There is little argument that a severe shortage of information security professionals is the leading concern for employers looking to secure their data systems. In this “breach-a-day era”, where a new major cyber-security incursion is revealed nearly every day, it is impossible to deny the shortage of cyber-security professionals and the impact it is having on the effort to respond to the hacking war. And industry experts say it’s only likely to get worse.
At this year’s Black Hat USA 2014 conference the topic took center stage, and more often than not, the conference floor as well as more than one security firm openly sought resumes from anyone and everyone. The International Information Systems Security Certification Consortium has calculated that more than 300,000 cyber-security professionals are needed to maintain and manage business systems.
Just this week, the director of the National Security Agency announced that an additional 1,000 cyber-security professionals will be hired by his agency over the next three years to work on Department of Defense cyber-security initiatives. Demand for cyber-security professionals is growing 3.5 times faster than the overall IT job market and 12 times faster than the total labor market.
Industry leaders are looking to the next generation to fill the open positions but while Millennials, those who are aged 18 to 26, don’t understand the importance of system security as a profession. Among the age segment, 60 percent were unaware of the cybersecurity profession and what the job involves, making them less likely to pursue a career in the field. “There’s an information gap,” Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), has said.
Almost two-thirds of the respondents in a recent survey indicated that high school computer classes did not provide the skills needed to pursue a career in cybersecurity or a related degree in college. According to Jeff Jacoby, program engineering director of cybersecurity at Raytheon, “We have to develop programs and we have to develop curriculum and we have to have a mature conversation around career opportunities.”
The answer to filling most of the security jobs may not be found in advanced college degrees in cyber-security but rather with individuals, often called “computer geeks, who demonstrate a unique skill-set and experience with data systems and their inner-workings. Being a certified “Computer Geek” may just trump a Master’s Degree in Computer Science at a time when responding to a crisis and getting a solution implemented is more important than analysis.
Filling the demand in the future will require the union of efforts of secondary schools, technical educators, colleges and industry leaders. The vast majority of Millennials, 87 percent, are reported to believe they have a personal responsibility for keeping themselves safe online. We just have to convince many more of them to consider a career that will keep the rest of us cyber-safe as well.