As technology advances, cybersecurity jobs take center stage

By Josh Peterson | Watchdog.org

The modern Internet is proving to be a hacker‘s playground, and cybersecurity is no longer an afterthought for the private sector or government agencies.

The expanded commercial opportunities and medical advancements offered by the much-anticipated Internet of Things will also present new security challenges for future cyber warriors. And, considering recent cases in which hackers were as young as 15, it’s imperative that schools and companies encourage kids to protect online data rather than exploit it.

CyberPatriot — The National Youth Cyber Education Program, for example — was established in 2009 by the nonprofit Air Force Association as a competition to generate interest among high school students in science, technology, engineering and mathematics (STEM) education and encourage them to consider careers in cybersecurity.

“We determined that the STEM education challenge was and remains a national security issue; we simply are not drawing enough bright young students to STEM education and careers,” retired U.S. Air Force Brig. Gen. Bernie Skoch, CyberPatriot commissioner, said via email.

Skoch said the organization originally determined high school age was the “sweet spot” for “the best opportunity for immediately shaping attitudes about cybersecurity and, more broadly, STEM as a career opportunity.”

In 2012, however, the Air Force Association realized the importance of including middle school students in the program. In 2013, the organization conducted a “highly successful” pilot program that allowed middle school students to participate in CyberPatriot, Skoch said.

When it comes to cybersecurity, it’s not just credit card data or identity that’s at stake. Internet-connected transportation systems, medical devices, electronic health records, household appliances and wearable technology need to be protected in addition to the power grid, financial institutions and government secrets.

Even as Congress battles over reducing the federal budget, federal funding requests for cybersecurity initiatives indicates a potential area of growth.

The Pentagon, for example, asked for $5.1 billion from Congress in its fiscal 2015 budget to help protect public infrastructure and fund research at the Defense Advanced Research Projects Agency, the U.S. military’s advanced research agency, and U.S. Cyber Command, which coordinates the military’s cyberspace operations.

The Bureau of Labor Statistics forecasted that between 2012 and 2022, more than 27,000 Information Security Analyst jobs will be added to the labor force.

But the BLS forecast may not be indicative of the true demand: a Washington Post report in 2012, for example, pointed to a need for 50,000 new cybersecurity jobs. And as of June 2013, the Government Accountability Office reported a 22 percent vacancy rate in DHS’s own cybersecurity division.

DHS officials blamed the vacancy rate on the length of time it took to complete background security checks, the “lack of clearly defined skill sets or a unique occupational series for these positions” and a lower pay rate than in the private sector.

A Reuters report found that Fortune 500 companies pay chief information security officers with military or defense experience as much as $200,000 to $700,000 a year. And a May 2013 survey of 500 cybersecurity professionals conducted by the public-private partnership Semper Secure showed other industry professionals earned on average $116,000 per year. In spite of the relatively high salaries, industry experts are having trouble finding people to work in cybersecurity.

But the most significant challenge the U.S. government and private companies are looking to overcome is that today’s talent pool is not big enough to address current cybersecurity needs.

The Obama administration’s 2008 Comprehensive National Cybersecurity Initiative noted an increase in demand for cyber professionals in 2007, according to a recent report by the RAND Corporation, a nonprofit research corporation.

The report examines the national and homeland security risks posed by the shortage of cyber professionals in the workforce.

Martin Libicki, senior management scientist at RAND and the report’s lead author, explained in a statement: “As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks.”

Libicki was confident, however, existing training programs and “market forces” would remedy the shortage, cautioning against drastic government action that might result in a future labor market oversupplied with narrowly skilled individuals.

“Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to 10 years,” said the RAND report. “By then, the current concern could easily abate, driven by new technology and more secure architectures.”

Even with the amount of free university-level resources available to adults interested in learning to code — at least 18 universities have also made several of their computer science courses available to the public for free online, including Harvard, MIT, UC Berkley, Tufts, Carnegie Mellon and Stanford — time is still a major issue.

To prepare for the future, the U.S. government, schools and private companies are leveraging their resources to address computer literacy and foster the development of cyber talent among young students.

In February 2014, Raytheon launched a collection of engineering resources through PBS LearnMedia — in partnership with WGBH, a Boston-based public television station — designed to complement K-12 STEM education efforts. The resources released also include material on cybersecurity and safe Internet habits.

The Air Force Association will also be releasing its Elementary School Cyber Education Initiative.

“This will not be a competition, but is instead an effort to inoculate students in grades one through six against online risks and to assist them in appreciating the importance of being safe on line,” said Skoch.

Free online courses through CodeAcademy and Coursera provide structured environments for users 13 years old or older who are interested in learning computer programming and cybersecurity skills. Khan Academy allows users younger than 13 to use their service under school or parent supervision. And tech giant Apple offers free youth programs coordinated through the company’s retail stores.

Making resources freely available, however, is only one part of the answer to training up the next generation of cyber warriors. Proponents of improving STEM and cyber education are actively working to generate classroom and extracurricular interest, with programs like CyberPatriot, as well.

Code.org’s Hour of Code campaign, for example, not only promotes learning computer science at an early age but also advocates adding computer science to the core of the K-12 math and science curriculum.

In partnership with Computer Science Education Week, the organization’s goal is to teach 10 million students to learn computer programming skills. Through Hour of Code, students are first introduced to programming concepts without needing to type. The language used, Blockly, is a visual language developed by Google.

The University of Maryland is scheduled to hold two week-long CyberSTEM summer camps in July for middle school-aged girls, giving them a chance at hands-on exploration of STEM and cybersecurity topics.

The National CyberWatch Center K-12, sponsored by a grant from the National Science Foundation, also holds an annual series of workshops for young girls to promote interest in cybersecurity careers. The University of Maryland and Lockheed Martin are two of the center’s workshop partners.

Cristin Caparotta, graduate assistant for education at the Maryland Cybersecurity Center, said that by stimulating students’ interest in STEM and cyber issues early at the middle-school level, educators can then help develop their interests as they go through high school and on to college.

Caparotta said that she hopes educational efforts like CyberSTEM, which she has coordinated for the past two years, will help middle school-aged girls and “other underrepresented populations” consider STEM and cyber careers.

The middle school age is pivotal to recruiting students into the field, she said, because they’re still exploring new ideas and skills. By the time students, especially girls, are in high school, they are starting to know what they enjoy, making it harder to generate excitement about new ideas and skills.

“It is important for us to really try to stimulate that interest early and then grow upon students already with the interest once they’re in high school,” said Caparotta.

Contact Josh Peterson at jpeterson@watchdog.org Follow Josh on Twitter at @jdpeterson

This story was originally published June 25, 2014 by U.S. News & World Report.