President Barack ObamaBarack Hussein ObamaAt debate, Warren and Buttigieg tap idealism of Obama, FDR Appeals court allows Trump emoluments case to move forward Warren isn't leading polls, but at debate she looks like front-runner MORE announced Tuesday significant actions on cybersecurity. The president’s FY17 budget proposal includes more than $19 billion in overall Federal resources for cybersecurity—a $5 billion increase from the previous year. This funding will support a Cybersecurity National Action Plan, which takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.

Of that budget, only one-third of 1 percent—$62 million—is earmarked to attract and retain skilled cybersecurity professionals.


While some question if the proposal comes a bit too late in his tenure, others are asking if it has enough teeth.  For me, while I’m encouraged to see an increased investment on cybersecurity, I am perplexed by the seemingly small allocation of the $19 billion pie for workforce development.  We have all seen the statistics—there will soon be nearly 2 million open cybersecurity positions with an insufficient number of qualified professionals to fill those jobs. There is no question we need to act quickly and decisively to fix this problem.

You’ll notice I said “we.” This is not an issue that we can rely on one country’s government to fix. This problem is a lot bigger than that, and it is going to require government, industry, academia and associations like ours working together to overcome it.

The most effective way we can narrow this gap is to focus on one primary course of action: developing our cyber workforces through skills-based training.

Think of it this way. Imagine you are on a plane. You hit some turbulence, and the plane suddenly plunges 10,000 feet. Do you panic?

This happened to me just a couple of weeks ago on a flight home from China. While it certainly wasn’t fun, I was able to take comfort knowing that I was in capable hands. Pilots don’t train by simply reading a book or attending a seminar. They spend countless hours applying their skills in a simulator that precisely mimics their specific aircraft and its systems. If they experience a prospective disaster in the air, you can rest assured that they’ve prepared for that very situation many times before.

And that is exactly how we must train our cybersecurity professionals.

At ISACA, we are working diligently to make this happen. It is our mission to help organizations develop a skilled workforce through hands-on training and performance-based testing that reflects the very threats and scenarios they are going to face in the workplace.

You and I have confidence in our pilots because we know their skills have been tested, demonstrated and proven. And by investing in skills-based training for our cyber professionals, we can create a robust workforce whose skills we can deeply trust—which is critically important, given that these individuals are the ones protecting our most valuable corporate assets.

I am glad Obama has proposed steps to invest in a cyber workforce. But we need to do more. As an industry, let’s follow suit. If we want to narrow the skills gap and enhance the caliber of our workforce, we must all invest—both financially and with the appropriate training—in the solution. After all, it’s a matter of our public safety and economic security.

Loeb is CEO of ISACA, an international professional association concerned with IT governance.