Spending rises in fight against cybercrime
Companies are increasingly willing to spend money on securing data, but a huge skills gap remains between the security analysts that companies need and those they can actually hire.
“In the United States right now, there are 200,000 unfilled cybersecurity jobs, and (the Bureau of Labor Statistics) is saying there will be 2 million by 2020, so you’ve got a real workforce gap,” said Bruce Spector, who is chairman of a groundbreaking cyber training facility in Baltimore, the Baltimore Cyber Range.
The cybersecurity industry is not only growing in response to a growth in crime, but every industry, from hospitals to home heating, is becoming automated at such a rapid pace that analysts cannot get trained and experienced people fast enough to keep up with the need to protect all the network-connected devices and information.
As evidence that companies are beginning to take cybersecurity seriously, Forbes magazine reported worldwide cybersecurity spending is expected to rise from $75 billion in 2015 to $170 billion in 2020.
Michael Hass, the faculty and accreditation coordinator at the Oklahoma State University Institute of Technology’s School of Information Technology, said every year he sees firsthand the high demand for security analysts in his cybersecurity program. Hass said he used to advise students not to expect to get even an entry-level position right out of college, but he said now the students are being snapped up by companies before they can even finish their degrees.
“The vast majority of the students are hired into an entry-level cybersecurity position during their final semester at OSUIT,” Hass said.
But while companies are eager, perhaps even desperate, to fill those positions, Spector said there is no replacement for experience and continual training.
“They need about five or six years of experience,” Spector said. “You just can’t grow these people. You have to nurture them, and you have to take your time.”
And that’s exactly what Spector is doing at his cyber range, a facility that was the brainchild of Maryland Gov. Larry Hogan and partially funded by a state grant.
Spector said everybody from aspiring analysts to fairly experienced analysts could improve their skills and training at the range in a system of modules that gradually escalate in skill and experience level.
While there are a few other cyber-training facilities in the U.S., Spector said the Baltimore range is unique in combining a catalogued library of actual, previous cyberattacks with a secure network system simulator, where trainees can watch the attacks play out in real time and learn how to respond. Spector said the range trains security personnel for private companies, but also works with government agencies like the National Security Agency.
But no matter how quickly these cyber facilities work to train well-trained security analysts, it will never be enough to meet the need, Spector said. He believes more private and public partnerships are needed to create the opportunities and the funding for more training facilities.
Spector said other creative solutions must be proposed to meet the demands of the industry’s uncontrolled growth, and while those solutions have yet to be imagined, the future is looking very bright for every tech geek in the world.