The world is changing in profound ways. These changes will significantly alter how the cybersecurity workforce will do its job in the future and will require creative, collaborative thinking and action. Currently, efforts to understand the future cybersecurity environment are focused on exercising responses to known technological threats at the sector or organizational level. This is limiting and could too narrowly focus planning and decisions, as it is not reflective of broader, macro-level global shifts across social, economic, environmental, and political changes that significantly impact the cybersecurity environment now and in the future. An approach is needed to facilitate understanding of how this broader risk environment may impact the future of cybersecurity. 'Alternative Futures' is a method by which we:
- identify macro-level factors that will impact our world (e.g., social, technological, economic, environmental, political, legal),
- create pro/con scenarios for changes brought about by these factors (e.g., how will our world benefit or be worse off?),
- identify key drivers of change that could invoke these scenarios (e.g., changes in global interdependencies, government budgets, access to information, demographic shifts), and
- identify strategic needs for these alternate futures.
Results from a small study we conducted of cybersecurity professionals across a range of roles aligned to NIST's Cybersecurity Workforce Framework indicated that they saw value in thinking more broadly and over a longer timeframe, as it would help to identify areas of risk convergence across multiple business functions, support CSO/CTO/CISO and governance board decision making processes, and ultimately inform a cybersecurity community that is prepared for whatever challenges the future holds and has a shared sense of direction and urgency to drive action toward meeting future needs.
To achieve these outcomes, we recommend creating cross-sector and cross-business line communities to facilitate thinking around Alternate Futures.
Harvard Business School, living in the Bay area. Program Manager - Cloud Compliance and Security, Big Data Expert, Entrepreneur and Mentor. 10+ years experience in the enterprise IT operations and technical program management. Helping companies build Secure Big Data and Predictive Analytics Platforms.
A Senior Strategist in Cyber & Infrastructure Resilience, Ms. Gordon has nearly two decades of experience in the Federally Funded Research and Development Center (FFRDC) and private sector communities developing technical and organizational solutions in the homeland security, cybersecurity, and infrastructure protection mission areas. She has led programs in strategy development, strategic foresight, and transformation that have advanced organizations' thinking and measurably improved mission outcomes. She is an advisor on ISO, ANSI, and NIST technical working groups on topics that range from the cybersecurity workforce to unmanned aerial systems to sustainable development. She also serves on curriculum advisory boards in the areas of cybersecurity and information technology, law and government, and resilient design, and is focused on the intersection of technology, ethics, and futures with her work in the Federal Futures Community of Interest (FFCOI). Ms. Gordon holds a Master's in Public Administration from the University of Massachusetts, Amherst.