Posts Tagged ‘Cybersecurity’

According to a career website focused on cybersecurity called CyberSeek, there are currently over 300,000 unfilled cybersecurity jobs in the U.S.  A separate 2017 study forecast a global cybersecurity worker shortage of 1.8 million by 2022.

Current proposals being floated in policy circles these days (according to The Wall Street Journal) focus on two themes: attract more motivated people, and train them faster.

According to the chair of Indiana University’s cybersecurity program, the core issue “is a lack of a focused talent pipeline.” Scott Shackleford of I.U. thus proposes a “Cybersecurity Peace Corps” which he suggests could place workers with nonprofits and other organizations who couldn’t otherwise afford them, and pay their salaries and training.  Unfortunately, Professor Shackleford’s idea would require an act of Congress.  But, he says, it doesn’t have to be a national initiative.  “You could easily see a state taking this on and experimenting” with corporate partners to serve “laudable causes,” he notes.

A former senior Defense Dept. official has similarly proposed a kind of cyber ROTC program, modeled after the Reserve Officer Training Corps long popular on college campuses, in which prospective officers go to college tuition-free to learn cyber skills in return for some years of military service.  With a cyber ROTC, a tuition-free exchange for a few years of service in the public sector could bring in young people who might not otherwise be able to afford an opportunity to gain entry into the world of cybersecurity or computer science jobs.

A bill was introduced in Congress last year that aims to establish tax breaks for employers who develop training in cybersecurity jobs.  Called the New Collar Jobs Act, it could enlarge the workforce by increasing available training by canceling up to $25,000 in college loan debt for those who hold cyber jobs in an “economically distressed area for one year.”

Companies today are increasingly setting up their own training programs, many of which require skills and certifications not taught in college.  The same proposed act would provide tax credits of up to $5,000 per employee to support such private training initiatives, according to Janaki Chadha, a Journal reporter.

No word yet on the status of that bill.  But there are hundreds of thousands of high-tech jobs on the line just waiting for such new economy initiatives to help provide funding for what promises to be a level of investment return that would be many times more than the modest investment required.

Read Full Post »

Thousands of information security jobs are currently going unfilled in the U.S. at such a rapid pace that by the year 2025 it is estimated that the demand for security workers will outstrip the supply by 265,000 jobs, according to consultants at market research firm Frost & Sullivan.  Considering the high pay offered in the field (about $10,000 per month for a data-security analyst), that’s surprising.

Companies in the field are even willing to provide training and educational assistance to people with the right mix of ambition and talent, says John Simons, a reporter for The Wall Street Journal.  Degrees aren’t what are required to get a foot in the door, according to insiders.  What matters more is whether candidates can demonstrate knowledge of computer networks, programming and critical thinking, according to Ryan Sutton, a tech recruiter for Robert Half.  He notes a lack of certified professionals in the field compared to the need out there today.  Oh, and contacts help too.

The Computer Technology Industry Association (CompTIA) has three I.T. security certificates recognized by hiring managers, and it offers a general course on its website for “would-be cybersecurity analysts” that covers some of the basics like network security, compliance, threats and vulnerabilities and the like.  More advanced credentials, worthy of endorsements by the U.S. Dept. of Defense and the NSA include the CISSP, or Certified Information Systems Security Professional.

But certifications aren’t everything.  Job candidates who draw the most attention are those who can demonstrate an ability “to think like malicious hackers” according to Dan Miessler of IOActive Inc. a Seattle-based cybersecurity company.  Instead of making claims of what you can do, show examples of your work online, suggests Miessler.

Many interviewed firms indicated that they include extensive training as part of their offerings.

Of course, while jobs may be plentiful, it still often comes down to who you know.  Anna Friedley is a cyber risk analyst who found her job not because of her degrees in math and later library science or even her master’s degree in high-tech crime investigation.  No, instead she says it came from her love of knitting, where a friend who shared her love of knitting happened to ask her to meet for coffee and mentioned that her office had an opening, and could she come take their test and submit her resume.

Still, the skill set probably didn’t hurt.




Read Full Post »

On more than one occasion we’ve had to help customers who’ve been hacked for ransom to get things as back to normal as we can.  Frankly, that’s not even what we do for a living, but hacking, phishing and general cybersecurity issues are so prevalent these days that none of us can avoid dealing with them at some level.

And for that reason, none of us can afford to ignore them.

Recently, The Wall Street Journal’s Chris Kornelis interviewed Andreas Luning, founder of Germany’s G Data Software, one of the first publishers of an anti-virus software (named Anti-Virus Kit) which Luning’s firm released thirty years ago.  That’s about how long viruses have been an issue.

When Kornelis asked Luning what’s different today, that is to say… “What does the public still not understand about viruses and cybersecurity?”… Luning responded: “The speed.”

He went on to say that “People can’t see or get an awareness of what computers can do in milliseconds.”  He added that if you get a “good computer virus” that tries to steal data or accumulate money… you won’t see this virus on your computer.  They work in the background – no sirens or alarms he notes – and they do everything to keep what they do in the background.  Thus, you have “no chance to see if your computer is affected by something.”

This, from a guy who has been dealing with this stuff since 1987 (the year our own company came to life), and even before there was an internet.  Luning got his first virus, he says, from an Atari gaming disk, and it was a miniscule 400 bytes.  It made itself persistent in memory and eventually copied itself on to all his other disks.  This, he says, “made me feel uncomfortable.”  He and a partner eventually found a way to detect the virus code and as a result, a company was launched.

Back then, Luning notes, the hackers just wanted to see how far they could go, what they could get away with.  They might go so far as to flicker your screen or maybe even start to crash your computer.  Mostly, it was slightly nefarious programmer-hackers just showing off.

However, viruses went from being silly to dangerous in the late 90’s, and there’s been no let-up ever since.  Today, criminal-minded people don’t even need to be hackers any more.  They can just exploit things found on the dark net, and in ready-to-use clickable baits for creating ransomware.  You don’t even need to be technical any more.  Just criminal.

So the next time you consider whether or not to purchase and/or update your anti-virus software, just remember that Andreas Luning has warned you.



Read Full Post »