Slashdot Mirror
The Cybersecurity Industry Is Hiring, But Young People Aren't Interested
Daniel_Stuckey writes "Cybersecurity, as an industry, is booming. According to the Bureau of Labor Statistics, jobs as network systems and information security professionals are expected to grow by 53 percent through 2018. Yet, young people today aren't interested in getting jobs in cybersecurity. By all accounts it's a growing and potentially secure, lucrative job. But according to a new survey by the defense tech company Raytheon, only 24 percent of millennials have any interest in cybersecurity as a career."
I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.
The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.
I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.
I would've thought 24% of young people being interested is pretty good. Especially for a niche job like this.
such a retarded word
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.
Terje
"almost all programming can be viewed as an exercise in caching"
Nobody wants to be considered a potential hacker cuz they "know things".
Only large corps really spend money on security... But let's face it, why would a young and promising guy with a bright future ahead of him, work for a disgusting corporation that's full of bureaucracy, politics, and incompetent managers? What's in it for him other than the money which he can probably get elsewhere?
Small companies are not just more fun; your opinions are heard, things move much faster, there's less bureaucracy, and there's usually minimal to no politics. I would gladly shave a chunk of my salary, and work for this type of company, than waste my life in a cubicle in some corporation where I am a very small and insignificant peon.
All those moments will be lost in time, like tears in rain... time... to... die...
Yeah that's what I want. A job in the tech industry, where every 10 years I'll be horribly replaced by new tech, outsourced or too old for. Then again, might I suggest the medical field, where you can get a job anywhere in the country at the drop of a hat with experience and there's a never ending Obamacare supply of jobs.
It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.
Having worked in IT for far too many years, I know how it goes: when you hire new employees, you know they aren't going to be up to speed for at least 3 - 6 months. However, these companies are mostly new start-ups, so they think it is like hiring a contractor, and they want their new staff to be up to speed immediately. It's just not going to happen, but until they see sense and learn to plan for the long term, the situation will be that way; lots of jobs that go unfilled, and lots of well qualified people the can't find jobs. And it's not about money, really; these web companies could afford to think ahead and invest in people with good potential - and one could argue that they can't really afford NOT to do so.
On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration. In the old mainframe days you would call them System Programmers, and they would be your most sacred asset. But what the web companies really mean when they say "DevOps" is just a low ranking build engineer, who knows how to use Puppet, Chef or Jenkins and is doing the same, repetitive task over and over, provisioning into the cloud. And they all want somebody who has "at least 5 years experience with the cloud"; has "The Cloud" even existed that long?
only 24 percent of millennials have any interest in cybersecurity as a career
That is not a lack of interest - it is an enormous interest. Think of when you were in class - if a quarter of the whole class were interested in one career. It is so high that I have difficulty believing it. If you assume that in any class you are going to have a 5% with no academic interest, maybe another 5% who truly want to pursue something non-technical, be it lawyer, politician, professional musician, sportsman, minister of religion, or artist - then I would say that it would be all the non-security related scientific, technical, and computer related industries that should be worried. If that figure were true it would mean that *most* people who are going to want a technical career would be looking at jobs in computer security.
Offer more cash and support ongoing education, you get the best people in any generation. Start going for cheap wages, gov spying deals and contractors and it gets interesting in many ways.
Cybersecurity is sold as protecting data but could mean helping track dissidents or build deep packet inspection.
The brand is a key factor too, if you are facing more congressional hearings or whistleblowers show you hawking your domestic surveillance skills to govs. Also don't ask your staff to do mass surveillance. They know its wrong and won't be fooled by any paperwork, letters of immunity or work on a 'safe' list or 'white list' of nationals.
You also have skilled people who know what the 'brands' do internationally. The staff know their CV is going to connected to press about fines, bribes, slush funds, political intrigue, black sites and mass surveillance.
i.e. people can google the boss and brand. A new company or old, it all shows up even from the press from the 1980-90's...or later whistleblowers work.
Domestic spying is now "Benign Information Gathering"
Or maybe, just MAYBE, they are afraid of being lumped in with the clueless bunch that are brandishing the term 'cyber' for everything, like it was some demented talisman to ward against evil net spirits.
I mean everybody knows that a 'CyberSecurity Specialist' is only a small and mostly accidental step away from a 'CyberBully', or 'CyberTerrorist', or OMG!!! Cyborg!!!
"Why yes, I'm a Terminator for the NSA, DHS, and in my spare time, the FBI and CIA! I'm a hit at all the parties!"
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
The idea of working on mechanisms to stop other people from doing things seems like such a depressing job, even if the objective is to stop malicious people from doing bad things! The goal is to suppress and defeat the actions of other people who actually lead interesting lives!
Meanwhile, almost every other kind of development job involves creating something visible, something meant to be shared, something constructive, helpful, or fun!
Progress is slowly being made in the use of capability based security.
If you think a technology will solve all our security problems, then you don't understand what security is all about.
Securty is a process, not a technology.
Every time you think you've built something idiot-proof; nature comes right in, and delivers you a more idiotic idiot.
Until you can eliminate all humans in organizations; computer security can never be a solved problem.
Because most security problems are caused by humans, AND IT security falls within the broader umbrella of risk management.
You will never own a perfectly secure system. Not now. Not in a thousand years.
It doesn't matter what fancy new capability-based models you come up with; there will always be threats and vulnerabilities.
Not everyone lives in some cutting edge tech hub, some countries don't even have one when it comes to security stuff. Elsewhere in the world, companies want certifications but to get certification you need documented experience with an employer... so I went and got a degree in I.T. Security then because of the aforementioned I went into mainstream I.T., then I realised there's more money to be made pretty much everywhere else but cybersecurity, and it's easier too. I love hacking all sorts of stuff, from USB MITM attacks to fuzzing to even good ol' risk assessment but I probably have more of an impact on security in general now as an IT Manager by making decent security decisions and ensuring software projects don't make stupid design choices (Eg: Let's trust all input from the client!) then I would have at as a consultant or analyst or whatever. Not only that, I get paid more and I can still do what I like in my own time without having a profit motive attached to it. I found it's easier to solve security issues when you're in the conglomerate board room and not in the company trenches, social engineering as it's best if you ask me.
As with anything, they could try offering them more money and better conditions.
And as always, businesses would rather avoid that in favour of having others (college/govt/other countries) train them and create a surplus of people trained in the sector to depress the wages.
While it's nice when people can enjoy their work, most people work to live, not live to work. Give them training, more money and time off to enjoy it and you'll get more applicants.
Progress is slowly being made in the use of capability based security. This will eventually (15-20 years from now) mean that computer security will be a solved problem.
Assuming capability based security will be the next big thing (I don't have enough experience to confirm or deny that), there will still be a need for people who design, write and audit programs using capability based security. So "a solved problem" would mean "the approach everyone uses" not "something that doesn't need attention".
Additionally, computer security can be outsourced and managed remotely, so it is likely to be commoditized, in much the same way as IT Administration was.
Only if you can trust a third party with your data. Also, I don't think you can fully separate computer security from information security: someone has to decide which people and automated processes get access to what data. The design of business processes and information systems (these must be in sync) in a way that minimizes security risks while still being workable is specific to a particular organization and therefore not a commodity.
So, you are predicting that Adobe will be out of business in 15-20 years?
This is my signature. There are many like it, but this one is mine.
I would prefer a job (and I have such a job at the moment) that enables users to do things, that increases their possibilities. Not one to take possibilities away, and to restrict users.
Pretty even split between train drivers and astronauts.
That's the boys, obviously. I have no idea about the girls and they have cooties anyway.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Give me comparative numbers, what is the trend ? What can I do with a "24%" which sounds like a very high number.
Am I missing something? 24% of millenials sounds like a huge number if its not just IT workers polled.
terrorism and highly illegal!! We are punishing American research for what the Chinese, Russians, North Koreans get away with for free , on a daily basis Sad sad times are here, all we can legally do now is freeze and bend over
From the Raytheon article key figures: "Young men (35 percent) are far more interested than young women (14 percent) in a career in cybersecurity." If that many people are interested in cybersecurity, I'd call that "an overwhelming proportion" of persons being interested in cybersecurity. By that count, that's an enormous population of paranoid technofreaks.
"The survey also found less than one-quarter of young adults aged 18 to 26 believed the career is interesting at all." And how much of the total population gets employed in computer security AS A WHOLE? Less than 0.1% easily. How many other types of jobs, areas of interest and careers are there WITHOUT EVEN leaving the IT world?
The study page even highlights that they didn't target IT graduates. This is from a general, untargeted smattering of 1,000 members of the population. That's not even a proper sample size.
Bad journalism. Bad study report. Bad.
-- "Simplicity is prerequisite for reliability." --Dijkstra
Some of us do, I just threw up, experience or not you should run. If your okay to find nothing safe for your own mind okay, , and your good with it, then fine. this does not work for everyone.
That's because companies view network security as a cost center, rather than a profit center, so they want to spend as little on it as possible. Being a network security specialist is a "reactionary" job - you do everything you can to make the network safe (on the usually meager budget you've given to do so), and then wait for ... something ... to happen, after which you'll be implicityly if not outright blamerd for it. You can also look forward to carrying a pager, possibly 24/7. In order to do the job well you'd probably need a skillset that intersects knowledge of IT, networking and programming. You could be a programmer, which is a profit center for software companies, which means you'd probably be treated and paid better, and not locked into IT, which is a dead end at many companies who see IT as something they begrudgingly have to pay for.
Still, network security sounds sexy, and it probably pays better than mainstream IT - I'm surprised they're having that much trouble finding people to do it.
I also can't help wondering if the world's black hats would pay better for someone with the skillset. After all, for them, network security is a profit center.
"Can't you see that everyone is buying station wagons?"
Oh, snap!
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
Given that no individual link in the security chain can be trusted (pretty much proven by the NSA), a single security method will never suffice.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Surely we can just out source these jobs to China? They're probably already doing the work in fact...
Hey, if I own anything in a thousand years, I'm doing alright!
Why would they want to take a job working against what they consider to be a valid weapon against others, most especially corporations?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
"TV or movie entertainer," while 26 percent had interest in being a lawyer.
I personally don't know anyone that wants to be a TV or movie entertainer, are they taking this survey in Hollywood? lol
That seems a crazily high number. Put the phrase "Only 24 percent of young people were interested in becoming ..." a lot of other jobs, and it sounds awfully strange ...
- Phlebotomist?
- Entrepreneur?
- Doctor / Nurse / Physical therapist?
- Academic?
(etc)
I'd have been far more surprised if some even higher percentage *did* express interest ...
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
When your job is security, the best thing that can happen is that you do an excellent job, and the end result is - nothing. That's the whole idea of it. If you do your job right, nothing happens. If you do your job badly, shit happens. Stuff gets stolen, and so on.
So will anyone congratulate you for a job well done? No, they will only see money spent on your salary with zero results. You will look as if the company could do without you. You know better, but the people who might give you a raise don't. And the people who could fire you to safe on salaries and increase profits don't.
You get much better recognition in a job that visibly produces positive results.
Why the surprise? We all live in police states. From the recent scandals and revealations, that opinion is no longer fringe. If in doubt, just watch some evening news and try to find a story where police/justice/govt is _not_ involved. Small wonder people seek the distractions of sports & gossip.
The tension imposed by the police state stresses everyone (not least the officers themselves). People naturally shy away from it. Even legitimate security efforts suffer under the toxic cloud. Fear of being sucked deeper _should_ keep people away. In applying to Booz-Allen, Mr. Snowden probably expected to be analysing corporate data, or maybe govt contractor data at worst. Surprise!
I think you've underestimated how many people want to be "a Indiana Jones" and the ever-present contingent committed to a career as a fire truck.
No kidding!!! What do you say at this point?
I've done security work as part of systems engineering, and helped other companies with it, for decades. It would be difficult to pay me enough to take that as a primary role. Many projects think of security as something that can be painted on after a project is done: others have managers or core developers who think of every moment spent thinking about security as wasted, non-profit-generating work.and actively discourage any attention to security implications. Others rely on external firewalls to say "we trust the people we work with" and "if they can get to our network, we have much bigger problems" and proceed to ignore _all_ security concerns, especially those of angry former employees or zombied laptops.
Getting people to agree to, and follow, even the most basic security practices is nightmarish managerial and political work, and new security employees will not have any of the necessary political authority or acumen to get the changes done. The constant compromising, especially compromising for employees who are fundamentally stupid but work for someone important enough to protect them, can be soul draining and professionally devastating. It's also very difficult to get recommendations from former employers for security work: doing it well often means aggravating people who just want things to be easy. Those people _will_ complain to your supervisors, and get you labeled as "not a team player" in performance reviews.
That's why I prefer to get in, do our work, do our best with the security concerns, ttry to resolve the trade-offs as best we can, document the remaining issues, and _get out_.
Unless you forgot your password on a new machine? Ya, right. How about an ad by companies? Maybe in the L.A.Times? New York Times? It doesn't take much "intelligence" to figure out that someone wants to hire a bunch of 15 cent an hour geniuses to handle an American intelligence software generation contract from the D.O.D. What could possibly go wrong there?
So I googled the topic and found out some intelligence the easy way. 4 job openings at the DHS. Typed in "Cyber" just like the instructions said to do. Word has it by just saying, "I'm a Hacker" gets one in trouble. Funny, not a single job reference in Hawii. I figure that since Snowden left work early one day, there would be one at least there. Must be some kind of "big scarey secret going on there." I just thought of something new, I'll go check WikiLeaks for any jobs in Cyber Security? I hear the president compares his daily security briefing to WikiLeaks to see how far off the DHS is.
I was going to comment and point people to this thread, since many of you have pointed out exactly why this problem exists. However when I went to find out how wide this press release was distributed I found it was just some hack job done by a PR firm. This never made it into any kind of mainsteam media, just trade publications/websites. Raytheon might as well be shouting into the wind.
are interested in cybersecurity? And that's not enough? I think what they are saying is that they need more to be interested and to train for it so they can hire a few at really low wages, otherwise I guess they'll just have to start looking for H1B visa hires...
Making $5/hr when I live in a country with a cost structure designed for someone making $50/hr. Yeah, sure. How could I turn *that* offer down. And of course, only millenials matter for cybersecurity jobs. Can't hire those 50+ guys. No way. Even if there are lots of them looking for work.
Please do not read this sig. Thank you.
of the population working in "cyber security" so how is this a problem?
Hey, if I own anything in a thousand years, I'm doing alright!
You never know... some people have cryogenicists freeze their body, with an intention of being revived some day in the distant future.
I heard rumors about Raytheon that make it sound like a very unappealing place to work. Rumors about job turmoil such as lousy benefits that get worse every year and no job security.
This, a thousand times this. I have never met a security professional that thought their environment was secure. Everything is always coached within the context of risk management.
The downside to information being ubiquitous is that it is much harder to shiny-up a crappy job and convince people to make a career out of it.
As others have mentioned, 24% seems awfully high — but if they want it to be higher, initial interest in "cyber security" as a career may be heightened if the pay were improved. The whole Snowden incident has probably not improved interest either.
Earning potential is what motivated me to select Electrical Engineering over Computer Science when deciding on a major, and glassdoor.com motivated me to avoid several potential employers.
An internal system operation returned the error "The operation completed successfully.".
Securty is a process, not a technology.
Not only that, but people really should understand that *security is not about absolutes*. Things are not either "secure" or "insecure". Well executed security is essentially about a trade-off between "easy accessibility for authorized usage" and "difficult accessibility for unauthorized usage".
The only way to "completely secure" a computer hard drive, for example, is to completely destroy it. Otherwise, there is some risk that someone can eventually gain access to it and recover some data. Short of that, I can put it in a cement block and sink it in a deep trench in the ocean, which would make it very secure and also very inaccessible. I can encrypt the drive, and then the security task shifts to securing the encryption key (ignoring the possibility of cracking the encryption).
But ultimately, one of the key problems with security is that it's not just about preventing access by an unauthorized person, but also about preventing unauthorized usage by an authorized person. If I give you access to some documents because you need access for legitimate reasons, then I can't really then prevent you from using the information in those documents for some other purpose. A lot of malware ends up on computer systems because someone hit "OK" and granted access. As long as someone has admin rights and can hit "OK" to install software, malware will be able to be installed by tricking that person.
Everytime I see an article that says "Industry X can't find enough workers, people just aren't interested," it makes it sound like there's a worker shortage. What is often left out of the uncritical reporting, especially for entry level jobs, is "...can't find enough workers who will work for the amount the company wants to pay them." It's a free market, if you can't find people, you're not paying enough. Now, if it's for a senior position, then there may be a shortage of people, but that means the company has to inve$t in training. Rarely (except maybe during the 90's) is there an actual labor shortage. Just companies not wanting to pay more for labor.
-- Everything is wonderful until you know something about it.
Why oh why are our young not interested in MINT professions? And especially in that awesomely secure security business?
Easy. It's less hassle, less work and requires less brain power to push through some idiotic MBA degree, with the much higher chance to get a well paying job with way fewer overtime hours. It's simple as that. It's simply better paid to push numbers about and bullshit people out of their money than actually do something sensible that the economy could benefit from.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I find it absolutely unacceptable. And I'm good enough to feed both, my OCD self and the government specs.
Fortunately, they're no better at writing specs than they are at ... well, anything else.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I am an inactive duty Marine, 5 years of clean record handling encryption systems and system administration, years of desktop support service and finished one degree with information security and working on a second. I have some entry level security certs and have been trying to find a security job locally in my state but I haven't found any. Had a couple interviews with Bit9 for a remote job but didn't get the position. I don't want much, just an average starting wage for a junior level position so I can learn and grow but there isn't any security jobs in Idaho. The wife really doesn't want to move and frankly neither do I.
Borderline doesn't cut it, brother.
And I AM NOT PARANOID!
(because if you are THEY will notice it instantly!)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A contractor I did gigs for me got me a general security clearance before a job that paid (me) about $300.
As I recall, it was a one page form.
You hiring? 10 years of security experience, 2 years as Vice-CISO (along with the relevant management skills and certificates for the office wall) sitting here bored.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Without looking at the survey, it's hard to say; but I don't think they asked people to list a career or even chose from a set. I think they simply asked people if they thought that career was interesting. Given that, 24% is rather low. With all the action and drama that you see in the media surrounding this stuff, you'd think most people would think the real wold of security is interesting. That doesn't necessarily mean they want to be in the field. It just means they think it's interesting. The propagandists need to try harder. If they really hit it right, maybe they can convince us that the local locksmith is some kind of superhero.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
'Cos the money's wearin' black!
"Flyin' in just a sweet place,
Never been known to fail..."
And most of all you can't share jack with anyone with all those pesky NDAs.
Years of security could produce so many so juicy stories, sadly you can't even say that you have such stories.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I've worked and dealt with network security in a few different roles now. After those experiences I have no desire to have a full time security role. Based on the small sample of my direct experience, I find IT security workers in general to be uptight, negative, stubborn, and fear-mongering. Every time you went to do something it became a battle. Depending on the company business model they were either extremely rigidly controlling of the entire environment, such that new firewall rules were needed for everything single IP/port to IP/port traffic flow, or on the opposite side they had such poor security no one wanted to hear about it because fixing it would require money and/or organizational changes. IT Security is not a fun field. As an IT professional who has a strong youthful heart I find IT security to be a soul sucking fun crushing field. I'll take a pass.
Fixed
Thank you Dave Raggett
Your experiences and description of typical IT security workers is spot on!
I think it goes to the heart of how some define 'security'...it goes something like this...the guy says,
"Yeah see security is all about *risk*...we identify and mitigate any risks to your security"
Which sets up a never-ending spiral of mis-quantifying intangible 'risk factors' which may or may not correlate directly to the 'security breach'...
It's sort of like taking Heroin but saying you'll mitigate it with methodone later in life...
Def a better way to do 'security'...but the industry like the current approach b/c it guarantees job security!
Thank you Dave Raggett
All Millennials all Millennials working in tech?
I don't think I'm overqualified, far from that, I think I am way underqualified hence my continue education. I enjoy security and it is the direction I want to head in. I appreciate the thought though :)
I'm pretty sure I would fall in the category that we're talking about. I'm in the first half of my 20s and have a BS in Computer Engineering. I'm actually really interested in Cybersecurity, despite the vagueness of that term. I worked on a steganography project in one of my courses that I feel would provide the benefits of encryption combined with the benefits of steganography, and that would be of interest to a lot of groups right now.
However since the people around my age grew up under the Patriot Act, and now the NSA spying fiasco theres no way any of us want to work for Raytheon. We know what Raytheon does, we don't want to work for a company that profits from war and death. We want to work against Raytheon. I know I could make a ton of money anywhere in the Defence sector. I could also make a lot of money in the Financial sector. I turned down an interview at the CME on ethical grounds.
When Raytheon says "cybersecurity" they mean "helping governments (not just the US goverment) spy on domestic and foreign citizens, and helping Chertoff in his "cyber cold war". Sorry, some of us would rather feel at least indifferent about what we do instead of feeling like we are actively hurting real freedom and spreading conflict as well paid pawns of the Defence sector.
I have been in IT over 30 years. As long as I can remember, these propaganda articles, going on about looming shortages, have been pooped out on a regular basis.
For example, the DoD craps out one of these articles about every six months. The part I like is the silly names they come up with, like "cyber warriors."
All the tech companies crap out similar propaganda all the time.
I am amazed that anybody, with any knowledge of how pop-media works, pays attention to this obvious hoax.
I don't know if there's anyone else like me around to make this question worthwhile, but how feasible is it to make the switch to security without a degree in CS? I've been reversing games and writing (game) hacks for years and there is considerable crossover between my skill set and reversing malware. Does anyone have any advise on ways to pursue an income without resorting to selling hack subscriptions?
word good luck out there man!
Thank you Dave Raggett
Don't know where you're coming up with $12/hr. You're more likely to start between $30-$40/hr at Raytheon for IT security work with no experience or minimal experience. Hell, you can get an internship there before you even have a degree for $20+/hr. Other companies pay similarly if not more.
BTW...24% of millennial are interested in IT security careers? That's HUGE. Show me any other field which has so many people interested. Major FAIL in the interpretation of the poll.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
Capability based security is rooted in the principle of least privilege. The user decides what they wish the operating system to give the program access to, at run time. Just like you decide how much money to hand to a cashier at the checkout line, instead of giving them well defined limited access to your wallet and paypal account.
Trusting software is stupid, the only thing we should have to trust is the kernel of the operating system, and nothing else.
This seems like a good topic because it has attracted the attention of a lot of people who work in the information security field. I deal with information security and have ever since going to 2600 meetings as a kid. My awareness of information security has always been a competitive advantage when looking for work, and has helped out tremendously in my IT career. I work for a company that deals with confidential, sensitive and personal information on a daily basis. We take security seriously because we have to, because our clients demand it. Our clients demand it because the government mandates that they care about it via regulation.
This leads me to my question, and I hope this produces some good discussions. How many of you guys who are decrying the lack of focus and importance that corporations place on cyber security, are for strong governmental regulation of private industry? It has been my experience, in over fifteen years of IT work, that the only places that "care" about security are those who have to because there are fines associated with not caring. As some have pointed out, security is viewed as a cost center. Unless there is a very real risk of a fine that exceeds the cost of security, the finance departments and executives are not going to "waste" resources on security initiatives.
Along the same line of thought, are there any other ways, besides regulation and fines, to make companies care about protecting their information? For example, companies that depend on intellectual property are probably willing to invest in security to protect it.
The problem is those jobs (and tech/STEM jobs in general) are heavily concentrated in certain geographical regions (West coast & Northeast). When companies start shunning telecommuting it will be even harder to find jobs.
This may be a conspiracy to drive up the real estate market of those regions.
New Economic Perspectives
The leet hackers are not idiots, my friend.
Education and intelligence do not stand in the way of evil.
Fewer than 25% of millennials express interest. Is that bad? I have no fucking idea, because there's no benchmark for comparison. The article pretty clearly considers this a bad situation, but really, what was the expectation? 100%? 75%?
Fourthly, even if a generation of kids with a strong anti-authoritarian streak (and who were shocked and appalled by various US administration's behaviour from Guantanamo Bay to Snowden while growing up) aren't interested in doing cybersecurity for the US government or bureaucratic defence contractors, that's a totally different thing to "not being interested in cybersecurity at all".
This is the most important point. As a soon-to-graduate computer science and math major for whom cybersecurity is a possible career option, this is my biggest concern as far as working in cybersecurity goes. It's also a problem more generally. I want as little to do with the military-industrial complex as possible. Here in Tucson, Raytheon is one of the more popular targets for student internships in CS and engineering, but I'm not interested. I don't think I could work for a weapons company, or any the imperialist public structures that support them, in good conscience.
But if I continue to study mathematics and computer science after I finish my undergraduate degrees, I would be very happy to work on projects like Tor and Freenet, or crypto-currencies. There are alsocommercial security technologies I'd be happy to work on (like privacy-enhancing desktop & smartphone apps, a là TextSecure).
The leet hackers are not idiots, my friend.
No, but leet hackers and malware are unnecessary; and there will still be security issues without them.
The top of every organization's list of security threats should be the Unintentional Insider Threat (UIT).
You know... for those situations where some fool e-mails the root password to their coworker's gmail address?
Actually you can still get a part-time job and earn arbitrarily small amounts of money, you just have to be paid $10.40 per hour. And there are other exceptions; grad students often make less through their stipends.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Some 15 year old kid in NZ was offered a job with the cops in 'cybersecurity' after being caught stealing credit card numbers, do you really want the ones stupid enough to get caught doing stupid shit getting better job offers than the folks who manage to remain underground?
Sorry. What other occupation has 1/4 of people interested in it? I know big contractors like Ratheon like to perpetuate the myth of a "desperate IT labor shortage"
http://heather.cs.ucdavis.edu/h1b.html
with news releases, "polls" and made to order stories for the purpose of ginning up support for increasing H1B numbers, but really. Am I supposed to accept the premise without any thinking here and join the conversation about "why". Let's instead start with "and....?".
It is about a survey which indicates that only 14% of of girls and only 35% of boys in high school are considering a career in cybersecurity.
It has nothing to do with shortages in the pool of available workers.
Its one and only point is that teachers and guidance counselors in high school should promote this "career" choice. If they don't, the most we can hope for is 24.5% of the population in cybersecurity. Unless, of course, people don't decide what field to pursue during high school.
Come on. What is the point of putting out nonsense like this, if not to force teenagers to listen to their elders associate cybersecurity with economic security.
The one thing it is not about is the current job market.