Priority #4: Cybersecurity Workforce Challenges – International Strategy to Better Protect the Financial System Against Cyber Threats

Talent exchange programs are another promising route for public-private cooperation. For example, the U.S. Department of Defense has established the Defense-Industry Talent Exchange Pilot Program to temporarily detail civilian employees to the private sector while placing private sector employees in public sector jobs.40 The program offers an opportunity to forge stronger relationships between the Pentagon and its industry partners while offering participants a unique opportunity to gain a more multidimensional understanding of their field.

A few additional challenges hamper public institutions’ efforts to hire cybersecurity talent. These include limitations on hiring foreign nationals, security clearance requirements for some positions,41 the absence of a classification and monitoring system for the cybersecurity workforce,42 and related limitations in the ability to assess the success of workforce initiatives.

Lessons Learned From Select Financial Centers

“A regulator is little more than its staff. The recruitment, development, and retention of staff must be the number one priority.” Lyndon Nelson, Bank of England, summer 2020.

Lessons From the UK

Recognizing that supervision was becoming an increasingly specialized activity, in 2005, the BoE reorganized its structure and created more specialist teams. The BoE now centralizes its risk specialists, including cyber risk experts, into a single Supervisory Risk Specialists Directorate. According to Lyndon Nelson, “This was a very positive move. We benefited from economies of scope and scale. Specialists liked to be with other specialists and enjoyed learning from each other.”

To build its cyber risk team, the BoE prioritizes recruiting and retaining experts that understand social engineering, human behavior, and operations, not “reformed ‘hackers.’” The cyber risk team has a diverse background of industry experience, including CISOs, consultants, technology specialists, and simulation experts. According to BoE officials, the BoE’s model of centralized talent provides:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19