Digital-security talent isn’t always at the job fair

When we think “cyberattack,” most of us probably envision some combination of Hollywood-quality computer set-ups, deft hacking maneuvers and complex coding methods. The reality is much simpler – and starker.

Unfortunately many of the cyber challenges we faced when I served as the Republican leader on the House Subcommittee on Communications, Technology and the Internet and chaired the Subcommittee on Commerce, Manufacturing and Trade remain today. A good portion of the large-scale cyberattacks that have made the news recently have been relatively unsophisticated, according to Dr. Stephen D. Gatz, chief security and privacy officer at data integration and management firm Cognosante. Gatz was one of several dozen digital-security, technology and education professionals who spoke at the National STEM Forum on Security Risks and Emerging Workforce Solutions conference at the National Press Club earlier this month. The event was hosted by the Apollo Education Group, the University of Phoenix and STEMconnector.

One recent attack that made the news was carried out primarily through username-and-password hacking, Gatz told the audience. There was no monitoring system in place to flag the information gathering being done by the hackers, who were rooting around sensitive online records using the login name of an employee.

One of the fallacies in common understanding of digital security is that cyberattacks can be prevented. They cannot be, said Derrick Nixon, senior director of security solutions for Honeywell Technology Solutions Inc. “We’re going to get there eventually but right now it’s not a question of if” a company’s system will be hacked, Nixon said. “It’s when.” He said the current goal is keeping systems operational during those compromises.

Perhaps more troubling than these attacks, though, is the national shortage of ‘human capital’ qualified to catch them. One of the problems? Many of the entities (government and private-sector alike) in need of such individuals aren’t looking in the right places. Oftentimes those capable of making end-runs around would-be hackers don’t have undergraduate degrees, let alone graduate diplomas, and they generally aren’t submitting their résumés online. In fact, a good number of them are likely already working – as malicious attackers.

We have to appeal to these people “to act, to come on the good side and help us defend against the bad actors of the world,” Nixon said.

The good news is that lately some have. In the past few years, digital-security companies have brought hundreds of ex-hackers and cyber spies onto their payrolls, according to an April 14 BloombergBusiness piece by Jordan Robertson. The not-so-good news: We need about 300,000 more such people, Jeff Snyder, Raytheon’s vice president of cyber programs said at the event.

Here are a few longer-term strategies for corporate and public America to fill those vacancies:

  • Think outside the job fair. Colleges and job fairs not netting your company the talent you’re looking for? Think outside the box. Worldwide, annual hacker conventions (think Defcon and Black Hat), gaming sites and how-to pages could all be fertile territory for the firm looking to fill a cybersecurity position.
  • Start early. Forget colleges. “You have to get into elementary schools to make sure they have a basic understanding” of computer science and digital technology, said Cynthia V. Anderson, chief operations officer for the U.S. Department of Energy’s Office of Environmental Management. Honeywell does a lot of school outreach, much of it starting at the middle school level, Nixon said.
  • Search wide. Engage with schools and students in low-income areas, Anderson said. Oftentimes “they have the skills – they just need the resources,” she said.

But all is not lost when it comes to protecting our valuable information online – or hiring those who can protect it. I’ve done extensive work in these areas in the past decade, and I’ve seen some positive movement in recent years. More and more accredited colleges are offering degrees in cyber-security-related disciplines, and states are taking similar steps. Virginia, for example, is in the midst of expanding the number of schools it certifies to provide cyber-security programs. And perhaps most importantly, we have the capability.

If we “make it interesting,” even elementary-school-age kids will get the STEM ‘bug,’ Anderson said, citing the high levels of technological proficiency she has seen firsthand among youngsters. “These kids [today] are smart,” she said. “They get it.” 
stearns_cliff_fl
Cliff Stearns

Cliff Stearns is an executive director based in APCO Worldwide’s Washington, D.C., office and serves as a member of APCO’s International Advisory Council. He is a former U.S. congressman for Florida’s 6th district. Read More