To find tomorrow’s badly needed cyberworker, organizations may start looking at high school students, inexperienced adults and even young hackers.
“We work every day to improve our technology, to improve our risk management capabilities for our customers,” said Ed Cabrera, chief cybersecurity officer for Trend Micro, speaking at CDW’s Managing Risk SummIT in Boston. “But if you don’t have the right people — in-house or externally — supporting you, it’s not going to get anywhere.”
With more than 300,000 open cybersecurity jobs in the public and private sectors combined, the rush to find workers to fill those positions is on. It takes an average of nine to 12 months to fill a position once it opens, said Bob Bragdon, publisher of the online magazine CSO.
Most open slots are in jobs that focus on operating and maintaining a security system, protecting and defending the system and securely provisioning it, said Cabrera, a former CISO for the Secret Service who also worked for the Department of Homeland Security.
The shortages are worse in some parts of the country than in others, he said. Washington, D.C., needs 43,000 more cybersecurity workers; New York City, about 20,000; and Chicago, 11,500.
“It’s great for us as far as having a low unemployment rate within the industry, but obviously, it’s a problem we have to overcome,” Cabrera said. “Where can you — and how can you — develop the workforce you need to meet this challenge?"
Colleges, K—12 Schools Could Be Cybersecurity Pipelines
The easy answer is “college campuses,” but although there’s been increasing collaboration between industry and academia to develop cybersecurity programs, it’s still a slow road, he said.
Industry might want to consider younger candidates, even high school students, several experts suggested. “These kids, their aptitude is off the charts,” said Nick Bennett, director of professional services for Mandiant. “But the pipeline does not exist. There is not awareness in K–12 that [a cybersecurity career] is an option.”
Young adults with little experience may not be the experts companies are looking for, “but in four or five years, they will be a senior person,” said Sadik Al-Abdulla, director of security solutions for CDW.
Adults who have not actually considered cybersecurity work may also be a resource. When Cabrera was in the Secret Service, he found it difficult to find good cybersecurity candidates who could also pass the tough security clearance process (and, he added, who were willing to carry a gun).
“We had to look at possibly identifying aptitude within the agent population that existed for this, and say, OK, we’ll train you,” he said. Some already had computer science backgrounds, others were teachers, but they all had an interest and an aptitude, he added.
Security expert Brian Krebs, author of the Krebs on Security blog, made a bold suggestion: recruit young hackers before they turn criminal. If colleges can sign seventh- and eighth-graders for sports teams, why can’t companies search out young computer whizzes?
“At some point, we need to have a long-term strategy in this country about how to get these people involved for the good side,” he said. “There’s an opportunity there.”
Check out our event page for more articles and videos from the Managing Risk SummIT.