The Cybersecurity Industry Is Hiring, But Young People Aren't Interested

Daniel_Stuckey writes "Cybersecurity, as an industry, is booming. According to the Bureau of Labor Statistics, jobs as network systems and information security professionals are expected to grow by 53 percent through 2018. Yet, young people today aren't interested in getting jobs in cybersecurity. By all accounts it's a growing and potentially secure, lucrative job. But according to a new survey by the defense tech company Raytheon, only 24 percent of millennials have any interest in cybersecurity as a career."

hire me

I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.

The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.

Re:hire me

[InfiniteLoopCounter]

I have to agree. I would have worked for Raytheon if they were interested in me as I have all the required study and would work initially for cheap, but they have basically said f*** o** to me in the past with no response. How am I supposed to now be interested in working for a company that only seems to want people with existing experience as well as skills? Sounds like they want to avoid training anybody and have poor HR people, do little advertising at universities, and cry like babies when they "can't find anybody."

Re:hire me

[Samantha+Wright]

Fun science fact: that figure may soon be below minimum wage in Ontario.

Re:hire me

If they are having labor shortages they need to hire more Chinese H1Bs.

Re:hire me

[gl4ss]

I don't know who the fuck made the conclusions but 24% is a friggin big portion.

that's like bigger than firemen, airline pilots or what have you. it's such a big pile of people that there's no frigging way for them all to have jobs in "cybersecurity".

would be rather pointless too if more than a quarter of a generation was needed for it. that would be quite telling of the fact that they wouldn't be actually doing any cybersecurity work but working as STASI.

Re:hire me

[NJRoadfan]

If the job required any sort of federal security clearance, chances are they were looking for someone who already had one. They don't want to spend the time and money on getting clearances.

Re:hire me

[CRC'99]

The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.

11 months ago I finished my Commercial Pilots License - I haven't been able to find any work at all since completing it. That was the last time I touched a plane.

The same problem exists. People are expected to splash $100k AUD on their license, then work for ~$25k a year. Not to mention get themselves to jobs on their own dime etc... I hear the same lines "There is a massive pilots shortage!!" - which is absolute bullshit. We just have to take other jobs to pay off the loans etc we took for our training.

It just about gutted my career - but this is the world we live in. Now I'm only casually employed - and making about the same amount as I would as a pilot - while working only a handful of hours.

Re:hire me

[SirGarlon]

Sounds like they want to avoid training anybody and have poor HR people, do little advertising at universities, and cry like babies when they "can't find anybody."

With regard to avoiding training anybody, all American companies are like that. Training costs are an externality they unload onto their employees. It is not, however, difficult to recruit qualified people even under those circumstances. All you have to do is offer them 20% more than your competitor does, and candidates will line up outside your door.

Companies just whine instead are not serious about recruiting and/or want government support in the form of H1-Bs.

Re:hire me

[todrules]

Good point. And with the overall, general hatred towards the government these days, people aren't looking to work there, including the military, since there is a war going on. General government work, and especially the military, have been places in the past where most people get their security clearances. Then, they can leverage those to get a job in the private sector. It doesn't look like that's happening like it used to.

Re:hire me

They don't want to spend the time and money on getting clearances.

First, the contracting companies that hire the people do not pay for the clearance. The fed pays a third party to do all the investigations. It is all about the time. It can take a year or more to get a clearance. The government will not put any one in for a clearance unless they are working on a contract that requires that the person has a clearance and most contract will not allow a person to work on the contract unless they already have a clearance. It is a catch-22.

Re:hire me

[Notabadguy]

What the civilian world calls cyber security, the military calls information assurance (IA) and information warfare (IW).

My personal story:

I was in the army's IA ranks. I had an active TS/SCI clearance, had published policy papers within my...inner specialty, was a welcome addition to Defcon - I have an Ivy League education, at the time had an incredible network of IA/IW contacts, and left the army as a JMO (Junior Military Officer).

When I left the army (at 28) I was considered a hot commodity in the cybersecurity world. I interviewed with both Raytheon and SAIC, and turned down head-hunters from several other companies. Both companies made me an offer; SAIC for $55,000 a year, and Raytheon for $42,000 a year. Both offers were less than I was already making, and both companies explained that everyone starts at the bottom and works their way up. I declined both and took a position outside cybersecurity for $79,000/yr.

At the time, cybersecurity wasn't willing to pay a clean-cut, clean-record military officer already in the field with requisite training, clearances, background screening and aptitude as much as I already made in the military, and the military isn't where high dollar jobs are.

Re:hire me

[Gibgezr]

Came here to say exactly this. There is just no way that 24% can be viewed as "low" in this context; it's frickin' huge!

Re:hire me

[Salgak1]

It's the same way at higher levels and higher clearances: I accepted a job some years back, as a task and team lead to hire and train up some newbie security types.

For that, they paid me $125K. (I've got nearly 30 years of experience). Then I found out, that some of the sub-contractors I was training were making 137K. Needless to say, after pointing that out to my management, they weren't interested in doing anything about it, in fact, they told me that **MY** cost was stretching them. I left a month or so later. . .

Re:hire me

former raytheon employee here; nobody who know anything about cybersecurity wants to work for them. The RayCERT is a joke. Raytheon has one very young and extremely unqualified person in charge of cybersecurity. How did he get his job? He was born to a Raytheon family. Nepotism rules that organization more than any Japanese Keiretsu or Korean Chaebol. Then you have people who treat computers as "those new fangled dohickies" in charge of IT security. My supervisor considered anybody born after 1959 a millenial. That doesn't even begin to address the turf war between the IT security and industrial security types that leaves a lot of stepping on each other toes in some areas and huge holes in coverage in others. In short, nobody who know anything about Raytheon and cybersecurity wants to work for Raytheon cybersecurity.

Re:hire me

[ebno-10db]

SSDD. Companies that complain the loudest about "not being able to find people" generally pay squat and/or are a miserable place to work. Oddly, the companies that pay decently and are decent places to work have much less of a problem finding qualified people. Glad you found a better job.

Re:hire me

[intermodal]

Creating a "job" doesn't give a company the right to fill that position, especially on the crappy terms a lot of them offer. I'm in a job that I was one of two applicants for, and I'm getting out ASAP. I've been here almost six months and any small amount of confidence I had that I could turn this job into something worth doing is gone.

I'm underpaid in a toxic environment and meet resistance on everything I try to improve, fix, or address. They constantly complain about the low quantity and quality of applicants we get for the operations my department plays a support role for, and wonder why it's hard to keep people around.

I constantly hear about how awful the guy who preceded me was at this job, and I believe it. I was shocked to find that basic support requests were often not addressed for weeks, things that take me five minutes to fix. And that guy was let to stay here for over three years, and left of his own accord. When I leave, they're going to have a very hard time finding someone worth hiring to replace me unless they offer a hell of a lot more than I'm getting.

Re:hire me

Yup, There is no labor shortage, They Just want to hire very cheap foriegn workers. Notice who is publishing the report, a company that wants to hire cheap labor.

Re:hire me

[JMJimmy]

Wow that is a fucking insult and a half. $42k/y? The national average wage in the US is $43k, someone who can program (really program) is rare so add 50%, someone among those who can program who's good enough to hack? add another 50%. Someone who is trust worthy, somehow managed to learn to hack without being arrested/sued/put on some watch list that prevents them from obtaining security clearance, is willing to work for "the man", and has an ivy league education, add another 25-50%. $120,000-$145,000 is what a job with Raytheon should be worth.

Re:hire me

I'm definitely not a millennial, but since Operation Sun Devil in the early 1990s, the *hat types are very hard to come by. My generation had a fear that anyone with "skillz" would be tossed to the wolves when the press found that there was a major security breach. The hacker witch hunts that closed SJG drove the majority of the "scene" underground.

In the late 1990s, companies lost any interest in security, and this has evolved to an attitude of "China can break into anything it well pleases, so why spend money on something with ROI?"

Of course, the perception that anything STEM related gets offsourced to India or China, making a job in any field other than law or finance an exercise in futility has also made millennials on the border choose something else, especially with the adage, "there is no such thing as an unemployed lawyer or CPA" as a mantra.

Finally, there is a general disinterest in security. I've worked at a number of places and ended up putting down a list of tips, but people will react with extreme hostility at any security increase. A mere suggestion of going to 8-10 character passwords would make people scream to corp brass that their company is turning into a police state. Since PHBs believe security has no ROI, there is little to no interest in bothering with something that just causes interruptions in workflow.

So combining the fact that SJG, the disinterest in computer security in general, the belief that the war is lost, and that anyone who is world class will be less successful than a JD who just passed the bar, it is no wonder why millennials have little interest in security.

This can be fixed though. It may take some college grants and maybe even expanding DoD divisions and NIST so there is a better response and prevention in place. Attitudes need changed too. In China, a blackhat working for the PLA is respected as much as the marine who can rip two people's arms off at the same time.

Re:hire me

[Notabadguy]

An E-5 jumping to $60k salary is a nice step up, but was a step down from my officer salary. Both offers were in Washington D.C., where the cost of living is exorbitant.

  I've been out of the industry too long to return, and I should have caveated my OP with the note that I was never a good programmer; I was a good project manager. I still am, just in a different industry.

Re:hire me

[Princeofcups]

I don't know who the fuck made the conclusions but 24% is a friggin big portion.

Oblig. Python:

Host (Michael Palin): Good evening. Tonight 'Spectrum' looks at one of the major problems in the world today - the whole vexed question of what is going on. Is there still time to confront it, let alone solve it, or is it too late? What are the figures, what are the facts, what do people mean when they talk about things? Alexander Hardacre of the Economic Affairs Bureau.
(Cut to equally intense pundit in front of a graph with three different coloured columns with percentages at the top. He talks with great authority)
Hardacre (Graham Chapman): In this graph, this column represents 23% of the population. This column represents 28% of the population, and this column represents 43% of the population.
(Cut back to presenter.)
Host: Telling figures indeed, but what do they mean to you, what do they mean to me, what do they mean to the average man in the street? With me now is Professor Tiddles of Leeds University.
(Pull out to reveal bearded professor sitting next to presenter.)
Host: Professor, you've spent many years researching into things, what do you think?
Professor (John Cleese): I think it's too early to tell.

Re:hire me

[thoth]

No, that's not how it works now (recently).

Somebody pays for that clearance process and it boils down to the hiring company, granted they may reflect that in their rates and the difference between what they charge the customer and pay the employee (rolled up into their nebulous "overhead"). The process is typically a few months, rarely a year.

The way the catch-22 is resolved is you'll be hired as a short-term contractor (~6 mo) and given minor/lower level work while waiting for the clearance. If it doesn't come, the contract ends and you look for something else.

It is just less risk for them to hire somebody with one already - modern corporate America doesn't want the risk and prefers not to invest in their workforce unless they have to - such a person can start earlier.

Re:hire me

[TWiTfan]

The employees are out there but they cannot work for chinese slave labor wages

Doesn't matter. This whole "We can't find enough workers here in the U.S.!" schtick is just a ploy for them to go running to Congress and beg for more H1B visas (like pretty much every other tech company now). They don't give a shit how much American workers are willing to work for, because all they're interested in is importing cheap indentured servants from overseas, with the full blessings of our "representatives" in Congress of course.

Re:hire me

Former Raytheon employee here as well, and I'll second everything the AC said. We often had team leads that were very young and inexperienced, whose only qualifications were that their mother and/or father worked for Raytheon. I did not work in a closed area, but knew many who did, and family connections were considered very helpful for getting the security clearances needed.

I'm not surprised.

[Xenkar]

I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.

Re:I'm not surprised.

[cardpuncher]

Cybersecurity doesn't necessarily mean surveillance. There's a more attractive side, too - you could spend your entire life running change control on a library of hundred-page procedure documents and reviewing firewall logs. Now, what kid could turn down *that* opportunity?

Re: I'm not surprised.

[O('_')O_Bush]

This. What the article doesn't explain is what cyber security usually entails at a defense contractor. I did that kind of work for about a year, and wanted to pull me own fingers off.

It was where they took bright engineers, gave them tedious and excruciatingly boring tasks, burned them out, and replaced them. You'd think cyber security would be somewhat cool, but in reality, it was taking several multi-thousand line spreadsheet checklists, run some scripts, and manually put passes or fails for the things the scripts didn't cover. Do that all day every day for every type of server and every project, repeatedly, till all or almost all checks were passed. And then, do documentation.

I would say that where I worked, the youngest crowd were the only suckers willing to take that work. Everyone else knew better.

Re:I'm not surprised.

[TheRaven64]

Most cybersecurity jobs are in the private sector and don't require security clearance. They're related to ensuring that commercially sensitive information stays private (employees don't wander off with copies, competitors don't hack in, and so on). A lot of it is the same sort of task as the non-cyber variant: checking that the systems you think are secure really are, investigating when they're not, designing policies to make sure that they remain so if they are.

Re:I'm not surprised.

[IndustrialComplex]

I am familiar with IA, I work with it almost all the time, but it isn't my primary function. I'm currently in the market for a job in the SE Pennsylvania region AND I have a clearance. I think you are spot on with what the tasks are.

In SE PA there are a lot of medical companies, and thus their IA concerns relate to keeping their trade secrets secret, and even more importantly, keeping medical records secret. Unfortunately for me, I'd love to work for some of these companies, but damned if it's easy to meet their requirements.

Engineering? Check
IT systems? Rusty on the hands on work, but I mainly work architecture level designs.
Experience with medical systems? Umm no, sorry that's pretty specialized.

It's kind of like the Cheap, Fast, Reliable and other 'tri-feature' You pick two options. I can give you two, but that experience in medical systems always gets me. Unfortunately for a lot of these companies, a lot of the IA experience they ask for comes from the Defense industry, but rarely do we work with medical stuff.

Does everyone have to work in cybersecurity?!?!

I would've thought 24% of young people being interested is pretty good. Especially for a niche job like this.

millenials

[Idimmu+Xul]

such a retarded word

Re:millenials

[Nephandus]

If the label fits...

Re:millenials

[Sockatume]

Referring to them as "young adults" would force people from older generations to engage with the fact that they've aged out of their role as the dominant cultural and economic force. It would tie with the enormous cottage industry in writing editorials about how my generation is going to ruin the planet, at any rate.

Re:millenials

[JaredOfEuropa]

Indeed... Maybe it's just me, but whenever I read it I first think of old people. Centennial = 100 year old person. Millenial = 1000 years old?

Re:millenials

[DoofusOfDeath]

You're thinking of "centenarian". A Cential would be someone born in the year 100. So, about 1,913 years old.

Way older than a Millenial!

Re:millenials

[Sockatume]

The term was coined for people who were going to "come of age" after 2000, so basically anyone born after the early '80s.

Re:millenials

[darkstar949]

Systems that were written largely by members of Generation X and marketed by Baby Boomers. But no, keep thinking that everything is the fault of which ever generation is the youngest.

Re:millenials

[IndustrialComplex]

Systems that were written largely by members of Generation X and marketed by Baby Boomers. But no, keep thinking that everything is the fault of which ever generation is the youngest.

Good point. I always shake my head at articles about how poor the millenial generation turned out. Isn't it the responsibility of the previous generation to guide the new generation? It's not like you are born with a life instruction manual. If there are problem with the current generation, the blame falls squarely on the preceeding generations. This is the world the millenials were born into, and they grew up with the guidance from the existing generations.

Like raising a dog, if it's ill-tempered, look to the owner.

Re:millenials

[IndustrialComplex]

For those of us born in the early 80s, we get to pick and choose the best parts of generation X and the millenials. We are the generation that fell through the cracks as far as media labeling is concerned. It's great!

Media complains about Generation X, we get to poke fun on our 'cloud' access devices.
Media complains about Millenials, we quickly skip to Nirvana in the playlist and scoff at this new generation.

Re:millenials

[Dr.Dubious+DDQ]

"the enormous cottage industry in writing editorials about how my generation is going to ruin the planet, at any rate."

"Industry"? You mean people expect to get paid for that?

This is exactly the kind of spoiled, lazy thinking that has ruined the great culture that my generation left you! In MY day, we considered this sort of thing a civic duty, and we were thankful for the opportunity! You should all be doing this as part of being respectable citizens, not as a chore that you'll only do if someone pays you!

Dang kids...

(So...uh, where exactly is the place that pays for these? Just, you know, out of curiousity...?)

Bulls**t: 24% is a _lot_!

[Terje+Mathisen]

Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.

Terje

Re:Bulls**t: 24% is a _lot_!

[Seumas]

The other 76% want to be Youtube channel millionaires.

Re:Bulls**t: 24% is a _lot_!

[DarkOx]

Right I think that is sorta the problem. We have been spoon fed this idea that boomers are the most entitled generation ever and perhaps at the time they were but I think its the people that experienced childhood in the roaring 90s and their teen years in the early 2000's when it still looked like you could somehow get rich by taking a loss year over year with your online "business".

It may be that besides a few piercings and somewhat questionable taste in music, Gen X and at little past (Late 70's and very early 80's) folks are actually the most grounded in reality.

We have a whole bunch of people that grew up getting a little to much of what they wanted and being told what a special snow flake they are, while being rewarded for failure that now they don't want to work in an industry like IT Sec.

Which has its glamorous moments, actually, but most of the time is thankless drudgery, like all "work".

You should enjoy what you do but not expect to enjoy all of what you do. Its the second part that is lost on so many of these people. Its lost on them that we would not have words like "work" and "task" in our language if we liked doing everything, that has to get done.

Re:Bulls**t: 24% is a _lot_!

[king+neckbeard]

If a parent tells a child they are a special snowflake, it's probably the parent that thinks themselves the snowflake, not the child.

Because Corps are Distusting!

[skaag]

Only large corps really spend money on security... But let's face it, why would a young and promising guy with a bright future ahead of him, work for a disgusting corporation that's full of bureaucracy, politics, and incompetent managers? What's in it for him other than the money which he can probably get elsewhere?

Small companies are not just more fun; your opinions are heard, things move much faster, there's less bureaucracy, and there's usually minimal to no politics. I would gladly shave a chunk of my salary, and work for this type of company, than waste my life in a cubicle in some corporation where I am a very small and insignificant peon.

Re:Because Corps are Distusting!

[ImOuttaHere]

A very surprisingly large number of corporations do NOT spend money on security.

Which is why the FBI surprised over 70 companies a couple years back when the FBI told them their systems had been hacked for the company's intellectual property. The companies in question had _no_ idea they'd been hit. Which is also why the NSA makes a point of touring US-based companies to present corporate execs (primarily in the IT end of things) un-classified reports on the latest security threats (if you don't already know, take a look at the NSA Information Assurance program). Which is why I was laid off because one such company was not going to listen to someone suggesting to them their computer security really sucked and were actually in the process of slashing intellectual property protection and computer security jobs. Again. For the eighth time in four years. So they could use the money "saved" on the salaries of people at my level who were also laid off to "buy" low level grunt "talent" in their China operations. That company's security still sux and remains far too easily hacked, and this is in a sixty year old high tech company that would've known better had they not be bought out by an aggressive "rollup" company to then be run by a bunch of greedy WallStreet-types who extract, literally, $100's of millions of dollars for themselves from the companies they've absorbed and stripped of assets.

So, no, many companies could give a rat's rear about security.

Only large corps really spend money on security...

Re:Because Corps are Distusting!

[DoofusOfDeath]

I've found that having a wife and kids to support made it difficult to forgo the better-paying jobs. YMMV, obviously.

Not just security

[jandersen]

It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.

Having worked in IT for far too many years, I know how it goes: when you hire new employees, you know they aren't going to be up to speed for at least 3 - 6 months. However, these companies are mostly new start-ups, so they think it is like hiring a contractor, and they want their new staff to be up to speed immediately. It's just not going to happen, but until they see sense and learn to plan for the long term, the situation will be that way; lots of jobs that go unfilled, and lots of well qualified people the can't find jobs. And it's not about money, really; these web companies could afford to think ahead and invest in people with good potential - and one could argue that they can't really afford NOT to do so.

On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration. In the old mainframe days you would call them System Programmers, and they would be your most sacred asset. But what the web companies really mean when they say "DevOps" is just a low ranking build engineer, who knows how to use Puppet, Chef or Jenkins and is doing the same, repetitive task over and over, provisioning into the cloud. And they all want somebody who has "at least 5 years experience with the cloud"; has "The Cloud" even existed that long?

Re:Not just security

[InfiniteLoopCounter]

It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.

That doesn't mean you need to fall for these sap stories. It's the companies' own fault if they have incompetant HR or terrible business practises that force people out after short stints. In a free market if it is critical to their business and they stuff it up they should go out of business and good riddens.

On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration.

I have done this dual job before and trust me, the HR types do not care one iota. If it saves money, great -- screw that guy some more. Who really benefits from a burnt out IT guy? The manager that can then claim that they got so much out of Joe that he had to move on to another job does. Many will unfortunately take all the credit for your hard work and you will be left stranded. Never fall for this (in case you are wondering I have not myself, but I have seen it happen).

only 24 percent of millennials have any interest

[Chrisq]

only 24 percent of millennials have any interest in cybersecurity as a career

That is not a lack of interest - it is an enormous interest. Think of when you were in class - if a quarter of the whole class were interested in one career. It is so high that I have difficulty believing it. If you assume that in any class you are going to have a 5% with no academic interest, maybe another 5% who truly want to pursue something non-technical, be it lawyer, politician, professional musician, sportsman, minister of religion, or artist - then I would say that it would be all the non-security related scientific, technical, and computer related industries that should be worried. If that figure were true it would mean that *most* people who are going to want a technical career would be looking at jobs in computer security.

Cyber this, Cyber that....

[rts008]

Or maybe, just MAYBE, they are afraid of being lumped in with the clueless bunch that are brandishing the term 'cyber' for everything, like it was some demented talisman to ward against evil net spirits.

I mean everybody knows that a 'CyberSecurity Specialist' is only a small and mostly accidental step away from a 'CyberBully', or 'CyberTerrorist', or OMG!!! Cyborg!!!

"Why yes, I'm a Terminator for the NSA, DHS, and in my spare time, the FBI and CIA! I'm a hit at all the parties!"

Because it doesn't involve creating anything!

The idea of working on mechanisms to stop other people from doing things seems like such a depressing job, even if the objective is to stop malicious people from doing bad things! The goal is to suppress and defeat the actions of other people who actually lead interesting lives!

Meanwhile, almost every other kind of development job involves creating something visible, something meant to be shared, something constructive, helpful, or fun!

Re:Soon to be obsolete

[mysidia]

Progress is slowly being made in the use of capability based security.

If you think a technology will solve all our security problems, then you don't understand what security is all about.

Securty is a process, not a technology.

Every time you think you've built something idiot-proof; nature comes right in, and delivers you a more idiotic idiot.

Until you can eliminate all humans in organizations; computer security can never be a solved problem.

Because most security problems are caused by humans, AND IT security falls within the broader umbrella of risk management.

You will never own a perfectly secure system. Not now. Not in a thousand years.

It doesn't matter what fancy new capability-based models you come up with; there will always be threats and vulnerabilities.

Re:Soon to be obsolete

[king+neckbeard]

So, you are predicting that Adobe will be out of business in 15-20 years?

Enhancing is better than restricting.

[hooiberg]

I would prefer a job (and I have such a job at the moment) that enables users to do things, that increases their possibilities. Not one to take possibilities away, and to restrict users.

Re:only 24 percent of millennials have any interes

[Hognoxious]

Think of when you were in class - if a quarter of the whole class were interested in one career.

Pretty even split between train drivers and astronauts.

That's the boys, obviously. I have no idea about the girls and they have cooties anyway.

dafuq

[Redmancometh]

Am I missing something? 24% of millenials sounds like a huge number if its not just IT workers polled.

Lies, damn lies, and statistical illiteracy

[taikedz]

From the Raytheon article key figures: "Young men (35 percent) are far more interested than young women (14 percent) in a career in cybersecurity." If that many people are interested in cybersecurity, I'd call that "an overwhelming proportion" of persons being interested in cybersecurity. By that count, that's an enormous population of paranoid technofreaks.

"The survey also found less than one-quarter of young adults aged 18 to 26 believed the career is interesting at all." And how much of the total population gets employed in computer security AS A WHOLE? Less than 0.1% easily. How many other types of jobs, areas of interest and careers are there WITHOUT EVEN leaving the IT world?

The study page even highlights that they didn't target IT graduates. This is from a general, untargeted smattering of 1,000 members of the population. That's not even a proper sample size.

Bad journalism. Bad study report. Bad.

Profit vs. Cost Center

[zoward]

That's because companies view network security as a cost center, rather than a profit center, so they want to spend as little on it as possible. Being a network security specialist is a "reactionary" job - you do everything you can to make the network safe (on the usually meager budget you've given to do so), and then wait for ... something ... to happen, after which you'll be implicityly if not outright blamerd for it. You can also look forward to carrying a pager, possibly 24/7. In order to do the job well you'd probably need a skillset that intersects knowledge of IT, networking and programming. You could be a programmer, which is a profit center for software companies, which means you'd probably be treated and paid better, and not locked into IT, which is a dead end at many companies who see IT as something they begrudgingly have to pay for.

Still, network security sounds sexy, and it probably pays better than mainstream IT - I'm surprised they're having that much trouble finding people to do it.

I also can't help wondering if the world's black hats would pay better for someone with the skillset. After all, for them, network security is a profit center.

Maybe they just don't want to work at Raytheon

[daboochmeister]

Oh, snap!

Re:Lol, Tech.

[Bigbutt]

Meh, grow up. Been doing tech work for over 40 years now. Haven't been replaced yet, but I also keep up on new tech and stay curious. If you get set in your ways and decide that your current skill set will keep you in Doritos and Mountain Dew forever, you _will_ be replaced.

And jeeze, get over the "Obamacare" rhetoric. It just makes you look like a spoiled child who's not getting their way.

[John]

Security is an ungrateful business

[gnasher719]

When your job is security, the best thing that can happen is that you do an excellent job, and the end result is - nothing. That's the whole idea of it. If you do your job right, nothing happens. If you do your job badly, shit happens. Stuff gets stolen, and so on.

So will anyone congratulate you for a job well done? No, they will only see money spent on your salary with zero results. You will look as if the company could do without you. You know better, but the people who might give you a raise don't. And the people who could fire you to safe on salaries and increase profits don't.

You get much better recognition in a job that visibly produces positive results.

Re:Security is an ungrateful business

[Simulant]

And unless you are the rare, true security geek, you will most likely hate your job. The vast majority of government/contract security jobs appear to me to be chasing false positives, editing ACLs & GPOs and then dealing with the unintended consequences of your own command's policy decisions. All in all, tedious, frustrating, and thankless work. I worked in DOD cyber security for few years and would never go back. And that was before Snowden... I can only imagine how horrible it must be now.

What "we can't find people" really means

[dzoey]

Everytime I see an article that says "Industry X can't find enough workers, people just aren't interested," it makes it sound like there's a worker shortage. What is often left out of the uncritical reporting, especially for entry level jobs, is "...can't find enough workers who will work for the amount the company wants to pay them." It's a free market, if you can't find people, you're not paying enough. Now, if it's for a senior position, then there may be a shortage of people, but that means the company has to inve$t in training. Rarely (except maybe during the 90's) is there an actual labor shortage. Just companies not wanting to pay more for labor.

I got one for a $300 job, in a couple of weeks

[raymorris]

A contractor I did gigs for me got me a general security clearance before a job that paid (me) about $300.
As I recall, it was a one page form.