US in mad dash to build work­force in cy­ber­se­cu­rity field

The Charlotte Observer (Sunday) - - Business - BY PAULETTE PERHACH New York Times

A stun­ning statis­tic is re­ver­ber­at­ing in cy­ber­se­cu­rity: An es­ti­mated 3.5 mil­lion cy­ber­se­cu­rity jobs will be avail­able but un­filled by 2021, ac­cord­ing to pre­dic­tions from Cy­ber­se­cu­rity Ven­tures and other ex­perts.

“It’s scary. Our power grid, our cars, our ev­ery­day de­vices – ba­si­cally ev­ery­thing is on­line and able to be at­tacked,” said Ge­or­gia Wei­d­man, au­thor of “Pen­e­tra­tion Test­ing: A Hand­sOn In­tro­duc­tion to Hack­ing.” Wei­d­man is the founder of two cy­ber­se­cu­rity com­pa­nies, Bulb Se­cu­rity, where she is CEO, and She­vi­rah, where she is chief tech­nol­ogy of­fi­cer. She­vi­rah spe­cial­izes in se­cu­rity for mo­bile de­vices.

“It would cer­tainly cause mass de­struc­tion if our power grid went down or our wa­ter pumps started go­ing hay­wire or our dams de­cided to open all their sluices,” she said. “That’s ac­tu­ally some­thing that could hap­pen.”

Ac­cord­ing to a re­port re­leased this year by the Iden­tity Theft Re­source Cen­ter, the num­ber of data breaches tracked in the United States in 2017 hit a high of more than 1,500, up al­most 45 per­cent over 2016. In one in­ci­dent this year, the data of 29 mil­lion Face­book users was stolen.

In re­sponse to the sheer num­ber of new dig­i­tal gates that might be left open, em­ploy­ers and ed­u­ca­tors have had to be­come more cre­ative in find­ing peo­ple to guard them.

They need pen­e­tra­tion testers to sim­u­late at­tacks to find and fix vul­ner­a­bil- ities that could be ex­ploited by a real at­tacker.

They need mal­ware an­a­lysts to find out what ma­li­cious pro­grams do so they can pro­tect from the at­tacks.

They need se­cu­rity re­searchers to dis­cover new vul­ner­a­bil­i­ties in ap­pli­ca­tions and other prod­ucts – be­fore the thieves do – so they can be fixed. They need se­cu­rity ar­chi­tects to make sure all the best prac­tices are be­ing fol­lowed.

Ac­cord­ing to the chief econ­o­mist for LinkedIn, Guy Berger, there was a short­age as of Septem­ber of 11,000 peo­ple with cy­ber­se­cu­rity skills in the San Fran­cisco Bay Area, 5,000 in New York and al­most 4,000 in Seat­tle, the ar­eas with the largest con­cen­tra­tion of need. LinkedIn reg­u­larly is­sues work­force re­ports based on its anal­y­sis of jobs data in the United States.

Some ma­jor cor­po­ra­tions have openly taken to hir­ing hack­ers to help pro­tect them. An ex­treme ex­am­ple is Kevin Mit­nick, who hacked into cor­po­ra­tions, landed on the FBI Most Wanted Fugi­tives list and went to jail for five years, but is now a se­cu­rity con­sul­tant to For­tune 500 com­pa­nies and gov­ern­ments. As he says on his web­site about hack­ers, “It takes one to know one.”

Many com­pa­nies are also putting less em­pha­sis on the need for a col­lege de­gree to qual­ify for a cy­ber­se­cu­rity job, Wei­d­man said. With an un­der­grad­u­ate de­gree in math­e­mat­ics from Mary Bald­win Col­lege in Staunton, Vir­ginia, and a mas­ter’s in com­puter sci­ence from James Madi­son Univer­sity in Har­rison­burg, Vir­ginia, Wei­d­man said she had seen how much hand­son ex­pe­ri­ence re­ally mat­tered in the cy­ber­field. That in­sight came early when she par­tic­i­pated in the Na­tional Col­le­giate Cy­ber De­fense Com­pe­ti­tion as a stu­dent.

The com­pe­ti­tion, which be­gan in 2005, is held at col­leges across the coun­try and de­signed to test stu­dent teams’ abil­i­ties to de­tect and re­spond to out­side threats and to pro­tect ser­vices such as mail servers and web servers. The spon­sors in­clude high-tech com­pa­nies like de­fense con­trac­tor Raytheon and IBM, but also re­tail­ers like Wal­mart and trans­porta­tion com­pa­nies like Uber.

Re­call­ing the dif­fer­ence be­tween the­o­ret­i­cal learn­ing in col­lege and hands-on ex­pe­ri­ence, Wei­d­man said she could do a lot of math about com­puter net­work­ing, “but could I ac­tu­ally man­age a net­work at a com­pany? Ab­so­lutely not.”

The peo­ple who were in com­mu­nity col­leges would “wipe the floor with those of us at uni­ver­si­ties, be­cause com­mu­nity col­leges re­ally were fo­cused on how to do these things,” she said. “I think that peo­ple at the univer­sity level are start­ing to re­al­ize that we need more hand­son skills in cy­ber­se­cu­rity, as well as just the the­ory.”

With that in mind, col­leges and uni­ver­si­ties are chang­ing their cur­ricu­lums. Wei­d­man is work­ing with the Tu­lane School of Pro­fes­sional Ad­vance­ment in New Or­leans to build an on­line class for its Ap­plied Com­put­ing Sys­tems & Tech­nol­ogy de­gree pro­gram.

At New York Univer­sity, the Cen­ter for Cy­ber­se­cu­rity has been oper­at­ing for 20 years and grad­u­ates about 50 stu­dents an­nu­ally. But this year, it cre­ated an on­line mas­ter’s pro­gram to help make the train­ing more af­ford­able in hopes of at­tract­ing more peo­ple to the field.


Shamla Naidoo, sec­ond from left, global chief in­for­ma­tion se­cu­rity of­fi­cer for IBM, has had suc­cess reach­ing out to groups such as vet­er­ans to find po­ten­tial cy­ber­se­cu­rity work­ers.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.