Wanted: Cybersecurity professionals to protect data | Crain's

Wanted: Cybersecurity professionals to protect data

U.S. Sen. Maria Cantwell, D-Wash., speaks during a breakfast in the Lincoln Dining room at the USDA Headquarters in Washington, D.C. last year. | USDA photo by Preston Keres.

These days, hacked is considered a four-letter word for most organizations. 

According to a recent AT&T Cybersecurity Insights report, almost 80 percent of the global organizations surveyed said they had been adversely affected by a cybersecurity attack in the past year.

When queried about the biggest cybersecurity threats they anticipated for 2018, 60 percent cited malware, worms and viruses. Unauthorized access to company data plagued 49 percent, and 46 percent cited ransomware. Nearly one-third said IoT-based attacks topped their list of concerns going forward. 

But who to hire to ease those concerns is an even bigger worry for many employers in Washington state and throughout the country. Cybersecurity experts are among the most sought-after workers in the tech field.

Barbara Endicott-Popovsky, executive director of the Center for Information Assurance and Cybersecurity at the University of Washington Bothell, estimates there are two jobs in the state for every one person employed in cybersecurity.

“This presents both great opportunity and challenge,” Endicott-Popovsky says. She couches the situation as a systemic one. For decades, the federal government was the only employer who sought cybersecurity expertise and most of the hiring happened in Washington, D.C., for organizations such as the National Security Administration, the FBI, the CIA or the Department of Homeland Security.

“The appetite for cybersecurity talent was coming from the government, and there was not much interest from the commercial sector in the heyday of the ‘90s digital age,” she says. “We certainly didn’t think about (cybersecurity) when we rushed into commercializing the internet. We saw opportunity, connectedness. The commercial sector was too busy making money, which was a good thing.”

Fending off the criminal element

But then criminals began to see opportunities, too.

The initial adversaries were smart kids, like in the movies “War Games,” or “Hackers.” This led to organized crime and global state hackers. But it wasn’t until the United States witnessed some very serious breaches – at Target, Sony, Equifax, and others – that people saw C-suite executives losing their jobs and companies going under. That's when the private sector really began to pay attention and started recruiting and hiring cybersecurity professionals, she said.

“We started our center in 2004. I was brought in in 2005. There were only 43 universities; now there are over 200 who specialize in cybersecurity disciplines,” Endicott-Popovsky says. “But that still represents less 10 percent of universities and colleges in the US.”

Recent research from the Enterprise Strategy Group and the Information Systems Security Association explores the drawbacks of the cybersecurity skills shortage, diving even deeper than identifying that there are more jobs than people to fill them at the moment.

Of those surveyed who had experienced some sort of cybersecurity breach, 31 percent blamed a lack of training for non-technical employees, while 22 percent said their cybersecurity team is not large enough for the size of their organization. 

U.S. Sen. Maria Cantwell, D-Wash., agrees with the need to be proactive on the cybersecurity front. During a November meeting of the Senate Committee on Commerce, Science and Technology, she suggested that private companies must put in place their own robust security measures, while the government must do more to counter state-owned bad actors and invest in critical security infrastructure.

“We need companies to follow a cyber hygiene regimen with great, religious fervor. I believe that we have to help do our part too,” Cantwell says. “Because if state-owned actors are going to continue to hack, we need to do something. We have to, at the federal level, up our game and make sure that we’re making investments to help on critical infrastructure.”

Focusing on education

The state of Washington is doing its part. Three of its community colleges – Whatcom, Highline and Columbia Basin in Pasco – along with the University of Washington and the nonprofit City University of Seattle are federally recognized centers for cyberdefense education. The recognition comes from the NSA and the Department of Homeland Security.

Central Washington University offers both undergraduate and graduate degree specializations in cybersecurity management. UW Bothell offers bachelors and masters degrees in cybersecurity, as well as a six-month certificate program in cybersecurity that can be earned along with a bachelors degree.

Still, HR professionals like Lorraine Gauvin, a managing partner with Swift HR Solutions, says she has her work cut out for her when it comes to finding and placing cybersecurity talent. Swift has worked with several security-focused clients in recent years, and Gauvin says “they took off like wildfire.”

“Increasingly, there is more and more sensitive data out there that needs to be protected, and the loss is huge if it is not,” she says. “We are seeing more startups focused on security, and more midsized companies come to us with a need for higher-level security executives.”

Despite good luck with interns and lower-level employees via local schools with great security programs, to find those executive-level candidates, she says she’s had to really open up a national search and encourage employers to be open to remote employment situations.

“Tech is a very hot market, an ever-evolving market in general,” she says. “But finding people who specialize in security can be super-challenging.”

February 10, 2018 - 12:52pm