The Evidence Is in the Numbers: We Need More Cyber Security Professionals

The digital revolution is here. With technology playing an increasingly significant role in everyday life, the world becomes more and more connected through, and dependent upon, computers. Mobile technology, the Internet of Things, machine learning and the cloud, just to name a few, all mean opportunity and possibility for businesses, professionals and society but also for criminals looking to capitalize on vulnerabilities. As we focus on innovation and advancement in technology, we must also focus just as intently on the mitigation of cyber crime, which requires an experienced and educated workforce ready to fill the thousands of open cyber security roles across the nation. These sobering statistics tell us why:

• In 2016 alone, the FBI received more than 2,600 complaints about ransomware.

• In 2015, there were over 112 million healthcare data breaches.

• According to Cisco, the number of so-called distributed denial-of-service (DDoS) attacks – assaults that flood a system’s servers with junk web traffic – jumped globally by 172 percent in 2016. Cisco projects the total to grow by another two and a half times to 3.1 million attacks by 2021.

The Real Cost of Cyber Crime

To understand the magnitude of cyber crime, it helps to look at the costs. According to FBI statistics, hackers extorted businesses and institutions for more than $209 million in ransomware payments in just the first three months of 2016. And that number was way up from the 2015 figure of $24 million. In 2017, we witnessed ransomware attacks in the billions. The WannaCry outbreak, for example, affected computers in more than 150 countries and by some estimates could cost as much as $4 billion. But there are additional costs to the victimized business or individual beyond just the money hackers steal. Cisco explains in its 2017 Annual Cybersecurity Report that there are opportunity costs and customers lost that cause significant damage. Cyber attacks can also affect a business’ valuation. Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France, told Bloomberg:

"There’s a risk you’re buying an empty shell, overpaying for a target whose patents have been spied on and copycatted, or whose sensitive customer data has been stolen. Cyber security is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions."

Fighting Cyber Crime Requires Professionals, Talent Which is in Short Supply

One of the greatest hindrances to mitigating cyber crime is the lack of qualified and skilled professionals trained in cyber security. Despite being one of the fastest-growing fields, cyber security is not attracting the talent it needs to fill the many open positions, with a report from Frost & Sullivan and (ISC)²  predicting that job postings in cyber security will reach 1.5 million by 2020. This is alarming considering that “cybercriminals are becoming increasingly more organized and aggressive, while the teams defending against these attacks are struggling to fill their ranks,” according to the Harvard Business Review. As the millennial generation comes of age and boomers retire over the next decade, it is the millennials who will be looked at to fill these critical roles. Yet so far, the figures are not positive. A Global Information Security Workforce Study by (ISC)²  revealed that only seven percent of cyber security professionals surveyed were under age 29, and 13 percent were between ages 30 and 34. The average age of cyber professionals is 42. Not only is the field failing to attract the millennials it needs, but there is a severe gender gap as well, with females constituting only 11 percent of the world’s information security workforce. In short, the cyber security field needs more talent – millennials and women included. In summary, there are three primary factors contributing to today’s cyber security talent shortage:

• Lack of awareness of cyber security as a career path
• Preconceived notions around the skills and qualities needed to work in information security
• Advanced educational requirements (specifically a desire for applicants to have computer security degrees)

It Pays to Work in Cyber Security

Thanks in part to the extreme drought in cyber security professionals, salaries in cyber security are high. According to CNBC, the average annual salary for a cyber security professional with a Bachelor’s degree is $116,000. For more advanced positions that typically require a Master’s degree, the salaries almost double. The private, public and governmental sectors are all investing heavily in attracting and retaining cyber security talent. As evidence, SoftBank Corp recently invested $100 million in cyber security start-up Cybereason, and New York City Mayor Bill de Blasio just announced a plan to introduce 100,000 new jobs over the next 10 years with a strong emphasis on cyber security. Similarly, a 2016 Corporate IT Security Risks report by Kaspersky Lab found that:

• Of the 4,000 businesses surveyed, roughly half said they were finding it hard to fill openings.
• Nearly 70 percent of the companies said they planned to hire full-time cybersecurity professionals in the coming years.
• Nearly half (48 percent) of businesses admit there is a talent shortage and a growing demand for more professionals.
• Overall, 68.5 percent of companies expect an increase in the number of full-time security experts, with 18 percent expecting a significant increase in headcount.

Not only does a cyber security job pay well, but it can also be an exciting and extremely rewarding career as you work to protect and defend critical information and infrastructure at hospitals, banks, governmental agencies or in virtually any niche you choose. The options are unlimited, with every industry and organization today requiring cyber expertise. One important tool for forging a career in cyber security is education. A primary reason for the massive talent shortage is a lack of highly educated cyber security professionals. Fortunately, with advancements in technology, getting a degree while gaining experience through full-time employment is more attainable than ever. Online cyber security master degrees are now being offered at reputable, accredited universities across the country. To encourage advanced education in this critical area of security, there are also several cyber security scholarships and grants available to those interested in furthering their education in information security. The bottom line? Cybercrime affects us all. Today, cybercrime is rampant, and the resources we need to fight this growing threat are limited with talent in the field scarce. The numbers tell us all we need to know. If we don’t effect change and find a way to encourage more individuals to pursue careers in cyber security, we will be facing a future with increasingly strategic and intelligent cyber criminals that have been honing their skills, while we’ve been watching our deficit rise to 1.5 million unfilled jobs.   About the Author: Patricia De Saracho is a Senior Marketing Manager with the University of San Diego where she supports several graduate degree programs including the Master of Science in Cyber Security Operations and Leadership and the Master of Science in Cyber Security Engineering. Patricia is passionate about education and the role it can play in affecting positive change. You can connect with the University of San Diego’s cyber security programs on Twitter and Facebook. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.