Aug 16 2018
Security

Younger Candidates Could Bridge Cybersecurity Talent Gaps

Companies look to colleges, high schools and even nascent hackers to create a new pipeline of future security experts.
Elizabeth Neus
by

Elizabeth Neus is the managing editor of FedTech. Before joining FedTech, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.

To find tomorrow’s badly needed cyberworker, organizations may start looking at high school students, inexperienced adults and even young hackers.

“We work every day to improve our technology, to improve our risk management capabilities for our customers,” said Ed Cabrera, chief cybersecurity officer for Trend Micro, speaking at CDW’s Managing Risk SummIT in Boston. “But if you don’t have the right people — in-house or externally — supporting you, it’s not going to get anywhere.”

With more than 300,000 open cybersecurity jobs in the public and private sectors combined, the rush to find workers to fill those positions is on. It takes an average of nine to 12 months to fill a position once it opens, said Bob Bragdon, publisher of the online magazine CSO.

Most open slots are in jobs that focus on operating and maintaining a security system, protecting and defending the system and securely provisioning it, said Cabrera, a former CISO for the Secret Service who also worked for the Department of Homeland Security.

The shortages are worse in some parts of the country than in others, he said. Washington, D.C., needs 43,000 more cybersecurity workers; New York City, about 20,000; and Chicago, 11,500.

“It’s great for us as far as having a low unemployment rate within the industry, but obviously, it’s a problem we have to overcome,” Cabrera said. “Where can you — and how can you — develop the workforce you need to meet this challenge?"

SIGN UP: Get more news from the BizTech newsletter in your inbox every two weeks

Colleges, K—12 Schools Could Be Cybersecurity Pipelines

The easy answer is “college campuses,” but although there’s been increasing collaboration between industry and academia to develop cybersecurity programs, it’s still a slow road, he said.

Industry might want to consider younger candidates, even high school students, several experts suggested. “These kids, their aptitude is off the charts,” said Nick Bennett, director of professional services for Mandiant. “But the pipeline does not exist. There is not awareness in K–12 that [a cybersecurity career] is an option.”

Young adults with little experience may not be the experts companies are looking for, “but in four or five years, they will be a senior person,” said Sadik Al-Abdulla, director of security solutions for CDW.

Adults who have not actually considered cybersecurity work may also be a resource. When Cabrera was in the Secret Service, he found it difficult to find good cybersecurity candidates who could also pass the tough security clearance process (and, he added, who were willing to carry a gun).

“We had to look at possibly identifying aptitude within the agent population that existed for this, and say, OK, we’ll train you,” he said. Some already had computer science backgrounds, others were teachers, but they all had an interest and an aptitude, he added.

Cybersecurity-report_EasyTarget.jpg

Security expert Brian Krebs, author of the Krebs on Security blog, made a bold suggestion: recruit young hackers before they turn criminal. If colleges can sign seventh- and eighth-graders for sports teams, why can’t companies search out young computer whizzes?

“At some point, we need to have a long-term strategy in this country about how to get these people involved for the good side,” he said. “There’s an opportunity there.”

Check out our event page for more articles and videos from the Managing Risk SummIT.

 

4 Places to Find Help with Cyber Careers

Ed Cabrera, chief cybersecurity officer for Trend Micro, suggests these websites as resources for organizations searching for cybersecurity workers:

  •  CyberSeek (cyberseek.org) outlines possible career paths (and describes them by skill sets rather than title), provides maps of where the jobs are and suggests questions for decision-makers to consider. It’s for employers, students, job seekers, policymakers and more.
  • NICERC (nicerc.org), the National Integrated Cyber Education Research Center, focuses on K–12, providing professional development, curricula, programs and information on how to attract young students to STEM jobs.
  • CyberCompEx (cybercompex.org) is a resource for locating cyber competitions at which people of all ages can gain experience.
  • The National Initiative for Cybersecurity Careers and Studies (niccs.us-cert.gov) is a federal program that provides information on training and career opportunities in cybersecurity.
monkeybusinessimages/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now