Cybersecurity Starts in High School with Tomorrow’s HiresSandrine Rastello and Jeanna Smialek
Five dozen teenagers hunched over computers in a hotel conference room near Washington, decrypting codes, cleaning malware and fending off network intrusions to score points in the finals of a national cybersecurity contest.
Just hours later, the high-school students got a glimpse of the labor market’s appetite for their skills as sponsors such as network equipment maker Cisco Systems Inc. described career opportunities. Internships start as young as 16 at Northrop Grumman Corp., which reserves 20 spots for participants in the Air Force Association’s contest.
“We’re the largest provider of cybersecurity solutions to the federal government, so we know that we’ve got to help build that talent pipeline,” said Diane Miller, Northrop’s program director for the CyberPatriot contest, on the sidelines of the March event. “We just have a shortage of people applying” for the 700 positions currently open.
Security breaches experienced by institutions ranging from Facebook Inc. to the Federal Reserve are spurring spending on cybersecurity. President Barack Obama describes the threat as one of the nation’s most serious perils, while the Department of Defense has said the Chinese military has targeted government computers. With few specialists trained to respond to evolving attacks and most universities still adjusting to requirements, demand is overwhelming supply.
“I cannot hire enough cybersecurity professionals, I can’t find them, they’re not qualified,” said Ryan Walters, who founded mobile data security company TerraWi Inc. in 2009. The company, based in McLean, Virginia, employs 12 people and plans to expand to 20.
Walters, who says he has 22 years of experience in the field, helped prepare 48 students from Marshall Academy in Falls Church, Virginia, who competed in the CyberPatriot contest this year. Twelve made it to the finals. He says he’s gotten calls from companies and government agencies to interview his protégés.
“I love the activity, it’s like a passion,” said Ramon Martinez-Diaz, a 16-year-old sophomore coached by Walters. “But it’s also great that there are so many job openings.”
Listings for cybersecurity positions rose 73 percent in the five years through 2012, 3.5 times faster than postings for computer jobs as a whole, according to Boston-based Burning Glass, a labor market analytics firm that collects data from more than 22,000 online jobs sites.
“You have to scratch your head and ask whether the supply could possibly keep up with that,” Burning Glass Chief Executive Officer Matt Sigelman said in a phone interview. Data show “employers literally just posting and reposting” their offers, he said.
There were 64,383 jobs related to cybersecurity listed for the twelve months through April, about 3 percent of all information technology positions, according to the company.
Rob Waaser found his skills in high demand. Just more than a month after graduating in December from Carnegie Mellon University in Pittsburgh with a master’s degree in information security technology and management, he started working at defense contractor Raytheon Co. Waaser chose to pursue a master’s because he said the industry is technical enough to justify the extra training.
“Cybersecurity is a good field these days to get into -- there are a lot of people out there looking for talent,” said the 24-year-old, who got offers from all six of the potential employers he interviewed with. “I really didn’t have a problem finding job openings.”
To prepare the next generation of specialists, the federal government’s National Security Agency is working to strengthen college-level education through its National Centers of Academic Excellence in Cyber Operations program, which gives a designation to universities that meet curriculum and other criteria.
Companies and government agencies are finding many candidates exiting college programs inadequately prepared for high-skill jobs crucial to cybersecurity, said Frank Reeder, co-founder of the Center for Internet Security in East Greenbush, New York, and former senior official at the U.S. Office of Management and Budget responsible for information policy.
“In the cybersecurity world, it’s still a little bit of the Wild West,” he said. For today’s gap, part of the solution is to train existing workers, he said.
Alan Paller, whose Bethesda, Maryland-based company SANS Institute provides such instruction, said many job candidates lack the hundreds of hours of lab experience needed to develop the highly-specific skills required.
“We have a huge number of frequent flyers and a tiny number of fighter pilots,” Paller said. “In the next war, people will be the tanks and the planes. We’ve got to be ready.”
The threat of cyber attacks has for the first time become a greater concern than terrorism, James Clapper, the top U.S. intelligence official, told the House Intelligence Committee during an April hearing. A spate of recent disclosures by corporations about security breaches include social network Facebook, which said it was targeted in a “sophisticated attack” by hackers in January who installed malware on laptops used by company employees.
The Fed said in February that intruders breached a website used to stay in touch with banks during emergencies, though no critical operations were affected.
Companies and governments are boosting spending on cybersecurity. Obama’s 2014 budget recommends more than $13 billion for computer network security, about $1 billion more than current levels, including a 21 percent increase at the Pentagon.
U.S. companies and public sector organizations will raise outlays on computer security to an estimated $89.1 billion in the fiscal year ending October 2013, more than double the 2006 level, according to data collected by the Ponemon Institute LLC. and analyzed for Bloomberg. The Traverse City, Michigan-based company conducts research on data protection and information security.
Each year JPMorgan Chase & Co. “spends approximately $200 million to protect ourselves from cyberwarfare and to make sure our data are safe and secure,” with 600 people dedicated to it, Chief Executive Officer Jamie Dimon wrote last month in a letter to shareholders. “This number will grow dramatically over the next three years.”
Increased awareness of cyber risks means more business for Boston-based Rapid7 LLC, which sells security software to small and medium companies and has more than tripled in size since 2011, now with 350 employees.
“The challenge for us is finding the balance of the skillset with the cultural fit,” Chief People Officer Christina Luconi said in a phone interview. “There’s a lot of really talented hackers or people with cybersecurity skills -- it’s finding those folks who want to use their skills for good, not evil.”
As a result, workers the company goes after are often being courted by other employers as well, she says.
That shows up in pay: In a survey released February of more than 6,300 U.S. information security professionals, 62 percent had gotten a salary or benefits increase. Seven percent reported a raise of 10 percent or more, with the average worker earning $109,156. The data was collected in fourth quarter 2012 for ISC(2), a global not-for-profit organization headquartered in Clearwater, Florida, specializing in information security education and certifications.
Even those without college degrees are commanding good salaries. A participant in last year’s CyberPatriot contest earned certifications and went from high-school to a job paying $62,000, said Bernie Skoch, the commissioner for the competition at the Air Force Association, a nonprofit, independent group that supports the service through educational and promotional programs.
Skoch said the goal was to get teenagers interested in science, technology, engineering and math. “Every aspect of our economy is cyber-dependent,” he said. “If we’re not drawing enough people at a young age, where you can shape their choices into these technical fields, we won’t be able to feed this technical workforce.”
The contest, which started as a pilot program in 2009 with eight Florida high-schools, attracted 1,226 teams from high-schools or institutions this year. Now, it is expanding.
“We learned that high school is too late for many students,” Skoch said. “We need to excite them at middle school.”