There is heightened awareness within the business community regarding vulnerabilities related to cyber threats and the financial repercussions of breaches, data loss and cyber attacks. In fact, according to a recent Ponemon Institute survey, a majority of respondents indicated that cybersecurity risks rank higher in terms of business risks than natural disasters. However, there is a worrisome lack of interest in the IT security profession among young adults.
The Jobs are There. Where are the Skilled Workers… and Investment in Security?
According to a recent jobs report, of 1,000 adults ages 18-26 surveyed, only 24 percent expressed interest in a cybersecurity career. In comparison, 32 percent are interested in being an app designer/ developer. Additionally, 82 percent said that their high school counselor never mentioned the possibility of a career in cybersecurity.
A low level of interest in the profession could create security concerns, especially when the IT skills gap continues to widen for organizations.
Young adults’ attitudes are reflective of a larger issue—an overall lack of investment in security. While security professionals remain highly in demand, investment in security continues to lag. The security field is still relatively young and continues to evolve. Many companies consider security a function of IT. As a result, security projects and concerns are competing against business- and revenue-driven initiatives. The latter, which may be considered more “sexy,” typically receive the bulk of financial resources.
University Curriculum and Government Support
At colleges and universities, cybersecurity is also competing against more flashy fields like communications and education.
Jessica Bair, who develops the cybersecurity curriculum for our Guidance Software training division, notes, “Entertainment and apps have a prominent place in young people’s lives and are considered ‘cool.’”
However, she believes that if students gain more exposure to the IT security profession, their perceptions may change. For example, she notes, salaries for cybersecurity professionals tend to be higher than jobs requiring the same level of training and education, and there is greater pay equity between men and women. There is also a higher level of job security in the industry due to staffing demands.
“If a young person has the opportunity to learn more about how cybersecurity professionals are protecting important data from bad people, their interest may be piqued resulting in them envisioning cyber defense as a potential career path,” Bair said.
The good news is that more universities are offering programs focused on cybersecurity, and the government is publicly and financially supporting such programs. Dozens of colleges and universities, including Carnegie Mellon University, Purdue University and Syracuse University, are National Centers of Academic Excellence in Information Architecture (IA) education and research. The NSA and the Department of Homeland Security jointly sponsor the program with the goal of reducing vulnerability in the country’s national information structure by promoting higher education and research in Information Architecture.
The Wall Street Journal recently noted: “The White House has called for ‘a national strategy, similar to the effort to upgrade science and mathematics education in the 1950s,’ to meet the challenge of turning out qualified graduates to fill cybersecurity jobs.”
EnCase Academic Program
Similar efforts are happening at the corporate level. At Guidance Software, we’re committed to working closely with colleges and universities that offer forensics programs. For example, we offer online courses on digital investigation to offer practical skills training in those institutions through our EnCase Academic Program.
It’s critical that leading industry organizations and security professionals work closely with bright minds at our educational institutions to help increase the profession’s visibility and raise awareness about the exciting challenges and critical importance of the cybersecurity profession. By reaching students before they graduate, we can engage with future security professionals, ensuring that organizations will have the talent they need to address cyber threats today and in the future.
The current generation is wired for technology and should be more attuned to the security implications of their cyber activities for their own safety. And, once students learn about risks and ethical hacking, they may think fighting cyber attacks is more exciting than creating the latest iPhone app.