CYBEREYE

How to get hired fast: Be a cyber pro

Shortage of skilled pros won't be solved overnight, but the field has a lot of promise

Recent studies and surveys suggest that the cybersecurity workforce crisis is a multipronged problem. There is not only a shortage of workers but also a lack of skills among many of those already in the workforce. In addition, the field of cybersecurity is evolving rapidly, so we’ve got a problem that we'll be struggling with for some time.

It will take the cooperation of industry, government and academia to fill the ranks with the skills we need, and it will not happen overnight. But students who are interested in computer sciences and have a taste for the tit-for-tat game of protecting IT systems against well-financed and clever criminals should find a rich market for their skills for the foreseeable future.


Related stories:

Cyber educators to Congress: Let us handle it

Agencies are hard hit by shortage of cybersecurity pros


The move toward automation can help. Tools to monitor networks and systems, identify vulnerabilities, evaluate security status, and fix problems can take some of the pressure off the workforce. But there will always be a need for skilled people to keep an eye on those systems and anticipate things that a machine cannot.

The status of cybersecurity is in flux. It is moving from a trade or craft to a more professional status, with academic degrees and technical certifications, though it is not quite at the level of doctors and lawyers who have strict licensing requirements. For now, cybersecurity remains largely the realm of self-taught loner.

The founding fathers of cybersecurity were self-taught through necessity. A generation ago, there was little if any opportunity for training. Many of those who have since come up through the ranks still came to cybersecurity in roundabout ways, learning their skills through tinkering rather than formal programs.

W. Hord Tipton, executive director of certification organization International Information Systems Security Certification Consortium and former Interior Department CIO, said he has been told by corporate executives that they do not recruit cybersecurity personnel at colleges, targeting instead self-taught practitioners. Why? Because schools “are not producing the type of graduate that companies and government are looking for.”

That is changing. Academic programs are springing up in response to the growing demand. That is good not only for cybersecurity but also for schools. The prospect of employment is a powerful recruiting tool. Government and industry also are engaged in programs such as scholastic competitions that grab the interest of students and identify talent in high school and even earlier.

The most challenging hurdle ahead probably is identifying the skills that practitioners need. Those vary so much from sector to sector and change so much over time that it is practically impossible to teach someone more than the most basic lessons in a formal program. That is because the technology is evolving quickly and because the bad guys are doing a great job of innovating. Any cybersecurity professional worth his or her salt will spend a lot of time learning new skills.

Let’s hope that despite those challenges — or maybe because of them — cybersecurity becomes an attractive enough field to draw bright young people who think that matching wits all day with an unseen enemy is fun.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Mon, Jan 31, 2011

cyber training? I hope you mean something a little more than learning Microsoft Office and making themself look pretty on a resume. 9 times out of 10 most "cyber pros" need to learn how to talk to higher management and enforce the security practices part.

Thu, Dec 9, 2010 Jeffrey A. Williams

As an IT security professional specilizing in cryptography for a number of years there are indeed many job listings that I have seen. Most however are seemingly only there to collect resumes and are not actually hiring or are postponing hiring until all of the USG's cybersecurity standards are finalized.

Wed, Dec 8, 2010

Cyber training is available at no cost to eligible Maryland companies and unemployed or even underemployed. Contact your local workforce development office, each county has one.

Tue, Dec 7, 2010

So........... How does one train to be a cyber Pro???????

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above