Topic: Cybersecurity workers shortage in USA (Read 317 times)

With this, it has been answered in Australia when we want a job that must be prepared is expertise because I think this is very good because education only teaches theory, apart from that I think skills and competencies must still be done independently. and I think this is quite good considering for now especially in my country to get a degree in education can be bought with money without the need for us to study and the results even with an MBA even though the skills and competencies are even zero and nothing at all. but with different skills. because there are some people who have high skills in doing something in the IT field they are not too concerned with degrees but this is what attracts them

The other issue is that a lot of the smaller businesses that want cybersecurity pay poorly. So there is a lot of movement between jobs. Some people who can't find a better job in the field leave, and as the need grows it becomes harder to find them. I have seen too many places that want a good but not great cybersecurity person but are only willing to pay $65,000 in a major city. Sorry, not going to happen.

So the jobs go unfilled. Then someone else sees that Business "X" is looking for someone and only paying $65,000 so they advertise their position at the same rate...and wonder why they can't find someone.

Not you can't afford to live on wages, but far enough below where they should be that it's not worth it for a lot of people to even bother looking at the position.

-Dave

I have worked in many tech companies and I can tell you that knowing how to code is actually a minus in many of them, now I know it sounds very very weird, why would they want to hire a bad coder over a good coder if they are a tech company right? Well, it is simply because if you are a great coder, then you will leave soon, because it all depends on one of your projects that you develop in your free time to get accepted, and as soon as it is accepted then you will leave and make money from that.

Everyone is making mobile apps, websites, projects and what not. However, if you are a smart person who can barely code, they can teach you that and let you learn only the amount you need to and that’s about it, there is nothing else they will teach you, only the part you need to know for that position, which will keep you there longer. So, it is not a shock to hire non-coders to a coding position if they know just a tiny bit.

In the digital age, cyber attack is common. This could even be where war should just happen instead of sending nukes. Cybersecurity is as much important as protecting lives. US had been attacked many times the most recent was the oil pipeline.

It could be avoided if they encourage geeks to be geeks not getting bullied in school instead. An ECE engineering can still be honed to become penetration expert if given the motivation.

Teens today are more inclined to become tiktoker influencer than having a real career.  Parents today doesnt have high expectation for thier kids anymore.

True, as long as you have a background in Information Technology, like a programmer or data base admin, the company can retool you and give you the proper training in order to be a cyber security analyst/expert.

Speaking of Australia, they are one country that really take cyber security very seriously, regardless of private companies being attack or government agencies, they are very quick to response to any situation.

It's not they don't understand, it's because they don't like spending on IT too much, companies are notorious for cutting costs when it comes to stuff like their security especially if they are exploiting the people that they're hiring. But so far, these mentality of cutting costs for IT is waning because people have seen how devastating a compromise is in their IT infrastructure.

I love Australia so much but I can't live with spiders
My friend is a cybersecurity specialist in Australia and she has told me that in IT sectors, sometimes they don't care much about your educational background and what matters the most is your working experience and I would say that it's true at some point. I have often seen people finishing MBA working as a fullstack developers, I have even seen one as a DevOps engineer in one bank after finishing an intense Bootcamp and learning course.

Just saw in one LinkedIn job offer section that the requirements for cybersecurity analyst was - A qualification or equivalent work experience in Information Technology.

This is a good suggestion to leave this kind of challenges. Shortage of cyber security workers and experts because cyber crime is on the rise. There are many things that any government (not only the US country) can do to solve the problem just the way you have suggested. Encouraging young people in such career is one way to it and encouragement is not only by speaking it or announcing it public but to also create incentives to make it more attractive and lucrative. They can make the career easier to access, the study and scholarship too to be stressless and creating pension benefit for those that will work to retirement. They are many other incentives to be created to encourage people into it.

In the face of many challenges technology has helped most in the normal life. It is also said that technology will affect people's personal and professional lives in a new way in the future as the use of technology grows and grows so does cyber security the trend of grabbing money to get various traps online has increased all over the world. Even in developed countries like the united states and the united kingdom such frauds are happening all the time That's why the united states and other countries around the world have stepped up their cyber security.

Michael Crichton, the author of Jurassic Park, is famous for publicizing the statistic of the united states having 25% of all the lawyers in the entire world. Most americans want to be a lawyer making $100,000+ year. There isn't the interest in science and engineering fields, that countries like japan enjoy.

IT security, at a high level, is notorious for being a difficult sector to work in. Vulnerabilities and exploits arise and are patched. The landscape is constantly shifting and evolving. There are always new skills and knowledge to be absorbed to stay current and relevant. Its not like being a doctor or lawyer where many can stop learning once they get their degree.

Cybersecurity can also be very tedious and have a high burn out rate. Humans aren't well adapted to staring at screens for 12 to 30 hours a day. Poring over code and documentation. As is sometimes demanded by IT security fields.

I think that the need for cyber experts has seen a significant surge in the past couple of years, especially with the many attacks that have been happening in many companies, and on the other hand you have less people graduating or having a degree in it due to it not being not so popular before these couple of years and most of the ones that have work in another field because the cybersecurity is not a busy job, so i guess this demand will create more incentive for student to roll it or study it.

I think the USA and a lot of other countries are lacking skilled IT Security specialists that can compete with Russian and Chinese hackers. The threat is there, because with Solarwind, the US pointed to Russian hackers that infiltrated a security company and then government departments. (It was embedded in a Solarwind upgrade, after they reverse engineered the exploit)

The only way to neutralize these threats are to hire "White hat" hackers to train security experts in the counter measures to neutralize these hacks. 

At least in my country the acquisitions made for a hospital, for example, are made by politicians, economists and doctors. Take a wild guess, are they vulnerable?
I guess that this goes on in many companies, countries, fields. Although we're in a tech dependent world, many don't understand that fully; and some of those are the people who make the decisions, buy equipment, hire personnel.
The real world is not as smart as we'd like to believe.

In this fast paced and technology dependent world? Nobody asks for this specialists when their data security is tied to the prosperity of their company? I don't think that that's the case because if there's a lack in demand, there's should be reports regarding the negligence of the company when it comes to their cyber and data security.

I think the reason why cybersecurity workers shortage is happening are:

1. The degree and certification in cybersecurity are expensive.[
Maybe why there are only a limited of people in this industry is because the majority who are passionate to pursue this kind of career cannot afford it. Maybe the tuition fee for college is too much that they don't have enough money to pay for it. Hence, they would just look for another degree that is cheaper compared to what they like the most. If the college tuition is expensive, I think the certification would be of the same level as well. This will really drive away possible workers because they are discouraged by the financial barriers, to begin with.

2. Experience is usually needed before a company accepts and hires you.
If this will be the requirement to almost every company that is existing, I bet there would really be a shortage. Imagine finding a fresh graduate an existing job experience, it's absurd, right? I mean, if they would ask for seminars, training, and extracurricular, it would be fine, just not the job experience for like 5 years.

3. Maybe the cybersecurity workers already migrated to other countries.
This is self-explanatory. If the graduates will fly over different countries, the companies will really have no options to choose from. They will need to hire outsiders that are fit for the job. Otherwise, their company's security would be at big risk. They will be prone to hacking and ransonware attacks like what you have mentioned.

It seems like issues that has to do with cyber security got worst ever since this pandemic, cause I was steady seeing news about companies that were being attacked by hackers. I am not too sure about what you have said here about cyber security workers shortage. I believe there are many of them out there, it is up to the companies to look for them and pay them properly and also provide them with every necessary equipment that they will be needing for their job.

It is very important for every companies to put more effort in insuring that they have the best security on their platform. Any company that doesn’t invest more in security is making a big mistake, because if they end up getting attacked they are going to be losing a lot of money due to that.

There are hopefuls that are going into cybersec but it's just that some of employers aren't giving that much attention to their regularization and only going with freelancers. This is happening for some of the companies but there is no problem with those big companies that gives value to their security and that's why it's one of the highest paid job in the world even if you're just in the middle position.
Those that are still young and reading this topic and already in the IT field, you might want to get certified with cybersecurity certificates.

With advancements in technology the load of cyber security experts is also increasing and they have to learn new skills these days to combat any type of hack day DoS attack or phissing attack and they need to be concentrated on their work.The companies in US will try to hire only the experts in this field who have past experience and have specialised skills needed for that job along with certification as there is not any entry level competition for it and they require experience software engineer for this work.So you need to have college degrees first of all and work as intern for some months and then work with some big company and then you will be hired with these so clef companies with average salary of $80-$90k.So it's better to learn all those stuff and have problems solving mind to tackle with any kind of hack and work in better security protocols.I know a teen who setup his own company for cyber security and have huge client base at this time running million dollars business so it's upon you whether you want to be employee or hire them.

The question is not simple. On the one hand, systems and software systems are constantly becoming more complex, along with the growth of functionality. On the other hand, the more complex the system, the more points of failure it has, and in software it is highly likely a "hole" that can make the system work in an undocumented way. And there is a third party - people who are interested in implementing "backdoors" and have access to the development of corporate systems - these can be ordinary line developers, administrative personnel with the necessary powers.
At the same time, one must understand that it is much easier to create a destructive solution than to create and create complex complexes. Building a computer is difficult, making a hammer that can easily destroy a computer is very simple. Therefore, it is extremely difficult to "catch" such deliberate actions. And the logical continuation of this - it requires much more resources and time. Moreover, this process will always be a "catch-up game". Option - to introduce extremely harsh punishments for technological crimes, and special control over software developed for the public sector and critical segments of the economy.

I think this should be a big opportunity for IT specialist to venture into cybersecurity get certified and then get employed to help curb the situation on ground. It's in cases as this that people decide to switch occupation to fit into the present need of the society, provide solutions and add relevance to their own existence so the can boast of how the contributed in making an economy what it is

The vulnerability that cybersecurity has shown in the USA is remarkable in just so far this year they have had several computer attacks on government and business targets.
Among the highlights, the Colonial Pipeline cyberattack that transports gasoline and other fuels daily from Texas to the port of New York.
Following these incidents, the Joe Biden administration has assigned special attention to strengthening cybersecurity.
Recently, the Secretary of Homeland Security Alejandro N. Mayorkas highlighted the initiative of the largest hiring of 300 cybersecurity professionals, increasing the offer to 500.

That's bad on the side of those good freelancers, but as long as they've got a contract, I guess that would be fine for them.
They won't be hired if they haven't shown any familiarity and skills to their employer. I'm sure that most employers are doing tests and assessment before approving someone to work for them.

I believe that is not just because people are working with papers and pens type of situation, but also because people are not getting paid enough. When you are a hacker/scammer you could make so much money that whatever is offered for being white hat is nowhere near enough. Why would I learn skills that would make me a millionaire very easily and then use that for 90k a year career? I understand that many people expect the "because it is right thing to do" answer to be enough but believe me if those people were people who just did what is right thing to do they wouldn't learn those skills to begin with.

Basically you are trying to hire hackers to help you fight against other hackers, that is not cheap and will take money. On top of that culture is different, in China those people are in millions, in USA it is not seen as a good job, even a game developer who makes half of that salary still prefers it.

It is a problem, but it's unrelated to the topic. As I said, the problem usually is that nobody asks for such specialists.

And I've seen in many countries the "immigrants take out jobs" play. It's usually sang by people too under-qualified for the jobs "taken from them" or too lazy to do lower jobs for lower pay. I don't think that any smart manager would care about that.

Yes it can apply to many countries but if you look at it, most countries look up to or have USA as their standard so what happens there is just basically copied by other countries. I don't think that it's not a problem, remember that immigrants are being a target of prejudiced towards this people because they think that they're taking every jobs out there. I still think that the next generation is much dumber because no form of critical thinking is being employed.

I don't think that they will stop doing outsourcing anytime soon, remember that it's of value to them that they don't pay this people like a regular workers. So that's an unlikely to happen anytime soon. I don't expect black heart businessmen suddenly doing the taboo for them.
But their skills should outweigh the attacks that they did and it's not like they can get this jobs, remember that some of them aren't even college graduates which is the requirement for some of the businesses to accept new employees.

I think that you've got it wrong. This "the top 1 is to become a YouTuber" can apply to many countries. Also the average quality of students may be declining in many countries (maybe also in US).
Still I doubt that all this can make the average look better or worse in US. And it's not related to the topic, since, if there would have been willingness to hire such experts, they could have been found, whether American or not, whether from inside the borders or not. Today that is by far not a problem.

Probably the reason could be that there's not a lot of smart people in USA, most people that have a really academics and technology inclinations are immigrants like Asians, European or even Africans. Look at what some of the dreams of kids in USA wants, I think the top 1 is to become a YouTuber which isn't bad but it doesn't contribute a lot to society. USA is a cultural melting pot of the world, I think that the shortage can easily be solved, it just takes a lot of time.

With the right industry-grade certifications, these same people can be hired as cybersecurity experts. Sure enough these people wouldn’t pass the certifications if they do not have the knowledge. Then again, you’re right, most firms hire people for the sake of having enough manpower to show off, but not actually up to the task due to lack of experience, knowledge, and skills. I don’t even get it why some firms continue to hire people with qualifications way below the industry stabdards. It’s a waste of money, and it will never work even on cybersecurity threats that are not that severe.

Amidst the age of technology where security is more important than ever. Could possibly be caused by the pandemic but then again coding and programming are among the jobs and crafts that an expert can partake even in the absence of office space. Outsourcing is also a possible move. Seems to me that companies are just becoming more complacent and is downplaying the ability of hackers and scammers to destroy their company's image that of course will catch up to them in the future. This is a case of "They can be trained anyway, so an appropriate degree is optional" which is very laughable. If you'd hire someone capable and in line with the job offer employers wouldn't have to pay so much to train these people which I presume is already significant. Goes to show how competent people are not only needed in the government but of course in private sectors where we entrust most of our daily activities with.

Yeah, there really are companies that want to outsource talents but not to completely hire them but I'm sure that there are good employers that sees the talent of those freelancers if they're going to take care of them.
Maybe it's because that the violation and damage they've done cost a lot and that's why they don't want to hire them. But such talents are wasted if they've used it in a bad manner instead of looking for an opportunity that will cultivate that talent.

As for the US and its policies on the matter, I can only say that they pay more attention to the raw military force that they recruit very easily from poor and destroyed cities across the country. It is an army that is important to them, because they like to show their muscles, and some kind of war in the cyber world is fought by some geeks and nerds anyway. Therefore, it is not a question of whether or not they can produce enough staff for such jobs, but the key question is why it is not their priority.


The EU is even more clumsy on this issue, but this is because some countries still rely too much on US assistance and set aside less than the minimum for such costs - so it is obvious that they do not consider such threats too serious, which is not surprising given that most EU member states do not even have a serious army that could respond to a threat. 

In the midst of the Russian aggression on Ukraine, a military analyst wrote that Russian military forces would have reached Berlin sooner than in 1945.

This is right. I've seen cybersecurity workers sharing their journey. It was a long process and would take a lot of time and effort.
Certification is also needed; you have to be knowledgeable about the computer networking processes and programming.
I have a huge interest in this career and took some tests to get a certification, but it's not easy. Modules are too technical, and most of the terms are not easy to identify. A computer science graduate like me can't even process the contents of the books. Professionals with experience would comprehend it easier. This career is for the professionals and skillful. It might also be the reason for the workers' scarcity.

Same thing here in Australia.

I've seen LinkedIn ads here hiring for cybersecurity professionals and apparently people could get in with a Bachelor of Arts or a Bachelor of Media Communications. Makes absolutely no sense.

Is this even worthwhile if you are hiring unqualified people imo? Sure, on paper you may seem like an absolute gem of a firm for having 50 staff on hand for cybersecurity related matters, but when you realise that 45 of them had studied English literature and haven't the slightest clue what they're doing, it's a lot less impressive (especially when they're getting paid big time!).

Maybe if there's less racism and forced diversity and culture of impunity in USA, I am pretty sure that we will be seeing a lot of changes in many sectors in the region, the continuous idiocracy and divide among races is what makes it bad that there's not a lot of new generation for each industry. Remember that the kid that got killed because of racism might've been a cyber security expert for all we know but no, racisim is rampant in the country which is pretty bad.

The numbers should be increased since we know that technology has evolved a lot on very quick times that means we also should increase the security by hiring people who are experts in it but the system has a barrier, nowadays lot of such experts learnt all these things by themselves so they don't have any certification of qualification to become a professional even though they are experts in it. I guess every big companies starts to acknowledge that and recruiting people based on the skills not based on their degree so it may take time to fulfill the required spots.

Not to mention that most people who deal with cyber security is that some of them are freelancers or they are acquired by cyber security companies. Another problem is that hackers who get caught aren't converted into a cyber security because they want to get convicted more than usage. Israel is really good with their digital warfare, I think they sponsor a lot of schools there that has to do with cyberspace.

Actually there are a lot of folks that are experts in cyber space but there's just lack of spread about this. It's one of the most promising industries that I've been seeing in the IT field but it seems that because of the newest technology emergence, there's just lack of exposure to it. The government has to step on it and encourage the younger ones to look at this career. AFAIK, in other countries like Israel, they've invested a lot on this and they're known to be one of the best countries in the cyber security space.

This is never going to happen, the pricing for the exams is not controlled by the hiring company or country, it's set by organizations distributing the exam such as CompTIA. They're not going to lower prices simply because of a bunch of high-profile ransom attacks, because there's thousands of them happening every month.

Being the world's most extraordinary countries they are the target of literally everyone. Therefore these countries have to make sure that they are able to not only protect their country from cyber attacks but at the same time set an example for others.


A valid point.
This is a big part of the probelm with the countries who are developed. But they are also the one's who can afford to lower the fee. Therefore it is not only important to address this issue but also make sure that they implement such things in every quarter. As you already know USMLE costs 1000's of dollars and therefore it doesn't just burden students but also they are less likely to discover talented people from humble background.

So I feel that :
1. They need to reduce the fee
2. Give better benefits
3. Provide seperate healthcare services at the time of the COVID specially.

..

Hopefully they will address this issue before it's too late.

First of all, you're not going to be hired as a security researcher in any US or EU company without a certification, and there's at least 10 of them, each company having it's own requirements on which certification is necessary, and then the test itself is freaking expensive e.g. Security+ exam costs $340 - this is to take it not just to get the certificate. And this all contributes to people's reluctance to go down that career path because of the huge down payment needed when they haven't even secured a job yet.

And the learning material for the test is even more expensive. On Pluralsight you can pay about $200 and get access to training material for all that for a whole year, better than all the books and material bundles that go around for several hundred $$$, but you still have the issue of paying to take the test itself.

Years ago, governments of the world began offering cash bounties for zero day (undocumented) exploits. A hacker that spent 6 months reverse engineering code might be paid $200,000 for a previously unknown windows exploit. The vulnerability would never be officially reported or patched. Leaving everyone vulnerable. Over the course of many years, nations stockpiled many such exploits as weapons. In something resembling a cyberspace version of the nuclear arms race.

Some of these zero day weapons leaked or were stolen by rogue actors. Eventually finding their way into the hands of the public. Some of the CIA's hacking tools were claimed to be leaked under wikileaks vault7 release. Long story short, there is a big market for undocumented zero day exploits which are unknown and have not been patched. Being patched up to date isn't enough to achieve true opsec (operational security). And hasn't been for a very long time. Its a bitter pill to swallow but as far as I know there aren't any real options or alternatives. Aside from perhaps using hardened OS/software. Which isn't something I know a whole lot about.

I think that's - by large - also caused by "inertia" and lack of knowledge. Too many big institutions don't understand computers, they would still prefer to work with papers and don't understand why this had to change and now they can also show that they were right.

On the same page, many of these institutions will think that paying some proper networking and security engineers is an overkill/unnecessary expense (and it usually is, until *that* happens to *them*).
The users are also careless at best, combining work e-mails with personal, send out "funny clips" to co-workers and so on.

The operating system also, instead of helping users understand file extensions so the user doesn't just "run" any random file, whether it's a worksheet, a movie or an exe, it hides the extension to people stay in oblivion.


Interestingly nowadays there are Linux distros that are as user friendly as Windows for the basic user and they could be used safer. But somebody should know about this when the acquisitions are made. Acquisitions also made by people with no knowledge in IT.

Recent news in various outlets are pointing out to companies in the US that have been victims of ransomware and other attacks not being able to get the help they need to get back on-line. Particularly, hacks that infect software companies that then spread the threats to other companies (as the recent Solarwinds which affected a number of major software providers). In my view, the equivalent to this is to be outnumbered by an enemy army - loosing a war because you do not have enough qualified soldiers.

https://searchsecurity.techtarget.com/news/252494362/10-of-the-biggest-cyber-attacks

Europe & USA are not taking this seriously enough and are not regulating strongly enough the requirements. You may argue that these are private companies, but the fact is that they have an effect on the system creating a "call effect" to further attacks and creating caos in the economy.