Cyber crime fight has limits
States often face financial disadvantages as they try to recruit cybersecurity pros
CHICAGO — Austin Moody wanted to apply his cybersecurity skills in his home state of Michigan, teaming up with investigators for the State Police to analyze evidence and track down criminals.
But the recent graduate set the idea aside after learning an unpaid internship was his only way into the Michigan agency.
“I don’t know many people that can afford to take an unpaid internship, especially when it’s in such high demand in the private sector,” Moody said of fellow cybersecurity job seekers. “Unpaid internships in cyber aren’t really a thing beyond the public sector.”
Hiring and keeping staff capable of helping fend off a constant stream of cyberattacks and less severe online threats tops the list of concerns for state technology leaders.
There’s a severe shortage of those professionals and not enough financial firepower to compete with federal counterparts, global brands and specialized cybersecurity firms.
“People who are still in school are being told, ‘There’s a really good opportunity in cybersecurity, really good opportunities for high pay,’ ” said Drew Schmitt, a principal threat intelligence analyst with the cybersecurity firm GuidePoint Security.
“And ultimately these state and local governments just can’t keep up from a salary perspective with a lot of private organizations.”
State governments are regular targets for cybercriminals, drawn by the troves of personal data within agencies and computer networks that are essential to patrolling highways, maintaining election systems and other key state services.
Notable hits since 2019 include the Washington state auditor, Illinois’ attorney general, Georgia’s Department of Public Safety and computer servers supporting much of Louisiana’s state agencies.
Cities, too, come under attack, and they have even fewer resources than states to stand up cyber defenses.
Aided by industry groups, the federal government and individual states have created training programs, competitions and scholarships in hopes of producing more cybersecurity pros nationwide. Those strategies could take years to pay off, however. States have turned to outside contractors, civilian volunteers and National Guard units for help when their systems are taken down by ransomware and other hacks.
States needed to fill nearly 9,000 cybersecurity jobs as of this summer, according to CyberSeek a joint project of the Computing Technology Industry Association and the National Institute of Standards and Technology.
The total is probably higher because the project doesn’t count job listings that states posted only to their own employment portal.
The $95,412 average salary of a local or state government cyber employee lagged by $25,000 or more in 2020 compared with the pay in the federal government, the financial services industry and IT services, according to a survey conducted by the International Information System Security Certification Consortium, a trade association.
Information security analysts earned a median salary of $103,590 in May 2020, according to the Bureau of Labor Statistics. Cyberseek puts starting salaries close to $90,000 across all employers.