First of all, you're not going to be hired as a security researcher in any US or EU company without a certification, and there's at least 10 of them, each company having it's own requirements on which certification is necessary, and then the test itself is freaking expensive e.g. Security+ exam costs $340 - this is to take it not just to get the certificate. And this all contributes to people's reluctance to go down that career path because of the huge down payment needed when they haven't even secured a job yet.
And the learning material for the test is even more expensive. On Pluralsight you can pay about $200 and get access to training material for all that for a whole year, better than all the books and material bundles that go around for several hundred $$$, but you still have the issue of paying to take the test itself.
Topic: Cybersecurity workers shortage in USA - page 3. (Read 315 times)
Years ago, governments of the world began offering cash bounties for zero day (undocumented) exploits. A hacker that spent 6 months reverse engineering code might be paid $200,000 for a previously unknown windows exploit. The vulnerability would never be officially reported or patched. Leaving everyone vulnerable. Over the course of many years, nations stockpiled many such exploits as weapons. In something resembling a cyberspace version of the nuclear arms race.
Some of these zero day weapons leaked or were stolen by rogue actors. Eventually finding their way into the hands of the public. Some of the CIA's hacking tools were claimed to be leaked under wikileaks vault7 release. Long story short, there is a big market for undocumented zero day exploits which are unknown and have not been patched. Being patched up to date isn't enough to achieve true opsec (operational security). And hasn't been for a very long time. Its a bitter pill to swallow but as far as I know there aren't any real options or alternatives. Aside from perhaps using hardened OS/software. Which isn't something I know a whole lot about.
Some of these zero day weapons leaked or were stolen by rogue actors. Eventually finding their way into the hands of the public. Some of the CIA's hacking tools were claimed to be leaked under wikileaks vault7 release. Long story short, there is a big market for undocumented zero day exploits which are unknown and have not been patched. Being patched up to date isn't enough to achieve true opsec (operational security). And hasn't been for a very long time. Its a bitter pill to swallow but as far as I know there aren't any real options or alternatives. Aside from perhaps using hardened OS/software. Which isn't something I know a whole lot about.
Europe & USA are not taking this seriously enough
I think that's - by large - also caused by "inertia" and lack of knowledge. Too many big institutions don't understand computers, they would still prefer to work with papers and don't understand why this had to change and now they can also show that they were right.
On the same page, many of these institutions will think that paying some proper networking and security engineers is an overkill/unnecessary expense (and it usually is, until *that* happens to *them*).
The users are also careless at best, combining work e-mails with personal, send out "funny clips" to co-workers and so on.
The operating system also, instead of helping users understand file extensions so the user doesn't just "run" any random file, whether it's a worksheet, a movie or an exe, it hides the extension to people stay in oblivion.
Interestingly nowadays there are Linux distros that are as user friendly as Windows for the basic user and they could be used safer. But somebody should know about this when the acquisitions are made. Acquisitions also made by people with no knowledge in IT.
Recent news in various outlets are pointing out to companies in the US that have been victims of ransomware and other attacks not being able to get the help they need to get back on-line. Particularly, hacks that infect software companies that then spread the threats to other companies (as the recent Solarwinds which affected a number of major software providers). In my view, the equivalent to this is to be outnumbered by an enemy army - loosing a war because you do not have enough qualified soldiers.
https://searchsecurity.techtarget.com/news/252494362/10-of-the-biggest-cyber-attacks
Europe & USA are not taking this seriously enough and are not regulating strongly enough the requirements. You may argue that these are private companies, but the fact is that they have an effect on the system creating a "call effect" to further attacks and creating caos in the economy.
https://searchsecurity.techtarget.com/news/252494362/10-of-the-biggest-cyber-attacks
Europe & USA are not taking this seriously enough and are not regulating strongly enough the requirements. You may argue that these are private companies, but the fact is that they have an effect on the system creating a "call effect" to further attacks and creating caos in the economy.
Jump to: