The Cybersecurity Industry Is Hiring, But Young People Aren't Interested

Daniel_Stuckey writes "Cybersecurity, as an industry, is booming. According to the Bureau of Labor Statistics, jobs as network systems and information security professionals are expected to grow by 53 percent through 2018. Yet, young people today aren't interested in getting jobs in cybersecurity. By all accounts it's a growing and potentially secure, lucrative job. But according to a new survey by the defense tech company Raytheon, only 24 percent of millennials have any interest in cybersecurity as a career."

hire me

I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.

The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.

Re:hire me

[Samantha+Wright]

Fun science fact: that figure may soon be below minimum wage in Ontario.

Re:hire me

[gl4ss]

I don't know who the fuck made the conclusions but 24% is a friggin big portion.

that's like bigger than firemen, airline pilots or what have you. it's such a big pile of people that there's no frigging way for them all to have jobs in "cybersecurity".

would be rather pointless too if more than a quarter of a generation was needed for it. that would be quite telling of the fact that they wouldn't be actually doing any cybersecurity work but working as STASI.

Re:hire me

[NJRoadfan]

If the job required any sort of federal security clearance, chances are they were looking for someone who already had one. They don't want to spend the time and money on getting clearances.

Re:hire me

[CRC'99]

The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.

11 months ago I finished my Commercial Pilots License - I haven't been able to find any work at all since completing it. That was the last time I touched a plane.

The same problem exists. People are expected to splash $100k AUD on their license, then work for ~$25k a year. Not to mention get themselves to jobs on their own dime etc... I hear the same lines "There is a massive pilots shortage!!" - which is absolute bullshit. We just have to take other jobs to pay off the loans etc we took for our training.

It just about gutted my career - but this is the world we live in. Now I'm only casually employed - and making about the same amount as I would as a pilot - while working only a handful of hours.

Re:hire me

[Salgak1]

It's the same way at higher levels and higher clearances: I accepted a job some years back, as a task and team lead to hire and train up some newbie security types.

For that, they paid me $125K. (I've got nearly 30 years of experience). Then I found out, that some of the sub-contractors I was training were making 137K. Needless to say, after pointing that out to my management, they weren't interested in doing anything about it, in fact, they told me that **MY** cost was stretching them. I left a month or so later. . .

Re:hire me

[ebno-10db]

SSDD. Companies that complain the loudest about "not being able to find people" generally pay squat and/or are a miserable place to work. Oddly, the companies that pay decently and are decent places to work have much less of a problem finding qualified people. Glad you found a better job.

Re:hire me

[intermodal]

Creating a "job" doesn't give a company the right to fill that position, especially on the crappy terms a lot of them offer. I'm in a job that I was one of two applicants for, and I'm getting out ASAP. I've been here almost six months and any small amount of confidence I had that I could turn this job into something worth doing is gone.

I'm underpaid in a toxic environment and meet resistance on everything I try to improve, fix, or address. They constantly complain about the low quantity and quality of applicants we get for the operations my department plays a support role for, and wonder why it's hard to keep people around.

I constantly hear about how awful the guy who preceded me was at this job, and I believe it. I was shocked to find that basic support requests were often not addressed for weeks, things that take me five minutes to fix. And that guy was let to stay here for over three years, and left of his own accord. When I leave, they're going to have a very hard time finding someone worth hiring to replace me unless they offer a hell of a lot more than I'm getting.

Re:hire me

I'm definitely not a millennial, but since Operation Sun Devil in the early 1990s, the *hat types are very hard to come by. My generation had a fear that anyone with "skillz" would be tossed to the wolves when the press found that there was a major security breach. The hacker witch hunts that closed SJG drove the majority of the "scene" underground.

In the late 1990s, companies lost any interest in security, and this has evolved to an attitude of "China can break into anything it well pleases, so why spend money on something with ROI?"

Of course, the perception that anything STEM related gets offsourced to India or China, making a job in any field other than law or finance an exercise in futility has also made millennials on the border choose something else, especially with the adage, "there is no such thing as an unemployed lawyer or CPA" as a mantra.

Finally, there is a general disinterest in security. I've worked at a number of places and ended up putting down a list of tips, but people will react with extreme hostility at any security increase. A mere suggestion of going to 8-10 character passwords would make people scream to corp brass that their company is turning into a police state. Since PHBs believe security has no ROI, there is little to no interest in bothering with something that just causes interruptions in workflow.

So combining the fact that SJG, the disinterest in computer security in general, the belief that the war is lost, and that anyone who is world class will be less successful than a JD who just passed the bar, it is no wonder why millennials have little interest in security.

This can be fixed though. It may take some college grants and maybe even expanding DoD divisions and NIST so there is a better response and prevention in place. Attitudes need changed too. In China, a blackhat working for the PLA is respected as much as the marine who can rip two people's arms off at the same time.

I'm not surprised.

[Xenkar]

I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.

Re:I'm not surprised.

[cardpuncher]

Cybersecurity doesn't necessarily mean surveillance. There's a more attractive side, too - you could spend your entire life running change control on a library of hundred-page procedure documents and reviewing firewall logs. Now, what kid could turn down *that* opportunity?

Re: I'm not surprised.

[O('_')O_Bush]

This. What the article doesn't explain is what cyber security usually entails at a defense contractor. I did that kind of work for about a year, and wanted to pull me own fingers off.

It was where they took bright engineers, gave them tedious and excruciatingly boring tasks, burned them out, and replaced them. You'd think cyber security would be somewhat cool, but in reality, it was taking several multi-thousand line spreadsheet checklists, run some scripts, and manually put passes or fails for the things the scripts didn't cover. Do that all day every day for every type of server and every project, repeatedly, till all or almost all checks were passed. And then, do documentation.

I would say that where I worked, the youngest crowd were the only suckers willing to take that work. Everyone else knew better.

Does everyone have to work in cybersecurity?!?!

I would've thought 24% of young people being interested is pretty good. Especially for a niche job like this.

millenials

[Idimmu+Xul]

such a retarded word

Re:millenials

such a retarded word

Yes. Almost as retarded as their mentality towards security and privacy.

Perhaps "The Facebook Generation" would be more politically correct? It's certainly accurate, and speaks to the overall disinterest of this generation who likely contributes a disproportionate amount of data to NSA collection points, derived from their "meh" attitude towards privacy.

Don't worry. Millenials will be replaced with "obedient servants" soon. In the meantime, we'll settle on Sheeple.

Re:millenials

[IndustrialComplex]

Systems that were written largely by members of Generation X and marketed by Baby Boomers. But no, keep thinking that everything is the fault of which ever generation is the youngest.

Good point. I always shake my head at articles about how poor the millenial generation turned out. Isn't it the responsibility of the previous generation to guide the new generation? It's not like you are born with a life instruction manual. If there are problem with the current generation, the blame falls squarely on the preceeding generations. This is the world the millenials were born into, and they grew up with the guidance from the existing generations.

Like raising a dog, if it's ill-tempered, look to the owner.

Re:millenials

[IndustrialComplex]

For those of us born in the early 80s, we get to pick and choose the best parts of generation X and the millenials. We are the generation that fell through the cracks as far as media labeling is concerned. It's great!

Media complains about Generation X, we get to poke fun on our 'cloud' access devices.
Media complains about Millenials, we quickly skip to Nirvana in the playlist and scoff at this new generation.

Bulls**t: 24% is a _lot_!

[Terje+Mathisen]

Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.

Terje

Re:Bulls**t: 24% is a _lot_!

[king+neckbeard]

If a parent tells a child they are a special snowflake, it's probably the parent that thinks themselves the snowflake, not the child.

Because it doesn't involve creating anything!

The idea of working on mechanisms to stop other people from doing things seems like such a depressing job, even if the objective is to stop malicious people from doing bad things! The goal is to suppress and defeat the actions of other people who actually lead interesting lives!

Meanwhile, almost every other kind of development job involves creating something visible, something meant to be shared, something constructive, helpful, or fun!

Re:Soon to be obsolete

[mysidia]

Progress is slowly being made in the use of capability based security.

If you think a technology will solve all our security problems, then you don't understand what security is all about.

Securty is a process, not a technology.

Every time you think you've built something idiot-proof; nature comes right in, and delivers you a more idiotic idiot.

Until you can eliminate all humans in organizations; computer security can never be a solved problem.

Because most security problems are caused by humans, AND IT security falls within the broader umbrella of risk management.

You will never own a perfectly secure system. Not now. Not in a thousand years.

It doesn't matter what fancy new capability-based models you come up with; there will always be threats and vulnerabilities.

Re:Because Corps are Distusting!

[ImOuttaHere]

A very surprisingly large number of corporations do NOT spend money on security.

Which is why the FBI surprised over 70 companies a couple years back when the FBI told them their systems had been hacked for the company's intellectual property. The companies in question had _no_ idea they'd been hit. Which is also why the NSA makes a point of touring US-based companies to present corporate execs (primarily in the IT end of things) un-classified reports on the latest security threats (if you don't already know, take a look at the NSA Information Assurance program). Which is why I was laid off because one such company was not going to listen to someone suggesting to them their computer security really sucked and were actually in the process of slashing intellectual property protection and computer security jobs. Again. For the eighth time in four years. So they could use the money "saved" on the salaries of people at my level who were also laid off to "buy" low level grunt "talent" in their China operations. That company's security still sux and remains far too easily hacked, and this is in a sixty year old high tech company that would've known better had they not be bought out by an aggressive "rollup" company to then be run by a bunch of greedy WallStreet-types who extract, literally, $100's of millions of dollars for themselves from the companies they've absorbed and stripped of assets.

So, no, many companies could give a rat's rear about security.

Only large corps really spend money on security...

dafuq

[Redmancometh]

Am I missing something? 24% of millenials sounds like a huge number if its not just IT workers polled.

Security is an ungrateful business

[gnasher719]

When your job is security, the best thing that can happen is that you do an excellent job, and the end result is - nothing. That's the whole idea of it. If you do your job right, nothing happens. If you do your job badly, shit happens. Stuff gets stolen, and so on.

So will anyone congratulate you for a job well done? No, they will only see money spent on your salary with zero results. You will look as if the company could do without you. You know better, but the people who might give you a raise don't. And the people who could fire you to safe on salaries and increase profits don't.

You get much better recognition in a job that visibly produces positive results.