Slashdot Mirror
The Cybersecurity Industry Is Hiring, But Young People Aren't Interested
Daniel_Stuckey writes "Cybersecurity, as an industry, is booming. According to the Bureau of Labor Statistics, jobs as network systems and information security professionals are expected to grow by 53 percent through 2018. Yet, young people today aren't interested in getting jobs in cybersecurity. By all accounts it's a growing and potentially secure, lucrative job. But according to a new survey by the defense tech company Raytheon, only 24 percent of millennials have any interest in cybersecurity as a career."
I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.
The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.
I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.
I would've thought 24% of young people being interested is pretty good. Especially for a niche job like this.
such a retarded word
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.
Terje
"almost all programming can be viewed as an exercise in caching"
Nobody wants to be considered a potential hacker cuz they "know things".
Only large corps really spend money on security... But let's face it, why would a young and promising guy with a bright future ahead of him, work for a disgusting corporation that's full of bureaucracy, politics, and incompetent managers? What's in it for him other than the money which he can probably get elsewhere?
Small companies are not just more fun; your opinions are heard, things move much faster, there's less bureaucracy, and there's usually minimal to no politics. I would gladly shave a chunk of my salary, and work for this type of company, than waste my life in a cubicle in some corporation where I am a very small and insignificant peon.
All those moments will be lost in time, like tears in rain... time... to... die...
Yeah that's what I want. A job in the tech industry, where every 10 years I'll be horribly replaced by new tech, outsourced or too old for. Then again, might I suggest the medical field, where you can get a job anywhere in the country at the drop of a hat with experience and there's a never ending Obamacare supply of jobs.
We immediately need to get other 76% interested, away from those pesky unimportant jobs such as farming, logistics, film, medicine, retail, media, and million others! Then we'll finally will be able to have an AV client on each smartphone, and an AV client inside each APP in an environment with an AV client. Because from the user perspective, 80% of Cybersecurity job is to install AV in every place possible.
Progress is slowly being made in the use of capability based security. This will eventually (15-20 years from now) mean that computer security will be a solved problem.
Additionally, computer security can be outsourced and managed remotely, so it is likely to be commoditized, in much the same way as IT Administration was.
It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.
Having worked in IT for far too many years, I know how it goes: when you hire new employees, you know they aren't going to be up to speed for at least 3 - 6 months. However, these companies are mostly new start-ups, so they think it is like hiring a contractor, and they want their new staff to be up to speed immediately. It's just not going to happen, but until they see sense and learn to plan for the long term, the situation will be that way; lots of jobs that go unfilled, and lots of well qualified people the can't find jobs. And it's not about money, really; these web companies could afford to think ahead and invest in people with good potential - and one could argue that they can't really afford NOT to do so.
On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration. In the old mainframe days you would call them System Programmers, and they would be your most sacred asset. But what the web companies really mean when they say "DevOps" is just a low ranking build engineer, who knows how to use Puppet, Chef or Jenkins and is doing the same, repetitive task over and over, provisioning into the cloud. And they all want somebody who has "at least 5 years experience with the cloud"; has "The Cloud" even existed that long?
only 24 percent of millennials have any interest in cybersecurity as a career
That is not a lack of interest - it is an enormous interest. Think of when you were in class - if a quarter of the whole class were interested in one career. It is so high that I have difficulty believing it. If you assume that in any class you are going to have a 5% with no academic interest, maybe another 5% who truly want to pursue something non-technical, be it lawyer, politician, professional musician, sportsman, minister of religion, or artist - then I would say that it would be all the non-security related scientific, technical, and computer related industries that should be worried. If that figure were true it would mean that *most* people who are going to want a technical career would be looking at jobs in computer security.
Face it, the "other" operating systems have their share of vulnerabilities, but at least 80% of them are on Windows.
The young ones are getting Macs, and/or fooling around with Linux. "Cyber security" is not such an urgent item there, and when it is, it's mostly server side and requires advanced skills that not everyone is capable of, or interested in acquiring.
... Hire a Unix sysadmin. Every other so-called "security" expert I've ever come across has been a clueless fool, he'll bent on implementing pointless dressing that just gets in the way of work, rather than actually securing systems.
Offer more cash and support ongoing education, you get the best people in any generation. Start going for cheap wages, gov spying deals and contractors and it gets interesting in many ways.
Cybersecurity is sold as protecting data but could mean helping track dissidents or build deep packet inspection.
The brand is a key factor too, if you are facing more congressional hearings or whistleblowers show you hawking your domestic surveillance skills to govs. Also don't ask your staff to do mass surveillance. They know its wrong and won't be fooled by any paperwork, letters of immunity or work on a 'safe' list or 'white list' of nationals.
You also have skilled people who know what the 'brands' do internationally. The staff know their CV is going to connected to press about fines, bribes, slush funds, political intrigue, black sites and mass surveillance.
i.e. people can google the boss and brand. A new company or old, it all shows up even from the press from the 1980-90's...or later whistleblowers work.
Domestic spying is now "Benign Information Gathering"
Or maybe, just MAYBE, they are afraid of being lumped in with the clueless bunch that are brandishing the term 'cyber' for everything, like it was some demented talisman to ward against evil net spirits.
I mean everybody knows that a 'CyberSecurity Specialist' is only a small and mostly accidental step away from a 'CyberBully', or 'CyberTerrorist', or OMG!!! Cyborg!!!
"Why yes, I'm a Terminator for the NSA, DHS, and in my spare time, the FBI and CIA! I'm a hit at all the parties!"
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
The idea of working on mechanisms to stop other people from doing things seems like such a depressing job, even if the objective is to stop malicious people from doing bad things! The goal is to suppress and defeat the actions of other people who actually lead interesting lives!
Meanwhile, almost every other kind of development job involves creating something visible, something meant to be shared, something constructive, helpful, or fun!
Not everyone lives in some cutting edge tech hub, some countries don't even have one when it comes to security stuff. Elsewhere in the world, companies want certifications but to get certification you need documented experience with an employer... so I went and got a degree in I.T. Security then because of the aforementioned I went into mainstream I.T., then I realised there's more money to be made pretty much everywhere else but cybersecurity, and it's easier too. I love hacking all sorts of stuff, from USB MITM attacks to fuzzing to even good ol' risk assessment but I probably have more of an impact on security in general now as an IT Manager by making decent security decisions and ensuring software projects don't make stupid design choices (Eg: Let's trust all input from the client!) then I would have at as a consultant or analyst or whatever. Not only that, I get paid more and I can still do what I like in my own time without having a profit motive attached to it. I found it's easier to solve security issues when you're in the conglomerate board room and not in the company trenches, social engineering as it's best if you ask me.
As with anything, they could try offering them more money and better conditions.
And as always, businesses would rather avoid that in favour of having others (college/govt/other countries) train them and create a surplus of people trained in the sector to depress the wages.
While it's nice when people can enjoy their work, most people work to live, not live to work. Give them training, more money and time off to enjoy it and you'll get more applicants.
Like home security, nobody even needs to think about it anymore. Oh wait...
Does it pay that well?
'nuff said.
Did anyone in that article actually review standard Cybersecurity job requirements? Short Version: Everybody wants super-certs, 10+ years experience and existing security clearances. Not sure about anyone else, but I've seen pretty much *jack* for anything on the many tech job boards that is Jr. or starting out Cybersecurity, and young people pretty much know that as well as anyone looking for a position. When an industry only wants super-qualified professionals, is it any wonder new people are uninterested?
I would prefer a job (and I have such a job at the moment) that enables users to do things, that increases their possibilities. Not one to take possibilities away, and to restrict users.
Who wants to be a rat?
Pretty even split between train drivers and astronauts.
That's the boys, obviously. I have no idea about the girls and they have cooties anyway.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Give me comparative numbers, what is the trend ? What can I do with a "24%" which sounds like a very high number.
Am I missing something? 24% of millenials sounds like a huge number if its not just IT workers polled.
terrorism and highly illegal!! We are punishing American research for what the Chinese, Russians, North Koreans get away with for free , on a daily basis Sad sad times are here, all we can legally do now is freeze and bend over
From the Raytheon article key figures: "Young men (35 percent) are far more interested than young women (14 percent) in a career in cybersecurity." If that many people are interested in cybersecurity, I'd call that "an overwhelming proportion" of persons being interested in cybersecurity. By that count, that's an enormous population of paranoid technofreaks.
"The survey also found less than one-quarter of young adults aged 18 to 26 believed the career is interesting at all." And how much of the total population gets employed in computer security AS A WHOLE? Less than 0.1% easily. How many other types of jobs, areas of interest and careers are there WITHOUT EVEN leaving the IT world?
The study page even highlights that they didn't target IT graduates. This is from a general, untargeted smattering of 1,000 members of the population. That's not even a proper sample size.
Bad journalism. Bad study report. Bad.
-- "Simplicity is prerequisite for reliability." --Dijkstra
Some of us do, I just threw up, experience or not you should run. If your okay to find nothing safe for your own mind okay, , and your good with it, then fine. this does not work for everyone.
Governments keep demonizing people interested in security and making examples out of them by putting young talented kids to jail; hence the result. Kids don't want to go to jail. They find other fun things to do.
Congratulations, job well done! Karma is a bitch...
If this "survey" and "key findings" are any indication of Raytheon's abilities as a cybersecurity company I don't think I'd be comfortable working for them.
OP here, you're right, but my main motivation/goal was money but that's not everyone's goal though. For me, to move to such a place would require me to migrate to another country, I'm not prepared to do that. I get what you mean though, I'm essentially in the viper's den but what better place to kill some vipers? I want to solve problems and they start here, security problems included.
Cybersecurity really... Look it's going to be you vs. the NSA..
And they have way more money, way better people, way more people, and the law is on their side...
Everyone else is going to lose.. Why set yourself up in a purely reactive and losing position? That's a crappy job.
How about outsourcing ? I know I know sensitive information. Seriously we only look for jobs that pay our bills. We are not stupid to sell them to some other source, As we are all aware that you can't get away from consequences. If you take into consideration of data breaches they are very minimum and often exaggerated. Your work will be safe in India.
That's because companies view network security as a cost center, rather than a profit center, so they want to spend as little on it as possible. Being a network security specialist is a "reactionary" job - you do everything you can to make the network safe (on the usually meager budget you've given to do so), and then wait for ... something ... to happen, after which you'll be implicityly if not outright blamerd for it. You can also look forward to carrying a pager, possibly 24/7. In order to do the job well you'd probably need a skillset that intersects knowledge of IT, networking and programming. You could be a programmer, which is a profit center for software companies, which means you'd probably be treated and paid better, and not locked into IT, which is a dead end at many companies who see IT as something they begrudgingly have to pay for.
Still, network security sounds sexy, and it probably pays better than mainstream IT - I'm surprised they're having that much trouble finding people to do it.
I also can't help wondering if the world's black hats would pay better for someone with the skillset. After all, for them, network security is a profit center.
"Can't you see that everyone is buying station wagons?"
Oh, snap!
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
Cybersecurity? Awesome. Ever have beyond passing interest? Never. If I do I'll be made to look like some horrible hacker and have my reputation ruined even further.
By "cybersecurity" they generally mean defending retarded shit like DRM schemes and MAFIAA censorship efforts. Why the hell would I be interested? Genuinely keeping systems secure, sure, I can do that, but the establishment actively fights that, as we've seen. By "cybersecurity" the older generation generally means "ignore how digital information actually works, pretend imaginary property is real".
Surely we can just out source these jobs to China? They're probably already doing the work in fact...
First, if fully 24% of all millennials surveyed expressed an interest in going into cybersecurity, that's a fucking huge number. As the article says, it's comparable to the number who are interested in law, and only a little under the figure for people who answered "yes" basically to the question "would you like to be a rich, famous movie or TV star"?
Secondly, if the sex ratio is 35% of men and 14% of women, that's *also* a much better gender-ratio (10:4) than most of the IT industry, where ratios of 10:1 or higher aren't exactly unheard-of.
Thirdly, it's silly to generalise from the highly motivated, highly technical, passionate people who are already into the hacking/security scene and identify enough with hacking culture to attend DefCon to "all young people everywhere".
Fourthly, even if a generation of kids with a strong anti-authoritarian streak (and who were shocked and appalled by various US administration's behaviour from Guantanamo Bay to Snowden while growing up) aren't interested in doing cybersecurity for the US government or bureaucratic defence contractors, that's a totally different thing to "not being interested in cybersecurity at all".
Why would they want to take a job working against what they consider to be a valid weapon against others, most especially corporations?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
"TV or movie entertainer," while 26 percent had interest in being a lawyer.
I personally don't know anyone that wants to be a TV or movie entertainer, are they taking this survey in Hollywood? lol
That seems a crazily high number. Put the phrase "Only 24 percent of young people were interested in becoming ..." a lot of other jobs, and it sounds awfully strange ...
- Phlebotomist?
- Entrepreneur?
- Doctor / Nurse / Physical therapist?
- Academic?
(etc)
I'd have been far more surprised if some even higher percentage *did* express interest ...
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
When your job is security, the best thing that can happen is that you do an excellent job, and the end result is - nothing. That's the whole idea of it. If you do your job right, nothing happens. If you do your job badly, shit happens. Stuff gets stolen, and so on.
So will anyone congratulate you for a job well done? No, they will only see money spent on your salary with zero results. You will look as if the company could do without you. You know better, but the people who might give you a raise don't. And the people who could fire you to safe on salaries and increase profits don't.
You get much better recognition in a job that visibly produces positive results.
Why the surprise? We all live in police states. From the recent scandals and revealations, that opinion is no longer fringe. If in doubt, just watch some evening news and try to find a story where police/justice/govt is _not_ involved. Small wonder people seek the distractions of sports & gossip.
The tension imposed by the police state stresses everyone (not least the officers themselves). People naturally shy away from it. Even legitimate security efforts suffer under the toxic cloud. Fear of being sucked deeper _should_ keep people away. In applying to Booz-Allen, Mr. Snowden probably expected to be analysing corporate data, or maybe govt contractor data at worst. Surprise!
I think you've underestimated how many people want to be "a Indiana Jones" and the ever-present contingent committed to a career as a fire truck.
No kidding!!! What do you say at this point?
I've done security work as part of systems engineering, and helped other companies with it, for decades. It would be difficult to pay me enough to take that as a primary role. Many projects think of security as something that can be painted on after a project is done: others have managers or core developers who think of every moment spent thinking about security as wasted, non-profit-generating work.and actively discourage any attention to security implications. Others rely on external firewalls to say "we trust the people we work with" and "if they can get to our network, we have much bigger problems" and proceed to ignore _all_ security concerns, especially those of angry former employees or zombied laptops.
Getting people to agree to, and follow, even the most basic security practices is nightmarish managerial and political work, and new security employees will not have any of the necessary political authority or acumen to get the changes done. The constant compromising, especially compromising for employees who are fundamentally stupid but work for someone important enough to protect them, can be soul draining and professionally devastating. It's also very difficult to get recommendations from former employers for security work: doing it well often means aggravating people who just want things to be easy. Those people _will_ complain to your supervisors, and get you labeled as "not a team player" in performance reviews.
That's why I prefer to get in, do our work, do our best with the security concerns, ttry to resolve the trade-offs as best we can, document the remaining issues, and _get out_.
Unless you forgot your password on a new machine? Ya, right. How about an ad by companies? Maybe in the L.A.Times? New York Times? It doesn't take much "intelligence" to figure out that someone wants to hire a bunch of 15 cent an hour geniuses to handle an American intelligence software generation contract from the D.O.D. What could possibly go wrong there?
So I googled the topic and found out some intelligence the easy way. 4 job openings at the DHS. Typed in "Cyber" just like the instructions said to do. Word has it by just saying, "I'm a Hacker" gets one in trouble. Funny, not a single job reference in Hawii. I figure that since Snowden left work early one day, there would be one at least there. Must be some kind of "big scarey secret going on there." I just thought of something new, I'll go check WikiLeaks for any jobs in Cyber Security? I hear the president compares his daily security briefing to WikiLeaks to see how far off the DHS is.
Let's face it. It's the security guys that get the axe if the company is breached. Most folks are smart enough to not put themselves in that position. The ones that aren't get the job, and subsequently axed at the first sign of a problem. I wonder why security is so difficult.
Why is this news? As the person in charge of security, I get no support from management, no resources, I have people actively working against the security policies and using whatever means to circumvent them, and when we get attacked guess who's to blame.
And before you start yelling about onerous security practices - they are not, unless you consider standard security audits for external-facing applications and periodic penetration testing on the Web servers as onerous.
I was going to comment and point people to this thread, since many of you have pointed out exactly why this problem exists. However when I went to find out how wide this press release was distributed I found it was just some hack job done by a PR firm. This never made it into any kind of mainsteam media, just trade publications/websites. Raytheon might as well be shouting into the wind.
are interested in cybersecurity? And that's not enough? I think what they are saying is that they need more to be interested and to train for it so they can hire a few at really low wages, otherwise I guess they'll just have to start looking for H1B visa hires...
They aren't interested in anything that doesn't give them instant gratification and they can't share socially. Where I work all the under 30s "developers" (who can't compile code nor understand how to write a stored procedure in a DB) are only interested in building shiny front ends in the flavor of the month language. So of course the number interested in computer security is low, it's not "dope" or sexy. Now get off my damn lawn!
Making $5/hr when I live in a country with a cost structure designed for someone making $50/hr. Yeah, sure. How could I turn *that* offer down. And of course, only millenials matter for cybersecurity jobs. Can't hire those 50+ guys. No way. Even if there are lots of them looking for work.
Please do not read this sig. Thank you.
of the population working in "cyber security" so how is this a problem?
I heard rumors about Raytheon that make it sound like a very unappealing place to work. Rumors about job turmoil such as lousy benefits that get worse every year and no job security.
I am posting as AC because I work for Exostar. Exostar is owned by Raytheon, Boeing, Lockheed Martin, BAE, Rolls Royce, and Bell Helicopter.
If you want a job working here, you basically need to know someone inside, or your application will get thrown out. This place is the worst, period. Bureaucracy, and then more bureaucracy. All Exostar does is maintain a "secure" gateway to the online portals of the owning organizations. Here's a secret: Exostar is owned and run by finance people. No one who runs the place knows anything about IT.
The only reason this place is still operating is because the buyers keep the wheels greased, because though they don't understand how badly it's managed. My team has made significant suggestions to improve the way things are handled, but all that happens is more hoops are created. The real fuel to the fire happened a couple weeks ago when my team lead discovered that two out of three people on the tier 2 security team (which is the most heavily laden of the second tier) are only part time. Genius. Oh, and one wasn't even given tier 1 level training before getting tossed into the fray.
Exostar is a great premise, but the implementation is lacking, badly.
If these "cyber-security" jobs are managed similarly to how Exostar is, then I think their "cyber-security" is doomed.
The downside to information being ubiquitous is that it is much harder to shiny-up a crappy job and convince people to make a career out of it.
As others have mentioned, 24% seems awfully high — but if they want it to be higher, initial interest in "cyber security" as a career may be heightened if the pay were improved. The whole Snowden incident has probably not improved interest either.
Earning potential is what motivated me to select Electrical Engineering over Computer Science when deciding on a major, and glassdoor.com motivated me to avoid several potential employers.
An internal system operation returned the error "The operation completed successfully.".
Sorry im not that all intrested in cyber secuirty. Im much happier writti g buggy sphaghetti code with lots of potentional for explotitation and ill throw in random opprountites for sql injection attacks just to make things fun. Did i mention i love nascar so i needless build in competing code just to create race conditions. If you are extra lucky ill write object oriented code in a proceedural fashion and leave no useful reusable objects for your code maintenice enjoyment.
I work in the space industry now instead of cybersecurity with SAIC and Raytheon, both of whom laughed in my face when I told them I was self-taught and expected only a modest 38K.
Being a good tech requires a lot of curiosity, interest in learning, and a fundamental desire to ask whether things could be done better if they were done differently. If there are a lot of techie types out there who love having authoritarian managers watching their every move, ready to drive them out of the industry, out of the country, or off to gitmo, I haven't met them.
Good luck with that guys.
Security requires a special mindset which most people don't have. Borderline paranoid, willing to think about worst case scenarios, etc.
The prospective cybersecurity engineers now know that their future job isn't just about security any more. You work long hours trying to make a system more secure, and then a "government official" visits your workplace and asks you to make the system less secure or face a prison sentence. Now if you happen to suffer from mild form of OCD or autism (like many cybersecurity specialists do) then you'll probably find this completely unacceptable.
Everytime I see an article that says "Industry X can't find enough workers, people just aren't interested," it makes it sound like there's a worker shortage. What is often left out of the uncritical reporting, especially for entry level jobs, is "...can't find enough workers who will work for the amount the company wants to pay them." It's a free market, if you can't find people, you're not paying enough. Now, if it's for a senior position, then there may be a shortage of people, but that means the company has to inve$t in training. Rarely (except maybe during the 90's) is there an actual labor shortage. Just companies not wanting to pay more for labor.
-- Everything is wonderful until you know something about it.
Why oh why are our young not interested in MINT professions? And especially in that awesomely secure security business?
Easy. It's less hassle, less work and requires less brain power to push through some idiotic MBA degree, with the much higher chance to get a well paying job with way fewer overtime hours. It's simple as that. It's simply better paid to push numbers about and bullshit people out of their money than actually do something sensible that the economy could benefit from.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I am an inactive duty Marine, 5 years of clean record handling encryption systems and system administration, years of desktop support service and finished one degree with information security and working on a second. I have some entry level security certs and have been trying to find a security job locally in my state but I haven't found any. Had a couple interviews with Bit9 for a remote job but didn't get the position. I don't want much, just an average starting wage for a junior level position so I can learn and grow but there isn't any security jobs in Idaho. The wife really doesn't want to move and frankly neither do I.
A contractor I did gigs for me got me a general security clearance before a job that paid (me) about $300.
As I recall, it was a one page form.
You hiring? 10 years of security experience, 2 years as Vice-CISO (along with the relevant management skills and certificates for the office wall) sitting here bored.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Without looking at the survey, it's hard to say; but I don't think they asked people to list a career or even chose from a set. I think they simply asked people if they thought that career was interesting. Given that, 24% is rather low. With all the action and drama that you see in the media surrounding this stuff, you'd think most people would think the real wold of security is interesting. That doesn't necessarily mean they want to be in the field. It just means they think it's interesting. The propagandists need to try harder. If they really hit it right, maybe they can convince us that the local locksmith is some kind of superhero.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
'Cos the money's wearin' black!
"Flyin' in just a sweet place,
Never been known to fail..."
I've worked and dealt with network security in a few different roles now. After those experiences I have no desire to have a full time security role. Based on the small sample of my direct experience, I find IT security workers in general to be uptight, negative, stubborn, and fear-mongering. Every time you went to do something it became a battle. Depending on the company business model they were either extremely rigidly controlling of the entire environment, such that new firewall rules were needed for everything single IP/port to IP/port traffic flow, or on the opposite side they had such poor security no one wanted to hear about it because fixing it would require money and/or organizational changes. IT Security is not a fun field. As an IT professional who has a strong youthful heart I find IT security to be a soul sucking fun crushing field. I'll take a pass.
Fixed
Thank you Dave Raggett
Your experiences and description of typical IT security workers is spot on!
I think it goes to the heart of how some define 'security'...it goes something like this...the guy says,
"Yeah see security is all about *risk*...we identify and mitigate any risks to your security"
Which sets up a never-ending spiral of mis-quantifying intangible 'risk factors' which may or may not correlate directly to the 'security breach'...
It's sort of like taking Heroin but saying you'll mitigate it with methodone later in life...
Def a better way to do 'security'...but the industry like the current approach b/c it guarantees job security!
Thank you Dave Raggett
hey man...you sound dramatically over-qualified & I don't know you but from your short description I think you might hate the work as soon as you got there
you are better than 'cybersecurity'...hell, you probably know more than some of the owners of those companies!
their success is not based on quality work...they are typical 'government contractors'
it's soul-sucking work...just look at some of the responses on here
dude I think you should start your own company consulting on all tech areas you have expertise in...
hell, I'd rather be the manager of a Game Stop than do IT security
Thank you Dave Raggett
All Millennials all Millennials working in tech?
I'm pretty sure I would fall in the category that we're talking about. I'm in the first half of my 20s and have a BS in Computer Engineering. I'm actually really interested in Cybersecurity, despite the vagueness of that term. I worked on a steganography project in one of my courses that I feel would provide the benefits of encryption combined with the benefits of steganography, and that would be of interest to a lot of groups right now.
However since the people around my age grew up under the Patriot Act, and now the NSA spying fiasco theres no way any of us want to work for Raytheon. We know what Raytheon does, we don't want to work for a company that profits from war and death. We want to work against Raytheon. I know I could make a ton of money anywhere in the Defence sector. I could also make a lot of money in the Financial sector. I turned down an interview at the CME on ethical grounds.
When Raytheon says "cybersecurity" they mean "helping governments (not just the US goverment) spy on domestic and foreign citizens, and helping Chertoff in his "cyber cold war". Sorry, some of us would rather feel at least indifferent about what we do instead of feeling like we are actively hurting real freedom and spreading conflict as well paid pawns of the Defence sector.
I have been in IT over 30 years. As long as I can remember, these propaganda articles, going on about looming shortages, have been pooped out on a regular basis.
For example, the DoD craps out one of these articles about every six months. The part I like is the silly names they come up with, like "cyber warriors."
All the tech companies crap out similar propaganda all the time.
I am amazed that anybody, with any knowledge of how pop-media works, pays attention to this obvious hoax.
I don't know if there's anyone else like me around to make this question worthwhile, but how feasible is it to make the switch to security without a degree in CS? I've been reversing games and writing (game) hacks for years and there is considerable crossover between my skill set and reversing malware. Does anyone have any advise on ways to pursue an income without resorting to selling hack subscriptions?
must have already been hacked or had their identity stolen.
There are very few serious cybersecurity jobs in the private sector. Doing work for a company like Raytheon means you will be doing government contractor work. The public perception of the US government's cybersecurity efforts is very, very negative -- they're either incompetent or they're spying on US citizens.
Surprise, young people aren't interested in working for incompetent employers or violating human rights.
i wanted to apply for a cybersecurity job at a military base in my neighborhood, but the job requires an active security clearance. just saying
Don't know where you're coming up with $12/hr. You're more likely to start between $30-$40/hr at Raytheon for IT security work with no experience or minimal experience. Hell, you can get an internship there before you even have a degree for $20+/hr. Other companies pay similarly if not more.
BTW...24% of millennial are interested in IT security careers? That's HUGE. Show me any other field which has so many people interested. Major FAIL in the interpretation of the poll.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
This seems like a good topic because it has attracted the attention of a lot of people who work in the information security field. I deal with information security and have ever since going to 2600 meetings as a kid. My awareness of information security has always been a competitive advantage when looking for work, and has helped out tremendously in my IT career. I work for a company that deals with confidential, sensitive and personal information on a daily basis. We take security seriously because we have to, because our clients demand it. Our clients demand it because the government mandates that they care about it via regulation.
This leads me to my question, and I hope this produces some good discussions. How many of you guys who are decrying the lack of focus and importance that corporations place on cyber security, are for strong governmental regulation of private industry? It has been my experience, in over fifteen years of IT work, that the only places that "care" about security are those who have to because there are fines associated with not caring. As some have pointed out, security is viewed as a cost center. Unless there is a very real risk of a fine that exceeds the cost of security, the finance departments and executives are not going to "waste" resources on security initiatives.
Along the same line of thought, are there any other ways, besides regulation and fines, to make companies care about protecting their information? For example, companies that depend on intellectual property are probably willing to invest in security to protect it.
I'm interested! Hire me!
It reminds me of a piece on CNN about small businesses who have jobs but can't find anyone qualified to fit them. The one employer I recall, she was looking for a bilingual accountant, with a degree, and over 4 years of experience for $35,000 a year.
This is like saying you want to buy a Ferrari but can't find any for sale.. then later admit you only have $10,000 to spend.
If the Cybersecurity Industry wants to hire people, they're going to have to shell out the cash. I think salaries from $300k and up is a fair starting point, but $500k-$1m isn't unrealistic either.
Fewer than 25% of millennials express interest. Is that bad? I have no fucking idea, because there's no benchmark for comparison. The article pretty clearly considers this a bad situation, but really, what was the expectation? 100%? 75%?
Actually you can still get a part-time job and earn arbitrarily small amounts of money, you just have to be paid $10.40 per hour. And there are other exceptions; grad students often make less through their stipends.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Sorry. What other occupation has 1/4 of people interested in it? I know big contractors like Ratheon like to perpetuate the myth of a "desperate IT labor shortage"
http://heather.cs.ucdavis.edu/h1b.html
with news releases, "polls" and made to order stories for the purpose of ginning up support for increasing H1B numbers, but really. Am I supposed to accept the premise without any thinking here and join the conversation about "why". Let's instead start with "and....?".
Raytheon is more like $40/hour to $75/hour (depending on location), not counting benefits. It's obviously a bit lower w/o experience, but still way above $12/hour.
Also: 40 hours/week, flex time, relaxed office full of bright people, etc.
The way it works is you talk to the people who'd actually hire you. They decide to hire you. They then appologize for needing to ask you to fill out corporate HR application forms on some crappy corporate web site. After your info officially arrives from HR (barely recognizable) then you get officially chosen.
Look, the company is kind of big. I'm sure some parts are useless. I know this though: you were not really in the cybersecurity part. Maybe playing defense? That's no fun. :-)
It is about a survey which indicates that only 14% of of girls and only 35% of boys in high school are considering a career in cybersecurity.
It has nothing to do with shortages in the pool of available workers.
Its one and only point is that teachers and guidance counselors in high school should promote this "career" choice. If they don't, the most we can hope for is 24.5% of the population in cybersecurity. Unless, of course, people don't decide what field to pursue during high school.
Come on. What is the point of putting out nonsense like this, if not to force teenagers to listen to their elders associate cybersecurity with economic security.
The one thing it is not about is the current job market.