A significant shortage of cybersecurity professionals exists around the U.S. Even as reports of cybercrime and hacks compromising everything from individual security to government systems rise, shortfalls of people trained to thwart cybercrime and stop hacks exist and are expected to continue.
There are not enough qualified cybersecurity experts to fill open positions in the U.S.
The Scope of the Problem
According to the industry organization ISACA (formerly known as the Information Systems Audit and Control Association), just 59% of organizations with open cybersecurity positions in the U.S. can fill them. Twenty-seven percent can’t. Fourteen percent of organizations aren’t sure whether they can fill them or not.
For more on Cybersecurity see:
- Cybersecurity Is Now Political. What Should Companies Do?
- The Effect of Cybersecurity Concerns on Research and Development
- Passwords Don’t Work and Voice Recognition Is Hackable. What’s the Next Frontier in Cybersecurity?
Even when companies do manage to fill positions, though, pickings are relatively slim. More than 20% of organizations get fewer than five applicants to postings for open positions. Fifty-five percent of companies take more than three months to fill the positions, and nearly one-third say that it takes them six months or more. Finally, a startling 37% of companies indicate that less than 25% of candidates are truly qualified as cybersecurity professionals.
The result is that 3.5 million cybersecurity positions are forecast to be vacant by the time 2021 rolls around. Cybersecurity is caught in a conundrum: increasingly important, and increasingly unfilled.
One solution to the cybersecurity shortage is to employ students, to train and give them experience.
The Student Solution
Many organizations look to the student pipeline as offering potential solutions. Apprenticeship and internship programs are a promising start, as are mobile cybersecurity units that give students experience.
But college campuses themselves offer a potential fix to the human resources problem in cybersecurity. Colleges have long employed student workers everywhere from their libraries to their cafeterias. The students get experience and a sometimes much-needed paycheck; the universities get inexpensive labor. If colleges need cybersecurity tasks performed, why not let students do them, and learn while working.
This precise idea seems to have occurred to administrators at Texas A&M University System, according to the MIT Technology Review. They have hired student workers to pair with artificial intelligence (AI) in the Security Operations Center. The Center receives approximately 1 million hacking attempts every month. Its AI system monitors the larger university system to flag threats or unusual behavior, which the student operators then investigate and troubleshoot.
So far, the system seems to be working well. It attracts students to the cybersecurity field and offers them valuable experience and training.
It also helps to combat one of the chief issues besetting the field: even if companies do manage to find qualified cybersecurity people, they either burn out due to the stress of the work (itself often fed by too few people being stretched too thin) or leave because they are lured away by other organizations. Huge salary boosts to recruit qualified people are not uncommon in the field.
One of the few ways to fight burnout and turnover is to have a large workforce available. While it will take a while to have a large enough workforce to fill all open positions, at least the Texas A&M model is one way to rectify the problem.