Training to fight cybercrime can pay off big
Want a career with zero chances of going jobless? Try the booming field of cybersecurity. Companies can’t hire fast enough. In the United States, companies report 209,000 cybersecurity jobs that are in need of filling.
It’ll only get worse. By 2019, according to the Cybersecurity Jobs Report, the workforce shortfall may reach 1.5 million. Globally, the shortage could hit 6 million, it added.
“The internet is growing faster than the growth of people to protect it,” said Michael Kaiser, chief executive of the National Cyber Security Alliance.
A dramatic rise in cybercrime has put government in competition with private companies for hiring cybersecurity experts. Private companies recoil at the possibility of hackers stealing their proprietary information, holding their data for ransom or plundering their servers of the personal information of clients.
The shortage in job candidates is not an easy or quick problem to address, experts said.
“It takes a long time to develop the instincts to be an effective cybersecurity engineer. You can’t just come out of college and know what to do,” said David Foote, a tech industry researcher and co-founder of Foote Partners of Vero Beach, Fla.
“The threat landscape changes all the time, and that’s hard to train for,” Kaiser added.
Foote said both government and private industry faced shortages: “In the short term, it’s not looking good. There are so many employers who are way behind in staffing.”
Some 46 percent of working cybersecurity professionals said they received solicitations for other jobs “at least once per week,” according to the State of Cyber Security Professional Careers, a survey released by the Enterprise Strategy Group and Information Systems Security Association.
“Turnover in the cybersecurity ranks could represent an existential risk to organizations in lower-paying industries like academia, health care, the public sector and retail,” the survey said.
In the federal government’s push to expand cybersecurity training, it has targeted all levels of education, including $125 million in National Science Foundation grants to primary and secondary schools. It has also designated nearly 200 colleges and universities as National Centers of Academic Excellence in Cyber Defense.
Many universities are gearing up programs to meet the surge in demand.
“We will start teaching the first group of students in two weeks,” said Alan M. Usas, the director of the new executive master’s in cybersecurity program at Brown University in Providence, R.I. “Interest has been extremely high.”
But luring students into cybersecurity can be a tough sell.
“People who are graduating from college are looking for the next killer app or to create the next startup,” said Katrina Timlin, an associate fellow in the Strategic Technologies Program at the Center for Strategic and International Studies, a Washington think tank.
Cybersecurity has little of the cachet of other areas of information technology, such as machine learning, and cybersecurity experts aren’t even always loved at their own companies. Their departments are not revenue generators. And their constant efforts to penetrate systems can raise hackles.
“They have to have that nonconformist edge where they can pick apart a problem. That kind of personality pushes some people’s buttons,” Timlin said.
As they look for flaws in existing networks and systems, cybersecurity experts can find themselves at loggerheads with technology engineers who built the systems, she said.
Foote’s consulting firm receives compensation data from 2,914 employers who report on what they pay 255,650 full-time technology professionals.
In the most recent quarter, Foote said, the firm found an average salary of $99,000 for a cyber security specialist with three years’ experience in design, deployment and administration of security systems. For a more senior employee with at least five years of experience and strong knowledge of digital controls and protection strategies, the national average salary is $118,000.
Cybersecurity jobs pay an average of $6,500 more than other information technology professions, a premium of 9 percent, according to Intel Security and the Center for Strategic and International Studies.