top of page

The Chairman's Minute: Tackling Our Industry-wide Workforce Development Problem

Updated: Oct 12, 2020

(CS)²AI Founder: Derek Harp

By Derek Harp, (CS)²AI Founder, Chairman and Fellow

October, 2020

Dear Colleagues,

Control systems have become vital to ensure that our daily lives run smoothly, not only the obvious industrial applications like supplying power, fuel, or manufacturing products, but also running healthcare, transportation, building control, and logistics technologies. Essentially, more of our modern world is being automated and connected than ever and some projections indicate we could see more than 64 billion IoT devices worldwide by 2025*.

At the same time, it is well known in the cybersecurity field that we have a longstanding workforce problem. In the research for our upcoming 2020 Annual Report, 58% of respondents cited insufficient security expertise as the greatest obstacle to resolving control system cyber security vulnerabilities. For many people not directly involved in this area the concern may be unknown, at best a distant concern unrelated to our common future; a future of critical reliance and vulnerability and not enough trained and knowledgeable people to keep up with attackers. It’s already whack-a-mole and with a steadily increasing “AS:QW Ratio (attack-surface to qualified-worker) it is easy to see things going from challenging to worse.

The exposure list is long and stakes are growing higher. Safeguarding operational assets from persistent threats while also moving our core business functions forward (maximizing efficiency, real time intelligence, system uptime, etc) is no small task. So, can we do anything about it? (CS)²AI members say yes. Undoubtedly some of the solution will come in the form of emerging or yet to be built technology as we currently rely on too many humans in the middle. However, in all scenarios we can and MUST do more to recruit, train, equip, and support the cyber workforce of tomorrow. We all must invest more in:

  • Education (formal, degree programs, informal, continuing ed.)

  • Measurement (knowledge and practical)

  • Training (OJT, hands-on, in the field, Lab)

  • Network strengthening (with real information, data, and knowledge sharing)

  • Better job placement (efficiency, reach and transparency of qualified candidates)

Certainly, education and training come in many forms, from activities like the (CS)²AI Onlinesessions we run multiple times a month to formal classroom or hands on lab training offered in the market place. It is clear we need more training that is appropriate for diverse roles, easily accessible, affordable and reinforced with real world applications. For our contribution, (CS)²AI will continue to expand our own educational opportunities and remain committed to a role of providing access to the wisdom of the few for the benefit of the many. We also see one of the roles of our association is to arrange relevant industry benefits on behalf of our Global Members and today I am proud to announce a new education & training discount partnership with The Mission Critical Institute.

Finding the right person in the proverbial haystack is not easy. I am frequently contacted to help with searches and some of them had lasted far too long trying to fill the position. Its also common to see inadequacy of talent (or poor cooperate HR policy on salary bands) lead to filling a position with the wrong person. In our space the unicorns that truly understand IT, cybersecurity broadly AND the intricacies control systems are rarer, more expensive and often hard to identify. (CS)²AI wants to help with that and today, I am proud to announce that the new (CS)²AI Job Board (Version 1.0) is now live with more than 40 jobs now listed. All members of the community at large can see the listings and our Global Members are able to apply directly for jobs from the member portal.

Helping directly address the workforce problem is THE reason why we founded (CS)²AI. Our mission to provide the platform for members to help members, foster meaningful peer-to-peer exchange, continue professional education and directly support cyber security professional development is something we can do together to make a dent in this problem. There is a great quote that sums up what we can do here together:

“The whole is greater than the

sum of its parts”


In the end (CS)²AI is only as effective as its members helping members efforts are. When you join the (CS)²AI community as a global member, partner, contributor, committee member, (CS)²AI Fellow or research participant YOU impact the community personally. I am especially grateful for our Strategic Alliance Partners for their vision in our early years. In our case their support of our not for profit association has not been solely for business development purposes but these companies also are planting a stake in the ground that addressing the workforce challenge is important. By pooling and coordinating time and resources we can increase the magnitude of the impact.

If you have not already added your voice to our discussion, I invite you to Join Today If you would like to do more you can also review multiple ways to Get Involved on our global website.



Founder & Chairman

***Copy and Paste Links****

62 views0 comments


bottom of page