US in mad dash to build cy­ber­se­cu­rity work­force

The News & Observer (Sunday) - - Focus - BY PAULETTE PERHACH

A stun­ning statis­tic is re­ver­ber­at­ing in cy­ber­se­cu­rity: An es­ti­mated 3.5 mil­lion cy­ber­se­cu­rity jobs will be avail­able but un­filled by 2021, ac­cord­ing to pre­dic­tions from Cy­ber­se­cu­rity Ven­tures and other ex­perts.

“It’s scary. Our power grid, our cars, our ev­ery­day de­vices – ba­si­cally ev­ery­thing is on­line and able to be at­tacked,” said Ge­or­gia Wei­d­man, au­thor of “Pen­e­tra­tion Test­ing: A Hands-On In­tro­duc­tion to Hack­ing.” Wei­d­man is the founder of two cy­ber­se­cu­rity com­pa­nies, Bulb Se­cu­rity, where she is chief ex­ec­u­tive, and She­vi­rah, where she is chief tech­nol­ogy of­fi­cer. She­vi­rah spe­cial­izes in se­cu­rity for mo­bile de­vices.

“It would cer­tainly cause mass de­struc­tion if our power grid went down or our wa­ter pumps started go­ing hay­wire or our dams de­cided to open all their sluices,” she said. “That’s ac­tu­ally some­thing that could hap­pen.”

Ac­cord­ing to a re­port re­leased this year by the Iden­tity Theft Re­source Cen­ter, the num­ber of data breaches tracked in the United States in 2017 hit a high of more than 1,500, up al­most 45 per­cent over 2016. In one in­ci­dent this year, the data of 29 mil­lion Face­book users was stolen.

In re­sponse to the sheer num­ber of new dig­i­tal gates that might be left open, em­ploy­ers and ed­u­ca­tors have had to be­come more creative in find­ing peo­ple to guard them.

They need pen­e­tra­tion testers to sim­u­late at­tacks to find and fix vul­ner­a­bil­i­ties that could be ex­ploited by a real at­tacker.

They need mal­ware an­a­lysts to find out what ma­li­cious pro­grams do so they can pro­tect from the at­tacks.

They need se­cu­rity re­searchers to dis­cover new vul­ner­a­bil­i­ties in ap­pli­ca­tions and other prod­ucts – be­fore the thieves do – so they can be fixed. They need se­cu­rity ar­chi­tects to make sure all the best prac­tices are be­ing fol­lowed.

Ac­cord­ing to the chief econ­o­mist for LinkedIn, Guy Berger, there was a short­age as of Septem­ber of 11,000 peo­ple with cy­ber­se­cu­rity skills in the San Fran­cisco Bay Area, 5,000 in New York and al­most 4,000 in Seat­tle, the ar­eas with the largest con­cen­tra­tion of need.

Some ma­jor cor­po­ra­tions have openly taken to hir­ing hack­ers to help pro­tect them. An ex­treme ex­am­ple is Kevin Mit­nick, who hacked into cor­po­ra­tions, landed on the FBI Most Wanted Fugi­tives list and went to jail for five years, but is now a se­cu­rity con­sul­tant to For­tune 500 com­pa­nies and gov­ern­ments. As he says on his web­site about hack­ers, “It takes one to know one.”

Many com­pa­nies are also putting less em­pha­sis on the need for a col­lege de­gree to qual­ify for a cy­ber­se­cu­rity job, Wei­d­man said. With an un­der­grad­u­ate de­gree in math­e­mat­ics from Mary Bald­win Col­lege in Staunton, Vir­ginia, and a master’s in com­puter science from James Madi­son Univer­sity in Har­rison­burg, Vir­ginia, Wei­d­man said she had seen how much hand­son ex­pe­ri­ence re­ally mat­tered in the cy­ber­field. That in­sight came early when she par­tic­i­pated in the Na­tional Col­le­giate Cy­ber De­fense Com­pe­ti­tion as a stu­dent.

The com­pe­ti­tion, which be­gan in 2005, is held at col­leges across the coun­try and de­signed to test stu­dent teams’ abil­i­ties to de­tect and re­spond to out­side threats and to pro­tect ser­vices such as mail servers and web servers. The spon­sors in­clude high-tech com­pa­nies like de­fense con­trac­tor Raytheon and IBM, but also re­tail­ers like Wal­mart and trans­porta­tion com­pa­nies like Uber.

Re­call­ing the dif­fer­ence be­tween the­o­ret­i­cal learn­ing in col­lege and hands-on ex­pe­ri­ence, Wei­d­man said she could do a lot of math about com­puter net­work­ing, “but could I ac­tu­ally man­age a net­work at a com­pany? Ab­so­lutely not.”

The peo­ple who were in com­mu­nity col­leges would “wipe the floor with those of us at uni­ver­si­ties, be­cause com­mu­nity col­leges re­ally were fo­cused on how to do these things,” she said. “I think that peo­ple at the univer­sity level are start­ing to re­al­ize that we need more hand­son skills in cy­ber­se­cu­rity, as well as just the the­ory.”

Shamla Naidoo, global chief in­for­ma­tion se­cu­rity of­fi­cer for IBM, has had suc­cess reach­ing out to moth­ers re­turn­ing to work, as well as to vet­er­ans, to find po­ten­tial cy­ber­se­cu­rity work­ers.

“We’ve been talk­ing about this for the last few years,” Naidoo said. “The first year, I spent a lot of time wor­ry­ing about it. After that I thought, there’s no point in wor­ry­ing about it, I’m go­ing to have to go act, and I’m go­ing to have to act in a non­tra­di­tional way. Post­ing a job de­scrip­tion and hop­ing peo­ple are go­ing to show up and ap­ply to the job wasn’t work­ing be­cause the peo­ple just didn’t ex­ist. So rather than try­ing to hire the skills and know­ing they’re not as eas­ily avail­able, let’s cre­ate the skills in­ter­nally.”

‘‘ POST­ING A JOB DE­SCRIP­TION AND HOP­ING PEO­PLE ARE GO­ING TO SHOW UP AND AP­PLY TO THE JOB WASN’T WORK­ING BE­CAUSE THE PEO­PLE JUST DIDN’T EX­IST. Shamla Naidoo, IBM

SANDY CAR­SON NYT

Shamla Naidoo, sec­ond from left, global chief in­for­ma­tion se­cu­rity of­fi­cer for IBM, has had suc­cess reach­ing out to moth­ers re­turn­ing to work, as well as to mil­i­tary vet­er­ans, to find po­ten­tial cy­ber­se­cu­rity work­ers.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.