According to a study by Indeed.com, conducted earlier this year, the severe shortage of skilled cybersecurity professionals continues. It’s estimated that a million security jobs are unfilled today, and that’s probably only going to get worse. This comes at a time when organizations are looking to increase their security spending and improve their security posture.
Yet, here is something that doesn’t make sense to me. Plenty of security talent is being developed in colleges and universities across the country. The National Collegiate Cyber Defense Championship held earlier this month highlighted that talent. From an original pool of 230 teams, a group from the University of Maryland, Baltimore County emerged as the winner after a final competition of the top 10 competitors. As CSO reported about the contestants of the cybersecurity event:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
They have spent years honing their cyber skills, and some of the participants have some pretty interesting hacks ranging from an insulin pump and an electric car to a video surveillance camera in a school lab. Still others have hacked a connected avionics system that loads maps onto an airplane, an elevator, a McDonald's router, and even a beer kegerator.
Sounds like maybe the future for that cybersecurity skills gap isn’t so bleak, right? In a landscape where the Internet of Things presents one of the top security threats, having the skills to hack a kegerator could translate well into the real world. But in the press release I got about the event was this disappointing comment: These college students have incredible cyber skills and yet 72 percent of surveyed participants do not have a job/internship lined up for graduation.
This follows the pattern I’ve had in conversations at conferences and in interviews with security professionals. Yes, there is a skills gap, but yes, there is a reluctance to hire recent graduates or bring in interns. However, there is no good explanation for why this reluctance continues to linger, especially as other new graduates in other fields aren’t held to the same kind of experience factors. I do recall an off the record comment by one security pro, who admitted that you have to train new hires for your legacy system anyway, so why not bring them in?
There is some hope for some of the competition’s participants. Raytheon, which sponsored the event, had a front-row view to the skill levels of these students. Raytheon Blackbird Technologies Director Mike Williams told me in an email comment:
Security is highest priority for our company and customers. We are in the process of reviewing resumes and going through the hiring process for many new interns and full-time employees. In fact, we have already hired several new summer interns and full-time employees from the NCCDC program. It’s programs like NCCDC that enable these students to be prepared to meet the security challenges facing government and business today.
Are you hesitating when it comes to hiring recent college graduates to handle your security? I’d love to hear why – and what can colleges do to graduate work-ready security professionals?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba