Cybersecurity recruiters struggle to keep up with demand |

Cybersecurity recruiters struggle to keep up with demand

The Black Hat conference in Las Vegas is the world's biggest cyber security gathering, and attracts security experts, hackers and software vendors. Attendance to the annual conference has risen steadily as interest in the cybersecurity field has grown.

WASHINGTON — Want a career with zero chances of going jobless?

Try the booming field of cybersecurity. Companies can’t hire fast enough. In the United States, companies report 209,000 cybersecurity jobs that are in need of filling.

It’ll only get worse. By 2019, according to the Cybersecurity Jobs Report, the workforce shortfall may reach 1.5 million. Globally, the shortage could hit 6 million, it added.

“The Internet is growing faster than the growth of people to protect it,” said Michael Kaiser, chief executive of the National Cyber Security Alliance.

It is a problem with the full attention of the White House, which in July called for “immediate and broad-sweeping actions to address the growing workforce shortage and establish a pipeline of well-qualified cybersecurity talent.”

A dramatic rise in cybercrime has put government in competition with private companies for hiring cybersecurity experts. Private companies recoil at the possibility of hackers stealing their proprietary information, holding their data for ransom or plundering their servers of the personal information of clients.

The shortage in job candidates is not an easy or quick problem to address, experts said.

“It takes a long time to develop the instincts to be an effective cybersecurity engineer. You can’t just come out of college and know what to do,” said David Foote, a tech industry researcher and co-founder of Foote Partners of Vero Beach, Fla.

“The threat landscape changes all the time, and that’s hard to train for,” Kaiser added.

Foote said government and private industry face shortages: “In the short term, it’s not looking good. There are so many employers who are way behind in staffing.”

Efforts to poach cybersecurity experts occur at a blistering pace.

Some 46 percent of working cybersecurity professionals said they received solicitations for other jobs “at least once per week,” according to the State of Cyber Security Professional Careers, a survey released last month jointly by the Enterprise Strategy Group and Information Systems Security Association.

“Turnover in the cybersecurity ranks could represent an existential risk to organizations in lower-paying industries like academia, health care, the public sector and retail,” the survey said.

In the federal government’s push to expand cybersecurity training, it has targeted all levels of education, including $125 million in National Science Foundation grants to primary and secondary schools. It has also designated nearly 200 colleges and universities as National Centers of Academic Excellence in Cyber Defense.

Many universities are gearing up programs to meet the surge in demand.

“We will start teaching the first group of students in two weeks,” said Alan M. Usas, the director of the new executive master’s in cybersecurity program at Brown University in Providence, R.I. “Interest has been extremely high.”

But steering younger students into cybersecurity can be a tough sell.

“People who are graduating from college are looking for the next killer app or to create the next startup,” said Katrina Timlin, an associate fellow in the Strategic Technologies Program at the Center for Strategic and International Studies, a Washington think tank.

Cybersecurity has little of the cachet of other areas of information technology, such as machine learning, and cybersecurity experts aren’t even always loved at their own companies. Their departments are not revenue generators. And their constant efforts to penetrate systems can raise hackles.

“They have to have that nonconformist edge where they can pick apart a problem. That kind of personality pushes some people’s buttons,” Timlin said.

As they look for flaws in existing networks and systems, cybersecurity experts can find themselves at loggerheads with technology engineers who built the systems, she said.

Foote’s consulting firm receives compensation data from 2,914 employers who report on what they pay 255,650 full-time technology professionals.

In the most recent quarter, Foote said, the firm found an average salary of $99,000 for a cybersecurity specialist with three years’ experience in design, deployment and administration of security systems. For a more senior employee with at least five years of experience and strong knowledge of digital controls and protection strategies, the national average salary is $118,000.

Cybersecurity jobs in the United States pay an average of $6,500 more than other information technology professions, a premium of 9 percent, according to a July report, Hacking the Skills Shortage, by Intel Security and the Center for Strategic and International Studies.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.