The Cyber Security Talent Shortage

View all blog posts under Articles | View all blog posts under MSCS

Cyber security professional works on desktop computer.As the world transitions further into cyberspace, fully staffed and equipped cyber security departments are an absolute necessity for companies that do business online or store sensitive information on computer networks.

One example is UK retailer DSG Limited, according to tech journalist Danny Palmer’s ZDNet.com article, “Dixon’s Carphone Hit with £500,000 Fine After Data Breach Affecting 14 Million People.”

That breach occurred because DSG violated the “basic, commonplace security measures” directives of the U.K.’s 1998 Data Protection Act, according to an Information Commissioner’s Office (ICO) investigation.

Large-scale security breaches like these are becoming common, in part because of underfunding and understaffing. In fact, the business world is now in the midst a major cyber security talent shortage.

Leading researchers like Cybersecurity Ventures predict that 3.5 million cyber security positions will be available but unfilled by 2021, according to a New York Times article, “The Mad Dash to Find a Cybersecurity Force.” Graduates of online cyber security master’s degree programs should be in demand and well equipped to fill such positions.

Why the Shortage?

The shortage of talent in the cyber security industry began in earnest at the beginning of the 2010s when cyberattacks began to increase. Corporate America saw large companies hacked by malicious actors who stole sensitive information about clients, customers and patients and sold the data for profit.

“Not only have cyberattacks grown in frequency and intensity, but also cybersecurity has risen to become a board-level issue,” writes Stellar Cyber CISO Dave Barton in his article, “The Cybersecurity Talent Gap = an Industry Crisis” on SecurityMagazine.com.

“After the Target 2013 attack, boards and executives realized cybersecurity was a business issue and some started putting more money behind it. The aftermath is that everyone is hiring, all at the same time.”

Barton also describes several issues and challenges that give rise to the cyber security talent shortage:

  • A general lack of qualified staff and candidates, with some positions going unfilled for longer than six months
  • Using under-skilled talent, such as current IT teams that tend to prioritize up-time over security
  • Large, complex suites of security tools, employed by companies to handle all aspects of security, often used inefficiently or incorrectly by stretched-thin security staff
  • A lack of security oversight, which can occur when management knows very little about the technical side of cyber security
  • Failures or delays in security training for all employees, resulting in poor security practices by non-security personnel

Another growing concern is the notion that hackers are very good at staying one step ahead of cyber security professionals and departments. Hackers employ fast-paced, organized channels of communication through which they share, almost instantaneously, the latest exploits, vulnerabilities and hacking strategies.

“Vulnerabilities are exploited by criminals within 30 days of disclosure, meaning that as these vulnerabilities are disclosed publicly, the criminal underground quickly adopts them into new attacks,” Leslie D’Monte writes in “Why Hackers May Always Remain a Step Ahead” on LiveMint.com.

Hackers learn and employ new methods of hacking systems every day. And those new methods keep them current on all things hacking related. Corporate America is, in many ways, constantly playing catch-up. The cyber security industry is almost always acting defensively against new threats.

How Will the Cyber Security Talent Shortage Be Solved?

Many businesses now understand the importance of an adequately staffed and funded cyber security department. In many companies, cyber security now enjoys C-suite representation on corporate boards of directors. The far-reaching and expensive hacks of the past decade taught business executives to take cyber security more seriously.

One approach to solving the crisis is to tackle the problem from the coding side. “Approximately 111 billion lines of code are created each year, and this is only set to grow,” Secure Code Warrior CEO Pieter Danhieux tells tech writer Maria Henriquez in her SecurityMagazine.com article, “Addressing the Cybersecurity Skills Shortage Through Upskilling and Retention.”

“More code means more vulnerabilities, and the industry is struggling to meet the demand for cybersecurity expertise,” continues Danhieux.

Danhieux suggests that companies enlist the help of cyber security professionals — who can look at programs through the eyes of potential hackers — to help their programming staff learn to code more securely. More secure code results in fewer vulnerabilities available to malicious actors.

Another step that businesses can take is to provide or fund further training and education and offer competitive salaries to retain cyber security professionals. The longer people work with each other as a team, the more they bond and develop a shorthand for working together efficiently.

Finally, cyber security professionals should stay on top of hackers’ latest exploits and strategies. “A security researcher’s job is to find and test new and innovative approaches to the tools and techniques that threaten network integrity and then responsibly share that information with both the industry and the security community,” SafeBreach CTO Itzik Kotler writes in “Staying One Step Ahead of Criminal Hackers” in Forbes.

To catch or — better yet — prevent a hacker, one must think like a hacker and pay attention to the online forums (including the deep web) where hackers share their most recent criminal innovations.

Professionals asking themselves, “Is a master’s in cyber security worth it?” should understand that a degree can prepare them for a rewarding career, both now and in the foreseeable future.

University of North Dakota’s Master of Science in Cyber Security Program

Choosing the right online cyber security master’s program is a decision that should not be taken lightly. The best programs will offer courses that keep current with today’s cyber security issues and concerns.

UND’s Higher Learning Commission-accredited online cyber security master’s degree program is ranked in U.S. News & World Report’s Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.

UND prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security.

For more information, visit the program’s website.

Sources:

Dixon’s Carphone Hit with £500,000 Fine After Data Breach Affecting 14 Million People – ZDNet.com

The Mad Dash to Find a Cybersecurity Force – NYTimes.com

The Cybersecurity Talen Gap = an Industry Crisis – SecurityMagazine.com

Why Hackers May Always Remain a Step Ahead – LiveMint.com

Addressing the Cybersecurity Skills Shortage Through Upskilling and Retention – SecurityMagazine.com

Staying One Step Ahead of Criminal Hackers – Forbes.com