Getty Images
Computer Science

Cybersecurity: An exploding job market that will protect our future

A look into how cybersecurity is being addressed through new programs and job opportunities

As you walk to meet a friend for dinner, a fitness tracker measures your moves, uploading personal data about each step along the way.

You forgot your wallet, but you don’t think twice.

With the tap of a button, you reimburse your friend through a peer-to-peer payment website, which links to your savings account.

For a lift home, you use a ridesharing app, which – thanks to information you’ve provided – knows exactly where you live.

“We want everything to be interconnected. We want to be able to do everything from our iPhones and tablets,” said Michel Cukier, director for the Advanced Cybersecurity Experience for Students (ACES) at the University of Maryland, College Park. “That adds another level of risk.”

Launched in 2013, ACES is the nation’s first undergraduate honors program for cybersecurity. For graduates, job prospects are good – almost too good, in fact.

“Companies are begging for cybersecurity experts,” Cukier said.

The so-called “Internet of things” – a term used to describe our network of everyday objects with Internet connectivity – is a hacker’s smorgasbord where our identities and national secrets are on the menu.

Nearly 600,000 cybersecurity incidents were reported to the Department of Homeland Security in 2014.

New threats emerge faster than talent can be developed to stop them.

More than 209,000 cybersecurity jobs in America are unfilled, with job postings in the sector increasing 74 percent over the last five years, according to a Stanford University study using Bureau of Labor Statistics data.

A 2014 report from Cisco paints a more dire picture, estimating 1 million unfilled cybersecurity jobs worldwide.

Without action, the shortage will escalate, experts say.

Demand for cybersecurity professionals is expected to surge globally to 6 million open positions – but only 4.5 million qualified applicants – by 2019, according to Michael Brown, CEO of Symantec, one of the largest providers of security software.

Cybersecurity has become a national priority so critical that the White House, building on past efforts, launched an initiative in February 2016.

The proposal, which would increase federal cybersecurity funding by more than a third, includes modernizing IT across the government, investment in cybersecurity education and the establishment of a commission of thought leaders.

This need for talent, however, isn’t as sudden as it might seem, said Anupam Joshi, director of the Center for Cybersecurity and Cyber Scholars Program at the University of Maryland, Baltimore County.

“We’ve been hearing for 5, 6, 7 years that we’re not putting out enough people with a skillset in cybersecurity,” he said.

UMBC is a hotbed for cybersecurity talent with more than 1,000 graduates working at the National Security Agency, Joshi said.

While “cybersecurity” is the latest buzzword, the concepts these students learn – keeping data and information out of enemy hands – has existed for decades.

Take, for example, the work of Solomon Golomb, recipient of the 2011 National Medal of Science.

Dr. Golomb receiving the 2011 National Medal of Science from President Barack Obama

Golomb, who died in May, is best known for inventing mathematical games that served as the inspiration for Tetris.

But it’s his work with cryptography that helped develop early concepts of information security.

Trained as a mathematician, Golomb became fascinated with how algebra, specifically a phenomenon called “nonlinear shift registers,” could be applied to communications.

A shift register, which can be used for cryptographic ciphers, is a transformation of ones and zeroes in which the order of numbers shifts with each repetition.

Hired by the military in 1956, Golomb showed how this tool could be leveraged to create algorithms to secure communications signals.

In his famous list of “Don’ts for Mathematical Modeling,” the tenth catchphrase rings eerily true for the world in which we live:

“Don’t expect that by having named a demon you have destroyed him.”

But when it comes to destroying any evil force, knowledge is power.

“You don’t solve these problems immediately with an unskilled workforce,” said Margaret Leary, director of curriculum for the National Cyberwatch Center, which develops educational standards for cybersecurity.

Leary also heads Northern Virginia Community College’s cybersecurity program, which offers an Associate of Applied Science degree with 49 credits in IT.

The program’s enrollment has surged from 49 students at the end of the Fall 2014 semester to more than 750 in April.

An AAS can be transferred to a four-year institution, where, Leary said, programs often put policy over practicum.

“Training is a dirty word,” Leary said. “But you can’t write the policy unless you understand the technology on which the policy is being written.”

The same schools, she said, tend to put cybersecurity in their computer science program – another flaw in the system.

“The employers don’t understand the difference between computer science and IT,” she said. “Computer science is the creation of technology. IT is the application of technology to meet a business need.”

With this in mind, Leary, who also consults for the government as a security assessor, often recommends re-training for personnel.

“You won’t believe the number of network administrators and system administrators who don’t have any concept of security, because they’ve had no formal training,” she said. “It’s truly scary.”

The field also attracts those looking for a second career – especially veterans, said Jim Michaud, director of Cyber Talent Solutions for the SANS Institute.

Established in 1989, SANS specializes in information security training and certification.

Through the White House’s Joining Forces initiative, the company – with funding from corporate partners – pledged to provide free training for at least 200 veterans over the next four years through its VetSuccess cybersecurity program.

Veterans taking a cybersecurity course from the SANS academy at Joint Base Lewis-McChord in Tacoma, Washington.

“Veterans make great employees,” he said. “They’ve had a great exposure to technology. They are disciplined. They are used to a heavy duty work schedule. They make great leaders.”

Vets graduate in 3-5 months with a global information assurance certification, adhering to a curriculum that’s updated twice a year.

“The threats change constantly. That’s one of the problems universities struggle with,” Michaud said. “The bad guys are constantly trying new things. To keep up with the field, you have to be cutting edge.”

Major hacks have the power to damage lives.

They can shut down power grids, steal your social security number or tap into websites to expose your most secretive habits.

As the saying goes, there are two types of organizations: those that have been hacked, and those that have been hacked – but don’t know it yet.

“I have a 5-year-old granddaughter,” Michaud said. “I think about what her life is going to be like in 15 to 20 years. It’s scary out there.”