Addressing the Cybersecurity Talent Shortage in Government

The role of culture, workforce development strategy, and AI in maturing security programs within federal government departments and agencies.

Analyst Perspective

Governments are increasingly at risk from cyberattacks as they become more digital, requiring them to take proactive measures to enhance their cyber resilience. A common challenge is getting the entire organization on board with cybersecurity measures. This can result in insufficient understanding of strategies and technology, as well as difficulty in maintaining a skilled and engaged workforce.

To address this challenge, Info-Tech suggests a three-pronged approach. First, governments should foster a culture of accountability and collaboration throughout the organization to create a shared responsibility for cybersecurity. Second, governments should implement a comprehensive cyber workforce strategy that includes acquiring individuals with the necessary skills and expertise and investing in innovative training programs and educational partnerships. Third, governments must invest in advanced technologies such as AI and machine learning, to detect threats more quickly and accurately.

Paul Chernousov
Research Director, Industry
Info-Tech Research Group

Executive Summary

Info-Tech Insight
A comprehensive cybersecurity workforce development strategy addresses the inability to hire staff with the desired skills. Define the skills gap in your cyber workforce and build a development plan that includes strategies that fully empower skilled employees to resist cyberthreats.

We are in an increasingly vulnerable digital world

Digital transformation often introduces new digital risks for an organization to manage.

95% Percentage of cybersecurity issues that can be traced to human error.

43% Percentage of cybersecurity breaches or infractions represented by insider threats, either intentional or accidental.

Source: GlobeNewsWire, 2021; World Economic Forum, 2022.

Potential workforce risks enabled by digital transformation:

• New digital identity governance and threat-monitoring challenges
• Cultural and behavioral changes
• Lack of skills availability
• More sophisticated threat actors

Info-Tech Insight
Digital transformation presents new workforce risks, such as cyberthreats and challenges associated with distributed workforce. Organizations need to proactively address these risks to ensure a successful digital transformation at all levels.

Digital transformation enables improved outcomes

Digital technologies are integrated into all aspects of public sector operations, fundamentally changing the way services are delivered and how value is provided to citizens. This transformation also involves a cultural shift, as government departments and agencies need to continually challenge traditional processes, experiment, and adapt to new ways of working.

Digital citizen experience
Enhancing citizen interactions and satisfaction by leveraging digital technologies to provide seamless, personalized, and data-driven experiences in accessing government services.
Examples: Online portals for tax filing, mobile applications for reporting civic issues, and chatbots for addressing public queries.

Operational efficiency
Streamlining and automating government processes to improve productivity, reduce costs, and optimize resource use.
Examples: Implementing cloud-based systems for interagency collaboration and using predictive analytics to optimize public service delivery.

Policy and service innovation
<>Adapting or creating new policies and services that leverage digital technologies to deliver value in new ways or to better address citizen needs.
Examples: Implementing digital identity solutions, using open data platforms to improve transparency, and leveraging data-driven insights to inform policy decisions.

Workforce enablement
Empowering public sector employees with the right digital tools, skills, and mindset to adapt to the evolving work environment and contribute effectively to the government's digital transformation journey.
Examples: Providing digital skills training, implementing collaboration tools (e.g. Slack, Microsoft Teams), and promoting a culture of continuous learning and innovation.

Data and analytics
Leveraging data-driven insights to inform decision-making, optimize processes, and drive innovation across government organizations.
Examples: Applying machine learning algorithms to predict citizen behavior, using big data analytics to identify social trends, and employing real-time data monitoring to optimize resource allocation.

Digital security
Implementing robust cybersecurity measures to protect government digital assets, citizen data, and overall digital infrastructure.
Examples: Deploying AI-based threat detection systems, establishing secure data storage and encryption protocols, and conducting regular security audits and training.

Digital transformation is also creating new attack surfaces

Digital transformation is introducing new technologies, systems, and processes to government departments and agencies, leading to the following obstacles:

01
Expanded digital landscape and cyberthreats
Digital transformation in government involves the integration of new technologies, systems, and processes that lead to an increased exposure to cyberthreats. These include malware, ransomware, and other forms of cybercrime.

02
Cultivating a cybersecurity-aware culture
New challenges make it essential for governmental departments and agencies to foster a culture of cybersecurity awareness within their workforce. This includes providing regular training and promoting a shared responsibility to maintain digital security.

03
Addressing the cybersecurity talent gap
The growing complexity of cyberthreats necessitates a skilled cybersecurity workforce in government. However, a shortage of cybersecurity talent makes it challenging to effectively combat these threats and safeguard digital infrastructure.

04
Enhancing cyber resilience and security
To mitigate the risks of cyberthreats, government departments and agencies must prioritize the creation of robust cybersecurity strategies, invest in employee training, and collaborate with external parties to enhance their cyber defense capabilities.

Digital threats are coming from various actors

Threats to cybersecurity can come from a multitude of sources. One common source is email phishing scams, where attackers send fraudulent emails designed to trick recipients into revealing sensitive information or downloading malicious software.

Other sources of digital threats include unsecured networks and devices, malicious software downloads, and social engineering attacks. It is important for individuals and organizations to stay vigilant and educated about these threats to protect their sensitive information and assets.

The nature of cybersecurity risks is changing

Remote/Hybrid workers

Traditional security models rely on perimeter-based defenses that assume everything within the network is trustworthy. This can be an issue since threats can originate from within that network.

Traditional security measures such as firewalls, antivirus, and intrusion detection systems may not be sufficient against increasingly sophisticated cyberthreats.

The attack surface is becoming more complex

The adoption of new and emerging technologies, such as automation and digital transformation concepts, introduces additional vulnerability at all organizational levels.

The complexity of the attack surface can make it difficult for organizations to identify and mitigate all potential vulnerabilities, increasing the risk of successful cyberattacks.

Automation brings additional cybersecurity risks

Automation has led to several types of cybersecurity attack

External factors are driving cybersecurity risks

Sources:
¹ Ponemon, 2020.
² Security Boulevard, 2021.
³ Sophos News, “State of Ransomware,” 2020.

Governments are challenged to attract and retain top talent

Governments face significant difficulties when it comes to attracting and retaining top cybersecurity talent for several key reasons:

Salaries
Offering competitive salaries compared to the private sector could greatly enhance governments’ ability to attract top cybersecurity talent.

Advancement
Limited opportunities for career growth and professional development in the public sector can discourage cybersecurity professionals from pursuing government roles.

Bureaucracy
Rigid bureaucratic processes within government organizations may limit the ability of cybersecurity professionals to innovate and respond quickly to emerging threats.

Autonomy
The lack of autonomy in many government agencies can further discourage talented cybersecurity professionals from choosing public sector careers.

Flexibility
The lack of flexible work environments that foster innovation and creativity should be avoided in order to attract and retain skilled cybersecurity professionals.

Hiring delays and skills gaps are fueling resource challenges

Hiring is taking too long
59% of organizations report taking 3 months or more to fill a vacant cybersecurity position.
Source: ISACA, 2020

Cybersecurity has a skills gap
30% report IT knowledge as the most prevalent skills gap in today’s cybersecurity professionals.
Source: ISACA, 2020

Develop a staffing strategy:

Security leaders should not use staffing benchmarks to justify their requests for resources. However, while staffing benchmarks are useful for quick peer-to-peer validation and decision making, they tend to reduce security programs to a set of averages that can be misleading when used out of context.

Determine what security services need to be provided, the level of demand, and what it will take to meet that demand currently and in the coming years.

Develop a staffing strategy. Use insights to predict what roles need to be hired, what skills need to be developed, and whether outsourcing is an option.

Internal cybersecurity risks cannot be ignored

Adapted from IBM, “What Is Threat Management?” 2020.

Create a Cybersecurity Culture

Cyber resilience is everybody’s responsibility

Every employee plays a crucial role in safeguarding the organization’s digital assets

Mitigating cybersecurity risks requires everyone to row in the same direction

Checklist: Foster a cybersecurity-conscious culture

Develop a culture of awareness and responsibility

• Establish a cybersecurity policy: Develop a policy outlining expectations, roles, and responsibilities of all stakeholders, departments, and agencies.
• Identify and prioritize cybersecurity risks: Conduct a risk assessment to identify and prioritize cybersecurity risks based on their potential impact on government operations.
• Develop and implement a cybersecurity framework: Develop and implement a cybersecurity framework based on industry standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
• Implement cybersecurity training and awareness programs: Provide regular training and awareness programs for employees to ensure they are aware of the latest threats and best practices.
• Implement cybersecurity technologies: Deploy cybersecurity technologies such as firewalls, intrusion detection/prevention systems, anti-virus software, and vulnerability scanners.
• Develop incident response plans: Develop and test incident response plans to ensure that all stakeholders know their roles and responsibilities in the event of a cybersecurity incident.
• Foster partnerships: Foster partnerships with other government departments/agencies, industry, and academia to share threat intelligence and collaborate on cybersecurity initiatives.
• Make cybersecurity a priority for digital transformation projects: Ensure that cybersecurity is a priority for all digital transformation projects by embedding cybersecurity requirements into the planning, design, and implementation phases.
• Continuously improve: Continuously improve the government's cybersecurity program by assessing new threats, vulnerabilities, and technologies and adapting the program accordingly.

Implement a Cybersecurity Workforce Development Strategy

Upskill your IT team by going beyond certifying knowledge to assuring competence

A cybersecurity workforce development strategy ensures security, compliance, and efficiency

National security
Digital transformation initiatives can improve the efficiency and effectiveness of government operations, but they also introduce new cybersecurity risks.
Building a strong and resilient cybersecurity workforce is essential for ensuring that digital transformation initiatives are secure and that government operations are not disrupted by cyberattacks or data breaches.

Compliance
Federal departments and agencies are required to comply with a range of cybersecurity regulations and standards, including the Federal Information Security Modernization Act (FISMA), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the Federal Risk and Authorization Management Program (FedRAMP).
Creating a strong and resilient cybersecurity workforce is imperative for meeting these compliance requirements and protecting government data and systems.

Efficiency and effectiveness
Cybersecurity is essential for protecting national security, and the federal government has a critical role to play in securing the country's critical infrastructure, defense systems, and sensitive data.
Ensuring that the government has a strong and resilient cybersecurity workforce is crucial for maintaining national security in the face of growing cyberthreats.

A strong cybersecurity workforce development strategy provides additional benefits

Sources: NIST, “NIST Revises Guidance”; GCN, 2023; Silicon Angle, 2020.

Governments need to address the challenge of hiring and retaining top cybersecurity talent

By developing a comprehensive cybersecurity workforce development strategy, governments can attract, retain, and develop top cybersecurity talent and build a strong and resilient cybersecurity workforce

Define workforce needs: Assess your cybersecurity workforce needs and define the roles and skills required to meet those needs.

Recruit and hire top cybersecurity talent: Prioritize the recruitment and hiring of top cybersecurity talent to fill critical roles.

Develop cybersecurity training strategies: Develop cybersecurity training strategies that provide employees with the knowledge and skills needed to perform their cybersecurity roles effectively.

Build cybersecurity partnerships: Build partnerships with academic institutions, cybersecurity industry associations, and other organizations to support the development of a strong cybersecurity workforce.

Develop career paths that foster diversity and inclusion: Develop career paths that provide cybersecurity professionals with opportunities for growth and advancement. Foster diversity and inclusion in the cybersecurity workforce by promoting a culture of inclusion, recruiting from diverse talent pools, and providing opportunities for underrepresented groups to develop skills and advance their careers.

Faced with similar challenges, leading governments are developing innovative solutions

In January 2021, the US federal government had more than 33,000 unfilled cybersecurity positions. This represented 10% of its total cybersecurity workforce.

In 2020, the United Kingdom’s public sector had a 46% shortfall of cybersecurity skills compared with 29% for the private sector.

USA
The US launched the Cybersecurity Talent Management System to attract and retain diverse cyber professionals.

Canada
Canada invested $80 million in the Cyber Security Innovation Network to boost R&D and address talent shortages.

UK
The UK created the Cyber Skills Immediate Impact Fund to increase diversity and workforce in the cybersecurity sector.

Australia
The Australian Cyber Security Centre launched a cyber security talent initiative to recruit & develop skilled cybersecurity professionals.

Collaboration between government, academia, and industry can effectively address the shortage of skilled professionals.

Sources: Deloitte, “Government’s Broader Role”; The Washington Post, “Cybersecurity 202.”

Your IT sourcing plan plays several key roles

Empowering departments and agencies
IT sourcing plans identify required services and optimal strategies to access necessary resources in supporting government operations.

Controlling costs
IT sourcing plans result in long-term savings by identifying cost-effective strategies for each IT service, facilitating cost control.

Minimizing risk
IT sourcing plans promote risk mitigation and security measures, minimizing service disruptions or data breaches risks by identifying potential vulnerabilities.

Creating transparency and accountability
IT sourcing plans foster transparency by defining stakeholders' roles and responsibilities, ensuring clarity and accountability for actions taken.

The IT sourcing plan outlines the sourcing strategy for IT services, including whether services will be provided in-house or outsourced to third-party vendors

Your IT sourcing plan helps identify cybersecurity talent shortages

By following the steps below, you will attract and retain the right cybersecurity talent

1. Identify the most effective approach for sourcing cybersecurity talent
An IT sourcing plan aids government entities in finding the optimal mix of full-time cybersecurity professionals and third-party vendor contracts.

2. Leverage the expertise of third-party vendors
IT sourcing plans facilitate the identification of specialized cybersecurity vendors to bolster an agency's cybersecurity posture.

3. Ensure that cybersecurity services meet agency needs
Departments and agencies use IT sourcing plans to pinpoint cybersecurity services aligning with their compliance, risk management, and budgetary needs.

4. Address cybersecurity talent shortages
IT sourcing plans assist in tackling cybersecurity talent acquisition and retention challenges by exploring alternatives like academic partnerships for training or internal resource sharing.

Successful cybersecurity workforce development strategies take several forms

Governments benefit from different approaches to cultivating cybersecurity workforce development

Public-private partnerships
Collaboration between government agencies, private sector companies, and educational institutions is essential to addressing the modern cybersecurity workforce gap.

Competitions and challenges
State actors would be well advised to discuss the value of offering hands-on training, courses, scholarships, and internships on various cybersecurity topics to develop a skilled workforce capable of combatting emerging cyberthreats.

Academia and industry
Bringing together academia, corporations, startups, and government entities is an important factor in creating a cybersecurity hub that fosters innovation, research, and workforce development programs, strategies, and approaches.

Comprehensive training
State actors would be well-advised to discuss the value of offering hands-on training, courses, scholarships, and internships on various cybersecurity topics to develop a skilled workforce capable of combatting emerging cyberthreats.

Examples of efforts to build the next generation of cybersecurity talent

Cybersecurity has many key stakeholders

Addressing cybersecurity workforce development requires a collaborative effort involving multiple stakeholders across the organization.

Senior leadership
Senior leadership is critical in setting the tone and providing the necessary resources to address cybersecurity workforce development.

Budget and finance teams
Budget and finance teams are responsible for allocating the necessary funds to support cybersecurity workforce development initiatives.

Procurement teams
Procurement teams are involved in sourcing and procuring the necessary tools and resources to support cybersecurity workforce development.

Legal departments
Legal departments are responsible for ensuring compliance with relevant laws and regulations related to cybersecurity workforce development.

Harness Artificial Intelligence

Intelligent security: Harnessing AI to forge a safer digital tomorrow

AI tools can be leveraged to assist with recruitment and threat detection and response

Recruitment
Streamline the recruitment process by automating tasks such as resume screening and initial candidate assessment.

Reduce the workload for recruiters and allow them to focus on the most promising candidates.

Threat detection and response
Detect and respond to cybersecurity threats in real time, diminishing the workload on cybersecurity staff and allowing them to focus on more complex issues.

Proactively identify patterns of potential cyberattacks, allowing organizations to take preventative measures and minimize the risk of data breaches and system compromises.

Skills assessment
AI-enabled tools can be used to assess the skills and knowledge of current cybersecurity staff.

AI can identify areas where additional training may be needed and provide personalized learning paths to help staff upskill.

Decision-making support
AI-enabled tools can provide decision-making support by analyzing large amounts of data and identifying patterns and trends that may be difficult for human analysts to detect.

This can help inform cybersecurity strategy and prioritize resources.

Government organizations worldwide are adopting AI technologies

By automating repetitive tasks, analyzing vast quantities of data, and optimizing resource allocation, AI can facilitate faster and more informed decision-making processes, thereby enabling governments to better serve their citizens and respond to their needs in a timely manner. It is crucial for governments to approach AI adoption with a focus on ethical considerations, including data privacy, algorithmic fairness, and transparency. Establishing robust regulatory frameworks and adhering to ethical guidelines will ensure that AI systems work in the best interests of the public while minimizing the risks of bias, misuse, and unintended consequences.

Sources: CCCS, “National Cyber Threat Assessment”; CISA, n.d.; GCHQ, 2021; Water, 2022.

AI can improve efficiency, scalability, accuracy, and collaboration

Efficiency
AI accelerates threat identification and mitigation by processing vast data volumes quicker than humans.

Scalability
AI adapts to evolving cybersecurity threats, reducing the need for constant recruitment and training.

Accuracy
AI’s precision in threat identification minimizes human error, lowering the risk of cyberattacks.

Collaboration
AI streamlines communication, fostering a greater degree of cooperation between departments and agencies.

Conclusion: Use the three pillars for protection

Digital transformation has accelerated the rate of cyberattacks that need to be addressed through an effective resource plan that changes current culture and enhances capabilities. Info-Tech’s approach to increase an organization’s cyber preparedness consists of three pillars:

Creating a cybersecurity culture: Cyber resilience is everybody’s responsibility.

Implementing a cybersecurity workforce development strategy and hire the right people with the right cyber skills.

Harnessing digital technologies like artificial intelligence to assist with recruitment and threat detection and response.

Info-Tech’s approach to addressing the cybersecurity talent shortage in government

By addressing these unique challenges, government departments and agencies can improve their ability to attract and retain cybersecurity professionals, even in the face of stiff competition from the private sector.

By doing so, they can better protect sensitive information and systems and enhance national security.

Step 1
1. Identify the current state of cybersecurity skills within government departments and agencies. This involves assessing the current workforce's cybersecurity skills and identifying any gaps in the required skills for protecting government data and systems.

Step 2
2. Develop a cybersecurity skills roadmap for government departments and agencies. The roadmap should include a timeline, milestones, and metrics for measuring progress.

Step 3
3. Create targeted training strategies for cybersecurity skills development. These programs could include cybersecurity boot camps, on-the-job training, and certification programs.

Step 4
4. Foster partnerships with academic institutions and industry experts. These partnerships could help to provide access to specialized cybersecurity training and expertise.

Step 5
5. Develop incentives to retain cybersecurity talent within government departments and agencies, such as bonuses, promotions, and flexible work arrangements.

These incentives can help to attract and retain skilled cybersecurity professionals.

Step 6
6. Monitor progress toward the cybersecurity skills roadmap and adjust the plan as needed to ensure that government agencies have the necessary skills to protect against evolving cyberthreats.

Step 7
7. Build an IT sourcing plan. The IT sourcing plan outlines the sourcing strategy for IT services, including whether services will be provided in-house or outsourced to third-party vendors.

Step 8
8. Develop strategies to address pay and benefits disparities between government and private sector cybersecurity roles.

This may include advocating for competitive pay scales and providing additional benefits such as flexible work arrangements and development opportunities.

Step 9
9. Increase awareness of the importance of cybersecurity within government departments and agencies and highlight the critical role that cybersecurity professionals play in protecting sensitive information and systems.

Step 10
10. Create a positive work culture within government agencies that values and supports cybersecurity professionals.

This could involve offering opportunities for career advancement, recognizing the contributions of cybersecurity professionals, and fostering a supportive work environment.

Related Info-Tech Research

Budget 2022: Support for Canadian Federal Government Departments and Agencies for Cybersecurity and Fighting Misinformation
Digital transformation has accelerated since the onset of the pandemic in the beginning of 2020 to serve the changing expectations of Canadians.

Improve IT Operations With AI and ML
Deliver your IT services efficiently, go above and beyond, and exceed manual repetitive tasks.

Cybersecurity Workforce Development
Upskill your IT Team by going beyond certifying knowledge to assuring competence.

Research Contributors & Experts

Ron Gumbert
Senior Managing Partner II, Executive
Services, Info-Tech Research Group

Matthew Bourne
Managing Partner II, Executive
Services, Info-Tech Research Group

Patrick Spencer
Practice Lead, Research –
Development, Info-Tech Research Group

Aaron Shum
Vice President, Security & Privacy
Research - Call Quality & Delivery,
Info-Tech Research Group

Isabelle Hertanto
Practice Lead, Research –
Development, Info-Tech Research
Group

Cassandra Cooper
Senior Research Analyst, Security,
Risk & Compliance, Info-Tech
Research Group

Bob Smock
Vice President, Security
Consulting & Technical Counselor,
Info-Tech Research Group

Bibliography

“(ISC)² Information Security Certifications.” (ISC)², n.d. Web. Accessed 27 Mar. 2023.

“12 Common Network Protocols and Their Functions Explained | TechTarget.” Networking, Accessed 27 Mar. 2023.

“20 Quotes on Digital Transformation for C-Suite.” CGS, 21 May 2021.

“23 Top Cybersecurity Frameworks” CyberExperts.Com. 1 Sept. 2019.

“5 Ways Endpoint Security and Network Security Should Work Together.” Palo Alto Networks, Accessed 27 Mar. 2023.

“8 Risks and Dangers of Artificial Intelligence to Know” Built In. Accessed 13 Mar. 2023.

“A New Way to Manage AI Risks: The National Institute of Standards and Technology’s AI Risk Management Framework” McCarthy Tétrault, 23 Feb. 2023.

“About CISA.” Cybersecurity & Infrastructure Security Agency (CISA), n.d. Web.

“About Open Government.” Treasury Board of Canada. Accessed 21 Mar. 2023.

“Achieve Digital Resilience by Managing Digital Risk.”. Accessed 13 Mar. 2023.

Adam, Sally. "The state of ransomware 2020." Sophos News, 12 May 2020. Web.

“AI Adoption Cost Decrease Worldwide 2020.” Statista, Accessed 13 Mar. 2023.

“AI Defense against Today’s Cyber Threats | Bfore.AI.” LOGON Software Asia, 2 June 2022.

“AI for Recruiting and Facilitating Skilled Workforce” AI-TechPark. 4 Mar. 2021.

“AI in Workforce Management.” Deloitte United States. Accessed 13 Mar. 2023.

“AI Risk Management Framework FAQs.” NIST, July 2021.

Alkhalil, Zainab, et al. “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy.” Frontiers in Computer Science, vol. 3, 2021. Frontiers.

Amos, Zac. “6 Ways Artificial Intelligence Can Cut Business Costs.” Techvera, Zac Amos, 22 Sept. 2021.

Amy-Vogt, Betsy. "The cybersecurity skills gap: California educates the workforce of the future." Silicon Angle, 9 Oct. 2020. Web.

“An Introduction to Networking Terminology, Interfaces, and Protocols” DigitalOcean. Accessed 27 Mar. 2023.

“An Introduction to the Cyber Threat Environment.” Canadian Centre for Cyber Security, 28 Oct. 2022.

Annapolis, Adam Stone Adam Stone writes on technology trends from, et al. “Federal Agencies Ramp Up Their Cyber Hiring Efforts.” Technology Solutions That Drive Government, Accessed 13 Mar. 2023.

“Applying COSO ERM Framework Principles to AI.” Deloitte United States. Accessed 13 Mar. 2023.

“Artificial Intelligence (AI) for Cybersecurity.” Blackberry. Accessed 14 Mar. 2023.

“Artificial Intelligence (AI) for Cybersecurity” IBM. Accessed 14 Mar. 2023.

“Artificial Intelligence (AI).” United States Department of State, Accessed 21 Mar. 2023.

“Artificial Intelligence Risk Management Framework.” Federal Register, 29 July 2021,

Ayuya, Collins. “Network Segmentation vs Microsegmentation.” ServerWatch, 20 July 2022,

Bello, Abubakar, et al. "A Systemic Review of the Cybersecurity Challenges in Australian Water Infrastructure Management." Water, 2022, vol. 15, no. 1: 168.

Brewster, Thomas. “Warnings As Destructive ‘Shamoon’ Cyber Attacks Hit Middle East Energy Industry.” Forbes, Accessed 21 Mar. 2023.

Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, Accessed 13 Mar. 2023.

Buehler, Kevin, et al. “Identifying and Managing Your Biggest AI Risks.” McKinsey, 3 May 2021. Accessed 13 Mar. 2023.

“Build a Service-Based Security Resourcing Plan.” Accessed 13 Mar. 2023.

“Build a Zero Trust Roadmap.” Accessed 13 Mar. 2023.

“Canada and the Open Government Partnership.” GAC, 19 Oct. 2015,

“Canada’s Action Plan on Open Government 2012-2014.” Accessed 21 Mar. 2023.

Catota, Frankie E., et al. “Cybersecurity Education in a Developing Nation: The Ecuadorian Environment.” Journal of Cybersecurity, vol. 5, no. 1, Jan. 2019.

Cawley, Christian, et al. “Best MDM Solutions of 2023.” TechRadar, 8 Dec. 2021.

Christensen, Tom, and Per Lægreid. “Trust in Government: The Relative Importance of Service Satisfaction, Political Factors, and Demography.” Public Performance & Management Review, vol. 28, no. 4, 2005, pp. 487–511. JSTOR.

“Close the InfoSec Skills Gap.” Accessed 13 Mar. 2023.

“Cloud Adoption Strategy: 2023 Update.” Treasury Board of Canada, 18 Jan. 2023.

“Comparing Network Segmentation vs. Microsegmentation.” TechTarget Security. Accessed 27 Mar. 2023.

“Compensation Flexibilities to Recruit and Retain Cybersecurity Professionals.” US Office of Personnel Management. N.d. Web.

“Cyber AI: Real Defense.” Deloitte Insights, Accessed 13 Mar. 2023.

“Cyber Security Principles: Understanding Key Concepts.” Verizon Enterprise, Accessed 27 Mar. 2023.

“Cybersecurity Fundamentals | Modules of Cybersecurity Fundamentals.” EDUCBA, 22 Oct. 2019,

“Cybersecurity Talent Initiative.” Go Government, Accessed 21 Mar. 2023.

“Cybersecurity Training Can Close Skills Gap for Safer World.” World Economic Forum, 28 May 2021.

“Cybersecurity Workforce Development.” Info-Tech Research Group | Info-Tech Research Group. Accessed 13 Mar. 2023.

“Cybersecurity Workforce Training Guide.” DDOSD | Homeland Security. Accessed 21 Mar. 2023.

“Cybersecurity: Close the Skills Gap to Improve Resilience.” World Economic Forum, 1 Feb. 2023.

Davies, Vikki. “Implementing Artificial Intelligence into a HR Strategy.” Cyber Magazine, 2 Sept. 2022.

“Defense Unveils New Cyber Workforce Strategy.” Nextgov.Com, 13 Mar. 2023.

“Department of Defense Releases Zero Trust Strategy and Roadmap.” U.S. Department of Defense, Accessed 13 Mar. 2023.

“Developing Cyber-Resilient Systems: A Systems Security Engineering Approach: NIST Publishes SP 800-160 Vol. 2, Revision 1.” NIST, Dec. 2021.

“DHS Launches Innovative Hiring Program to Recruit and Retain World-Class Cyber Talent.” Homeland Security. Accessed 13 Mar. 2023.

“Digital Government: Building a 21st Century Platform to Better Serve the American People.” White House. Accessed 21 Mar. 2023.

“Digital Operations Strategic Plan: 2018-2022.” Treasury Board of Canada, 13 May 2021.

“Digital Strategy for Defence.” GOV.UK, Accessed 13 Mar. 2023.

“Digital Transformation Value.” Deloitte, 14 Feb. 2023. Accessed 13 Mar. 2023.

“DOD Releases Path to Cyber Security Through Zero Trust Architecture.” U.S. Department of Defense, Accessed 13 Mar. 2023.

Drapkin, Aaron. “Data Breaches That Have Happened in 2023 So Far - Updated List.” Tech.Co, 30 Jan. 2023.

Dunlap, Stefanie. “5 Enterprise Content Management Use Cases to Consider.” Impact Networking, 20 Oct. 2021.

Edwards, John. “How Microsegmentation Can Limit the Damage That Hackers Do.” Network World, 16 Apr. 2020.

“Embracing AI Is Key to Combatting Evolving Cyber Threats.” PCQuest, 10 Mar. 2023.

“Embracing the Rapid Pace of AI.” MIT Technology Review, Accessed 14 Mar. 2023.

“Emerging Technologies: Implications for the Future of Risk Management.” Accessed 14 Mar. 2023.

Esibov, Alex Weinert, Paul Mayfield, Yinon Costica, Sinead O’Donovan, Gagan Gulati, Dilip Radhakrishnan, Yair Tor, Alex. “Traditional Perimeter-Based Network Defense Is Obsolete—Transform to a Zero Trust Model.” Microsoft Security Blog, 23 Oct. 2019.

“Estonia: To Black Out an Entire Country – Part One.” Infosec Resources, Accessed 21 Mar. 2023.

“Fact Check-Fake BBC News Broadcast Claiming That Nuclear War Is Imminent between Russia and NATO Recirculates.” Reuters, 24 Jan. 2022.

“FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy.” The White House, 2 Mar. 2023.

“FACT SHEET: National Cyber Workforce and Education Summit.” The White House, 22 July 2022.

Farnham, Kezia. “How to Implement Zero Trust: A Step-by-Step Roadmap.” Diligent, 10 Feb. 2022. Accessed 13 Mar. 2023.

Feiman, Joseph. “Council Post: AI And The Cybersecurity Workforce: A Whole New World.” Forbes, Accessed 13 Mar. 2023.

Fraudwatch, Admin. “5 Common Digital Threats - How to Mitigate, Defend & Prevent.” Digital Brand Protection – FraudWatch, 3 Aug. 2020.

“Fundamentals of Cyber Security for Canada’s CI Community.” Public Safety Canada, 21 Dec. 2018.

Gatefy. “6 Most Common Email Threats Explained - Gatefy | Secure Your Email!” Gatefy, 17 Mar. 2021

Gill, Jaspreet. “DoD’s New Cyber Workforce Strategy Creates New AI, Data-Focused Work Roles.” Breaking Defense, 15 Feb. 2023.

“Global Risks Report 2022.” World Economic Forum, 11 Jan. 2022 Accessed 13 Mar. 2023.

“Government & Public Sector Consulting.” Publicis Sapient. Accessed 21 Mar. 2023.

“Home Page - Cyber Security Challenge UK.” Cyber Security Challenge UK, Accessed 21 Mar. 2023.

“How to Build a Culture of Cybersecurity.” MIT Sloan, 21 Mar. 2023.

“IBM Canada, University of Ottawa to Establish State-of-the-Art Cyber Range to Train for Cybersecurity Threats.” About Us, Accessed 21 Mar. 2023.

“IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine.” Security Intelligence, 24 Feb. 2022.

“In New Cyber Workforce Strategy, DoD Hopes ‘bold’ Retention Initiatives Keep Talent Coming Back.” Breaking Defense, 9 Mar. 2023.

“Information Security: Computer Attacks at Department of Defense Pose Increasing Risks.” Department of Defense, 22 May 1996. Accessed 21 Mar. 2023.

“International Cyber Policy.” GAC, 21 Feb. 2017.

Jayaraman, Prasad, et al. “Shape the Future Cyber Security Workforce - KPMG Global.” KPMG, 9 Aug. 2021.

Junaideen, Amry, et al. "Government’s broader role in cyber." Deloitte Insights, 4 Mar. 2021. Web.

Kardon, Steve. “Florida Water Treatment Plant Hit With Cyber Attack.” Industrial Defender, 9 Feb. 2021. Accessed 21 Mar. 2023.

Kerry, Cameron F. “Why Protecting Privacy Is a Losing Game Today—and How to Change the Game.” Brookings, 12 July 2018,

Leinwand, Paul, and Mahadeva Matt Mani. “Digitizing Isn’t the Same as Digital Transformation.” Harvard Business Review, 26 Mar. 2021. hbr.org,

Lewis, James Andrew, and William Crumpler. The Cybersecurity Workforce Gap. Jan. 2019.

Li, Yuchong, and Qinghui Liu. “A Comprehensive Review Study of Cyber-Attacks and Cyber Security; Emerging Trends and Recent Developments.” Energy Reports, vol. 7, Nov. 2021, pp. 8176–86. ScienceDirect,

Lostri, Eugenia, et al. A Shared Responsibility: Public-Private Cooperation for Cybersecurity. Mar. 2022.

Lovelace, Ryan. “Pentagon Preparing to Let Its Cyber Sleuths Work from Home.” The Washington Times, Accessed 13 Mar. 2023.

Manyika, James, et al. “What Do We Do About the Biases in AI?” Harvard Business Review, 25 Oct. 2019. hbr.org,

Marks, Joseph, and Aaron Schaffer. "Cybersecurity 202: The government’s facing a severe shortage of cyber workers when it needs them the most." The Washington Post, 2 Aug. 2021. Web.

Mathenge, Joseph. “What Is a Cyber Resilience Strategy?” BMC Blogs, Accessed 13 Mar. 2023.

McKeown, Philip. “What Are the Risks of Artificial Intelligence?” Audit Board, 28 Apr. 2021.

McLaughlin, Jenna. “Russia Bombards Ukraine with Cyberattacks, but the Impact Appears Limited.” NPR, 3 Mar. 2023. NPR,

Miller, Maggie. “DHS Announces New Program to Attract and Retain Cybersecurity Talent.” The Hill, 15 Nov. 2021,

Moghe, Shimon Prokupecz, Tal Kopan,Sonia. “Former Official: Iranians Hacked into New York Dam | CNN Politics.” CNN, 21 Dec. 2015,

“Multi-Factor Authentication to Access CRA Sign-in Services.” Canada Revenue Agency, 5 Nov. 2020,

Nanda, Richard, et al. “A New Approach That Transcends Technology.” Deloitte Insights, 23 Sept. 2021. Accessed 13 Mar. 2023.

National Action Plan on Open Government. Accessed 21 Mar. 2023.

“National Cyber Security Action Plan (2019-2024).” Public Safety Canada. 7 Aug. 2019,

National Cyber Security Strategy: Canada’s Vision for Security and Prosperity in the Digital Age. 21 Dec. 2018,

“National Cyber Threat Assessment 2023-2024.” Canadian Centre for Cyber Security, 28 Oct. 2022,

“National Cyber: Our Nation Is at Risk, it Starts With Cyber.” Accessed 21 Mar. 2023.

“National Initiative for Cybersecurity Education (NICE).” NIST, Apr. 2016.

“Network Security Architecture.” Check Point Software, Accessed 14 Mar. 2023.

“New Boost to Increase Diversity in Nation’s Cyber Security Industry.” GOV.UK, Accessed 21 Mar. 2023.

Newman, Daniel. “Top 10 Digital Transformation Trends For 2023.” Forbes, Accessed 14 Mar. 2023.

“NIST Revises Guidance for Developing Cyber-Resilient Systems | CSRC.” CSRC | NIST, 9 Dec. 2021,

“Ottawa Invests $80 Million to Support Cybersecurity R&D and Commercialization.” IT World Canada. 6 May 2021,

Pavlou, Christina. “AI in HR: Benefits, Limitations, and Challenges of Artificial Intelligence in the Workplace.” EFront Blog, 18 May 2022,

Pazzanese, Christina. “Ethical Concerns Mount as AI Takes Bigger Decision-Making Role.” Harvard Gazette, 26 Oct. 2020,

Peiser, Jaclyn. “A Hacker Broke into a Florida Town’s Water Supply and Tried to Poison It with Lye, Police Said.” The Washington Post, 9 Feb. 2021.

“Perimeter Networks - Cloud Adoption Framework.” Microsoft Build, 20 Jan. 2023,

Perlroth, Nicole. “Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies.” The New York Times, 18 Feb. 2019. NYTimes.com,

“Pioneering a New National Security: The Ethics of Artificial Intelligence.” GCHQ, 25 Feb. 2021. Web.

PricewaterhouseCoopers. “Digital Government.” PwC, Accessed 21 Mar. 2023.

“Protecting against the Changing Cybersecurity Risk Landscape.” Deloitte United States, Accessed 14 Mar. 2023.

Qureshi, Zia. “How Digital Transformation Is Driving Economic Change.” Brookings, 18 Jan. 2022,

Quytech. “How Artificial Intelligence Reduces the Cost of Doing Business.” Quytech Blog, 16 Dec. 2019,

Rathnayake, Dilki. “Artificial Intelligence, a New Chapter for Cybersecurity?” Tripwire, 10 Nov. 2022. Accessed 14 Mar. 2023.

Reicin, Eric. “Council Post: AI Can Be A Force For Good In Recruiting And Hiring New Employees.” Forbes, Accessed 13 Mar. 2023.

Romo, Vanessa. “Pro-Russian Hackers Claim Responsibility for Knocking U.S. Airport Websites Offline.” NPR, 10 Oct. 2022. NPR,

Seeman, Bob. “What, How, and Why of Artificial Intelligence Risk Management.” LinkedIn, 5 Feb. 2023. Accessed 13 Mar. 2023.

“Seventy-Four Percent of Organizations Attribute Damaging Cyberattacks to Vulnerabilities in Technology Put in Place During the Pandemic, According to Global Industry Study.” GlobeNewswire News Room, 22 Sept. 2021,

Sganga, Nicole. “Higher Pay, Less Red Tape: U.S. Launches Effort to Recruit Talent to Fight Cyberattacks.” CBS News, 15 Nov. 2021.

Sims, Harvey. “Public Confidence in Government, and Government Service Delivery.” Canadian Centre for Management Development.

Singha, Richard. "5 Reasons Why Enterprises Need Cyber Security Awareness and Training." Security Boulevard, 12 Apr. 2021. Web.

Staff, S. C. “New Cyber Workforce Strategy Released by Defense Department.” SC Media, 13 Mar. 2023,

“State of the Cybersecurity Workforce: New ISACA Research Shows Highest Retention Difficulties in Years.” ISACA, 23, mar. 2022. Web.

Sullivan, Bob. "Digital transformation & cyber risk: what you need to know to stay safe." Ponemon-Sullivan Privacy Report, 13 July 2020. Web.

Swaniker, Peter. “3 Ways AI Simplifies Workforce Management And Improves Team Morale.” Medium, 18 Oct. 2018,

“Talent and Workforce Effects in the Age of AI.” Deloitte Insights, Accessed 13 Mar. 2023.

Teale, Chris. "State cyber workforce challenges reaching ‘crisis levels.’" GCN, 20 Mar. 2023. Web.

“Digital Transformation Pros & Cons: What You Need To Do To Win.” Digital Adoption, 12 Mar. 2019.

“The 21 Latest Emerging Cyber Threats & Attacks” Aura. Accessed 14 Mar. 2023.

“The 7 Red Flags of Phishing.” Get Cyber Safe, 24 June 2020,

“The changing faces of cybersecurity – Closing the cyber risk gap” by Deloitte. Accessed 21 Mar. 2023.

“The Dark Side of Digital Transformation: 8 Emerging Digital Risks.” Dell, 24 July 2019,

The Digital Transformation and Canada’s Economic Resilience. Accessed 14 Mar. 2023.

The Keys to a Successful Digital Transformation | McKinsey. Accessed 13 Mar. 2023.

“Threat Intelligence Report.” Blackberry, Jan. 2023. Accessed 21 Mar. 2023.

“U.S. Accuses China of Cyber Spying on American Companies.” Reuters, 19 May 2014.

Unintended Consequences - Desktop. Accessed 13 Mar. 2023.

“Update: Destructive Malware Targeting Organizations in Ukraine | CISA.” Cybersecurity and Infrastructure Security Agency CISA, 28 Apr. 2022,

“US Airports’ Sites Taken down in DDoS Attacks by pro-Russian Hackers.” BleepingComputer, Accessed 21 Mar. 2023.

“What Are the Most Pressing Dangers of AI? | One Hundred Year Study on Artificial Intelligence.” AI100, 2021. Accessed 13 Mar. 2023.

What Is a Cyberattack? | IBM. Accessed 21 Mar. 2023.

“What Is an Attack Surface and How to Protect It?” WhatIs.Com, Accessed 14 Mar. 2023.

“What Is an Attack Surface? Definition and How to Reduce It.” Fortinet, Accessed 14 Mar. 2023.

“What Is an Attack Surface?” IBM. Accessed 14 Mar. 2023.

“What is Cyber Resilience?” IBM, n.d. Accessed 13 Mar. 2023.

“What is threat management?” IBM, n.d. Web.

“What Is Zero Trust? | IBM. Accessed 14 Mar. 2023.

Wheatley, Sandra. “Cybersecurity Workforce Development Toolkit: 5 Best Practices | CISO Collective.” Fortinet Blog, 2 July 2021,

“Zero Trust Attack Surface Management: Five Easy Steps.” Optiv, Accessed 13 Mar. 2023.

“Zero Trust for Your Attack Surface Management Program.” Palo Alto Networks Blog, 11 Aug. 2021,

“Zero Trust Security Explained | Zero Trust Components & Implementation Best Practices.” ManageEngine. Accessed 14 Mar. 2023.