States’ cybersecurity hirings falling behind
Immediate need to find, keep qualified IT professionals leads to veterans, students, women
WASHINGTON — Internships for veterans, cyber classes for high school and college students and mentoring programs — aimed especially at middle school girls — are among the ways states are trying to beef up their cybersecurity ranks.
Cybersecurity is the most pressing issue for state information technology officials, as hackers and cybercriminals increasingly take aim at government networks, which contain information such as Social Security, bank account and credit card numbers of millions of people and businesses.
But hiring and keeping qualified IT staffers, particularly cybersecurity experts, continues to be a serious problem for states, according to a recent survey of state chief information officers. Job candidates “don’t perceive state government as an attractive and challenging work environment,” the report said.
State cyber salaries generally can’t match those in private industry and it’s often hard to move up the ladder in state government. And the disappearance of generous government retirement plans is making the jobs less appealing to cyber professionals.
Stanton Gatewood, Georgia’s chief information security officer, said the shortage stems not only from competition from the private sector, an aging workforce and lack of interest from high school and college students, but from states’ stringent educational and experience requirements that make it hard to recruit. “We’re writing requirements that are just through the roof,” he said last month at the National Association of State Chief Information Officers’ annual conference in Austin.
Gatewood recommended that states rethink those requirements and seek out nontraditional job candidates who have different types of backgrounds, such as gamers, code writers, and law enforcement and military officials.
“It’s great to understand theory and principles. But we need to put the butts in the seats,” he said.
Cybersecurity openings
Nearly 300,000 public and private cybersecurity jobs are available in the U.S., according to CyberSeek, an interactive online tool for job seekers. Frost & Sullivan, a market research firm, forecasts a shortage of 1.8 million cybersecurity workers globally by 2022.
Some states are looking to the military
to try to fill cybersecurity jobs.
In March, Virginia, which has more than 700,000 veterans, kicked off its Cyber Vets Virginia pilot program in partnership with private industry and a Syracuse University research institute focused on veterans. The program aims to help veterans enter the cybersecurity field in Virginia by providing them free hands-on training, assistance in getting industry certification and career services.
The 12- to 15-week program is open to veterans, those transitioning out of the military, spouses, reservists and National Guard members. So far, more than 125 people have enrolled, said program administrator John Malfitano.
In Colorado, the Legislature allocated more than $900,000 this year to create and fund the Veterans Transition Program, a nine-month paid internship at the state technology department for service members leaving the military who have shown an interest or aptitude in cybersecurity or have some cyber experience.
The program started in July, and two veterans are already on board. Officials expect to add eight more.
“We’re hoping to create a pipeline for ourselves,” Blyth said. “So as we have turnover and openings, we are able to have these veterans transition into our agency.”
Scholarship programs
For the last two years, Virginia has offered a public service scholarship program to in-state college students studying cybersecurity. It awards them up to $20,000 a year and in return, they must commit to working at a state agency or institution for as many years as they receive the scholarship.
Virginia is also one of seven states that participate in a partnership with the SANS Institute, a global information security training company, to provide cyber skills to high school and college students through a free online training exercise called CyberStart. The top performers at the state level can win thousands of dollars in scholarships and compete nationally for up to $500,000 in scholarships for more advanced cyber coursework.
Delaware registered 359 students for this year’s program, and 20 of them received scholarships at the state level, said Elayne Starkey, Delaware’s chief information security officer. Delaware has also hosted and run weeklong national U.S. Cyber Challenge camps attended by hundreds of young people that offer workshops, labs and a competition, she said.
While such programs are a great way to entice young people to choose cybersecurity careers, Starkey said, it may not be enough to keep the pipeline of cyber talent flowing, considering the large number of experienced staffers who will retire in the coming years.
Male-dominated sector
While cybersecurity is a booming field, it’s still male-dominated. Women make up only 14 percent of the cyber workforce in North America, according to a 2017 study.
State officials say the pool of women qualified to fill cyber jobs is shallow, which makes it difficult for young girls interested in a cybersecurity career to find role models and mentors.
One way Delaware’s IT department is trying to break that cycle is by co-sponsoring an annual event that brings together 150 eighth- and ninth-grade girls to immerse them in technology and give them handson practice, Starkey said. One track is devoted to cybersecurity.
In Colorado, Blyth recently worked with a local university to start a chapter of CyberGirlz, an initiative that offers mentoring and workshops for middle-school girls interested in the cybersecurity field.