With a Major Cybersecurity Job Shortage, We Must Act Like We Are at War

Sangoiri/Shutterstock.com

The U.S. needs much more than the recent $14 billion cybersecurity budget increase to keep up with the bad guys.

Darren Guccione is CEO of Keeper Security.

Recently, the Internal Revenue Service revealed the data breach that happened in May via the agency’s “Get Transcript” program affected three times as many users as originally reported -- 334,000 accounts in all. The new information was discovered in a deeper analysis over a wider time period, and taxpayers who were potentially exposed will get letters from the IRS over the coming days.

This announcement comes on the heels of the massive OPM breach, shining a spotlight on the government’s failure to protect its networks. While the quantity of records hacked in the IRS breach pales in comparison to OPM, the type of information exposed is potentially just as damaging -- Social Security numbers, taxpayer ID numbers, work history, income sources -- all of these are available on IRS tax forms.

In both the OPM and IRS breaches, the government’s “lag-time” in fully discovering the impact was extremely drawn-out. The extent of the IRS data breach is just now becoming clear three months after it happened, while the OPM breach took the government four months to detect any hint of malicious activity. While thinking about these breaches, it’s important to look at the greater issue at hand: We are in the midst of a cyberwar and the bad guys are winning.  

Recently, businesses and governments all over the world have acknowledged this disturbing fact with “quick fixes” that haven’t yet addressed the larger problem. We live in a world with hackers who are capable of breaking into all but the most highly sophisticated systems. Much like the United States on the morning of Dec. 8, 1941, the day after Pearl Harbor, businesses and governments have had to acknowledge they’ve been caught by surprise and are unprepared to defend themselves in cyberwarfare.

For evidence that the U.S. government is undermanned against hackers, we can look to the fact that the unemployment rate for cybersecurity professionals in Washington is 0 percent. This might seem like a great thing for people in this line of work, but it’s a warning that the good guys simply don’t have enough troops to win this war.

Outside the nation’s capital, the state of cybersecurity manpower is no better. The Cisco 2014 Annual Security Report found that the shortfall of cybersecurity personnel is at 1 million openings. By 2019, the number of opening is expected to rise to 1.5 million.

Just how bad is the job shortage and what does it mean for the nation’s cybersecurity?

Let’s start with the 0 percent unemployment statistic. As any economist will tell you, a 0 percent unemployment rate is not a good sign. It means the job market for cybersecurity professionals is out of whack, which leads to inflated salaries for the employees themselves and less productivity for the economy overall.

It also means cyber professionals are hopping from one job to another, leaving gaps in how their systems are protected, also increasing the likelihood of attacks. Finally, businesses are forced to train or hire unqualified employees to fulfill their cybersecurity needs.

It’s no wonder 86 percent of organizations believe there’s a shortage of skilled cybersecurity professionals and just 38 percent believe their organization is prepared for a cyberattack, according to a January survey from ISACA, an international professional association focused on IT governance.

The fear crosses over to government agencies as well, as we’ve seen with several high-level cyberattacks. For this reason, President Obama has been quietly recruiting top tech talent from companies such as Google and Facebook to increase the number of qualified cyber talent in Washington.

The top-paying cybersecurity job is a security software engineer with an average annual salary of $233,333, according to CSO magazine. In areas with lower employment rates (such as Washington, D.C.), salaries are inflated even higher, because everyone is competing for the same pool of potential applicants.  

I reached out to a friend of mine, Terry Kurzynski, senior partner at HALOCK Security Labs, who confirmed this.  

“The fact that hacking can generate huge profits for a relatively unskilled, unethical hacker has created a market whereby the companies have to pay a premium for the skills and professionalism of the good-guy ethical hackers,” he stated. Companies are not only paying a premium for top cybersecurity professionals and ethical hackers, but also pouring money into training for less-experienced hires.

At one level, we should expect the market will self-correct. The government has a number of educational initiatives designed to introduce and train students for a cybersecurity career. A study from RAND Corporation concluded, “as the supply of cyber professionals currently in the educational pipeline increases, and the market reaches a stable, long-run equilibrium,” much of the shortage will disappear.

But when?

Again, we must accept we are at war and we can’t afford to wait for natural market forces to eventually increase the supply. Every week brings yet another high-level cybersecurity breach. In most cases, these are directed at commercial entities, with the object of stealing personal identifiable information to sell on the black market. But not all.

Many are directed at government agencies with the direct goal of stealing secrets that could compromise national security. For instance, the data breach at OPM is now believed to have been carried out by hackers in China. Cyberwarfare is very much a clear and present danger.

Even though the recent cybersecurity budget increase to $14 billion is a small step in the right direction, much more is required if we’re ever going to keep up with the bad guys.

Here are three critical things that need to happen to address the cyber workforce shortage:

‘Fast-track’ the hiring process for cybersecurity professionals in the public sector.

The RAND study notes that several government rules and regulations make it difficult to quickly hire cybersecurity professionals, even as certain agencies, such as the National Security Agency, are able to circumvent these laborious processes. The NSA standard, if not the identical waiver, should be expanded across all levels of government.

Emphasize cybersecurity at all education levels.

Students as young as first or second grade should be taught the importance of cybersecurity. As they progress in their education, the lessons and skills they learn should increase as well. Colleges and universities should also mandate a cybersecurity course for all incoming freshman, not just to teach lifelong cyber skills, but also to highlight the new threats and trends in what is an exciting, fast-paced and quite lucrative field.  

Initiate a comprehensive, robust public-awareness campaign across all media channels.

State and federal governments should coordinate with private entities to launch public-awareness campaigns that highlight the tremendous job opportunities available in the cybersecurity field. For example, October is Cybersecurity Awareness month, which is an ideal time to blanket the airwaves with a concerted, aggressive public-awareness effort.  

In the winter of 1942, the United States couldn’t wait for market forces to increase its production of war machines and soldiers. The government had to coordinate efforts with private enterprises to turn the nation on to a war footing. We are at a similar moment and if we are to beat the enemy, we need to recognize that nothing less than our national security is at stake.

(Image via Sangoiri/ Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.