summarize and reinforce the point that we believe the ACSC is a unique organization nationally, in particular because of the hybrid nature that you described up front, which is this combination of threat-sharing and our commitment to research and development.
What's interesting from the members' standpoint is they are the ones who have reinforced the value of having those two things connected, that the research and development needs to understand the operational and the threat-sharing piece, because those are the challenges that you're trying to solve. If you do the research and development in isolation, you're less likely to understand the actual challenges.
Sign up for Computerworld eNewsletters.