Cybersecurity workers shortage in USA

[NeuroticFish]

I don't think that it's not a problem, remember that immigrants are being a target of prejudiced towards this people because they think that they're taking every jobs out there. I still think that the next generation is much dumber because no form of critical thinking is being employed.

It is a problem, but it's unrelated to the topic. As I said, the problem usually is that nobody asks for such specialists.

And I've seen in many countries the "immigrants take out jobs" play. It's usually sang by people too under-qualified for the jobs "taken from them" or too lazy to do lower jobs for lower pay. I don't think that any smart manager would care about that.

[1715298519]

1715298519

[1715298519]

1715298519

[1715298519]

1715298519

[1715298519]

1715298519

[1715298519]

1715298519

[1715298519]

1715298519

[dezoel]

I believe that is not just because people are working with papers and pens type of situation, but also because people are not getting paid enough. When you are a hacker/scammer you could make so much money that whatever is offered for being white hat is nowhere near enough. Why would I learn skills that would make me a millionaire very easily and then use that for 90k a year career? I understand that many people expect the "because it is right thing to do" answer to be enough but believe me if those people were people who just did what is right thing to do they wouldn't learn those skills to begin with.

Basically you are trying to hire hackers to help you fight against other hackers, that is not cheap and will take money. On top of that culture is different, in China those people are in millions, in USA it is not seen as a good job, even a game developer who makes half of that salary still prefers it.

[tabas]

~

Yeah, there really are companies that want to outsource talents but not to completely hire them but I'm sure that there are good employers that sees the talent of those freelancers if they're going to take care of them.

I don't think that they will stop doing outsourcing anytime soon, remember that it's of value to them that they don't pay this people like a regular workers. So that's an unlikely to happen anytime soon. I don't expect black heart businessmen suddenly doing the taboo for them.

That's bad on the side of those good freelancers, but as long as they've got a contract, I guess that would be fine for them.

Maybe it's because that the violation and damage they've done cost a lot and that's why they don't want to hire them. But such talents are wasted if they've used it in a bad manner instead of looking for an opportunity that will cultivate that talent.

But their skills should outweigh the attacks that they did and it's not like they can get this jobs, remember that some of them aren't even college graduates which is the requirement for some of the businesses to accept new employees.

They won't be hired if they haven't shown any familiarity and skills to their employer. I'm sure that most employers are doing tests and assessment before approving someone to work for them.

[verita1]

The vulnerability that cybersecurity has shown in the USA is remarkable in just so far this year they have had several computer attacks on government and business targets.
Among the highlights, the Colonial Pipeline cyberattack that transports gasoline and other fuels daily from Texas to the port of New York.
Following these incidents, the Joe Biden administration has assigned special attention to strengthening cybersecurity.
Recently, the Secretary of Homeland Security Alejandro N. Mayorkas highlighted the initiative of the largest hiring of 300 cybersecurity professionals, increasing the offer to 500.

“As cybersecurity threats to our communities continue to rise, we must recruit and retain diverse top talent to defend against today’s threats and build a more resilient future,” said Secretary Mayorkas.

DHS is dedicating significant energy toward exceeding our cybersecurity hiring goal by recruiting talented experts, investing in diverse talent pipelines, and ensuring equitable access to professional development opportunities at every level.

https://www.dhs.gov/news/2021/07/01/secretary-mayorkas-announces-most-successful-cybersecurity-hiring-initiative-dhs

[Zilon]

I think this should be a big opportunity for IT specialist to venture into cybersecurity get certified and then get employed to help curb the situation on ground. It's in cases as this that people decide to switch occupation to fit into the present need of the society, provide solutions and add relevance to their own existence so the can boast of how the contributed in making an economy what it is

[DrBeer]

The question is not simple. On the one hand, systems and software systems are constantly becoming more complex, along with the growth of functionality. On the other hand, the more complex the system, the more points of failure it has, and in software it is highly likely a "hole" that can make the system work in an undocumented way. And there is a third party - people who are interested in implementing "backdoors" and have access to the development of corporate systems - these can be ordinary line developers, administrative personnel with the necessary powers.
At the same time, one must understand that it is much easier to create a destructive solution than to create and create complex complexes. Building a computer is difficult, making a hammer that can easily destroy a computer is very simple. Therefore, it is extremely difficult to "catch" such deliberate actions. And the logical continuation of this - it requires much more resources and time. Moreover, this process will always be a "catch-up game". Option - to introduce extremely harsh punishments for technological crimes, and special control over software developed for the public sector and critical segments of the economy.

[aysg76]

With advancements in technology the load of cyber security experts is also increasing and they have to learn new skills these days to combat any type of hack day DoS attack or phissing attack and they need to be concentrated on their work.The companies in US will try to hire only the experts in this field who have past experience and have specialised skills needed for that job along with certification as there is not any entry level competition for it and they require experience software engineer for this work.So you need to have college degrees first of all and work as intern for some months and then work with some big company and then you will be hired with these so clef companies with average salary of $80-$90k.So it's better to learn all those stuff and have problems solving mind to tackle with any kind of hack and work in better security protocols.I know a teen who setup his own company for cyber security and have huge client base at this time running million dollars business so it's upon you whether you want to be employee or hire them.

[tabas]

I think this should be a big opportunity for IT specialist to venture into cybersecurity get certified and then get employed to help curb the situation on ground. It's in cases as this that people decide to switch occupation to fit into the present need of the society, provide solutions and add relevance to their own existence so the can boast of how the contributed in making an economy what it is

There are hopefuls that are going into cybersec but it's just that some of employers aren't giving that much attention to their regularization and only going with freelancers. This is happening for some of the companies but there is no problem with those big companies that gives value to their security and that's why it's one of the highest paid job in the world even if you're just in the middle position.
Those that are still young and reading this topic and already in the IT field, you might want to get certified with cybersecurity certificates.

[lixer]

Recent news in various outlets are pointing out to companies in the US that have been victims of ransomware and other attacks not being able to get the help they need to get back on-line. Particularly, hacks that infect software companies that then spread the threats to other companies (as the recent Solarwinds which affected a number of major software providers). In my view, the equivalent to this is to be outnumbered by an enemy army - loosing a war because you do not have enough qualified soldiers.

It seems like issues that has to do with cyber security got worst ever since this pandemic, cause I was steady seeing news about companies that were being attacked by hackers. I am not too sure about what you have said here about cyber security workers shortage. I believe there are many of them out there, it is up to the companies to look for them and pay them properly and also provide them with every necessary equipment that they will be needing for their job.

It is very important for every companies to put more effort in insuring that they have the best security on their platform. Any company that doesn’t invest more in security is making a big mistake, because if they end up getting attacked they are going to be losing a lot of money due to that.

[AicecreaME]

Recent news in various outlets are pointing out to companies in the US that have been victims of ransomware and other attacks not being able to get the help they need to get back on-line. Particularly, hacks that infect software companies that then spread the threats to other companies (as the recent Solarwinds which affected a number of major software providers). In my view, the equivalent to this is to be outnumbered by an enemy army - loosing a war because you do not have enough qualified soldiers.

https://searchsecurity.techtarget.com/news/252494362/10-of-the-biggest-cyber-attacks

Europe & USA are not taking this seriously enough and are not regulating strongly enough the requirements. You may argue that these are private companies, but the fact is that they have an effect on the system creating a "call effect" to further attacks and creating caos in the economy.

I think the reason why cybersecurity workers shortage is happening are:

1. The degree and certification in cybersecurity are expensive.[
Maybe why there are only a limited of people in this industry is because the majority who are passionate to pursue this kind of career cannot afford it. Maybe the tuition fee for college is too much that they don't have enough money to pay for it. Hence, they would just look for another degree that is cheaper compared to what they like the most. If the college tuition is expensive, I think the certification would be of the same level as well. This will really drive away possible workers because they are discouraged by the financial barriers, to begin with.

2. Experience is usually needed before a company accepts and hires you.
If this will be the requirement to almost every company that is existing, I bet there would really be a shortage. Imagine finding a fresh graduate an existing job experience, it's absurd, right? I mean, if they would ask for seminars, training, and extracurricular, it would be fine, just not the job experience for like 5 years.

3. Maybe the cybersecurity workers already migrated to other countries.
This is self-explanatory. If the graduates will fly over different countries, the companies will really have no options to choose from. They will need to hire outsiders that are fit for the job. Otherwise, their company's security would be at big risk. They will be prone to hacking and ransonware attacks like what you have mentioned.

[Kittygalore]

~

It is a problem, but it's unrelated to the topic. As I said, the problem usually is that nobody asks for such specialists.

And I've seen in many countries the "immigrants take out jobs" play. It's usually sang by people too under-qualified for the jobs "taken from them" or too lazy to do lower jobs for lower pay. I don't think that any smart manager would care about that.

In this fast paced and technology dependent world? Nobody asks for this specialists when their data security is tied to the prosperity of their company? I don't think that that's the case because if there's a lack in demand, there's should be reports regarding the negligence of the company when it comes to their cyber and data security.

[NeuroticFish]

In this fast paced and technology dependent world? Nobody asks for this specialists when their data security is tied to the prosperity of their company? I don't think that that's the case because if there's a lack in demand, there's should be reports regarding the negligence of the company when it comes to their cyber and data security.

At least in my country the acquisitions made for a hospital, for example, are made by politicians, economists and doctors. Take a wild guess, are they vulnerable?
I guess that this goes on in many companies, countries, fields. Although we're in a tech dependent world, many don't understand that fully; and some of those are the people who make the decisions, buy equipment, hire personnel.
The real world is not as smart as we'd like to believe.

[Kakmakr]

I think the USA and a lot of other countries are lacking skilled IT Security specialists that can compete with Russian and Chinese hackers. The threat is there, because with Solarwind, the US pointed to Russian hackers that infiltrated a security company and then government departments. (It was embedded in a Solarwind upgrade, after they reverse engineered the exploit)

The only way to neutralize these threats are to hire "White hat" hackers to train security experts in the counter measures to neutralize these hacks. 

[Shenzou]

I think that the need for cyber experts has seen a significant surge in the past couple of years, especially with the many attacks that have been happening in many companies, and on the other hand you have less people graduating or having a degree in it due to it not being not so popular before these couple of years and most of the ones that have work in another field because the cybersecurity is not a busy job, so i guess this demand will create more incentive for student to roll it or study it.

[Hydrogen]

Michael Crichton, the author of Jurassic Park, is famous for publicizing the statistic of the united states having 25% of all the lawyers in the entire world. Most americans want to be a lawyer making $100,000+ year. There isn't the interest in science and engineering fields, that countries like japan enjoy.

IT security, at a high level, is notorious for being a difficult sector to work in. Vulnerabilities and exploits arise and are patched. The landscape is constantly shifting and evolving. There are always new skills and knowledge to be absorbed to stay current and relevant. Its not like being a doctor or lawyer where many can stop learning once they get their degree.

Cybersecurity can also be very tedious and have a high burn out rate. Humans aren't well adapted to staring at screens for 12 to 30 hours a day. Poring over code and documentation. As is sometimes demanded by IT security fields.

[Xinarae*]

In the face of many challenges technology has helped most in the normal life. It is also said that technology will affect people's personal and professional lives in a new way in the future as the use of technology grows and grows so does cyber security the trend of grabbing money to get various traps online has increased all over the world. Even in developed countries like the united states and the united kingdom such frauds are happening all the time That's why the united states and other countries around the world have stepped up their cyber security.

[palle11]

The government has to step on it and encourage the younger ones to look at this career. AFAIK, in other countries like Israel, they've invested a lot on this and they're known to be one of the best countries in the cyber security space.

This is a good suggestion to leave this kind of challenges. Shortage of cyber security workers and experts because cyber crime is on the rise. There are many things that any government (not only the US country) can do to solve the problem just the way you have suggested. Encouraging young people in such career is one way to it and encouragement is not only by speaking it or announcing it public but to also create incentives to make it more attractive and lucrative. They can make the career easier to access, the study and scholarship too to be stressless and creating pension benefit for those that will work to retirement. They are many other incentives to be created to encourage people into it.

[shield132]

Same thing here in Australia.

I've seen LinkedIn ads here hiring for cybersecurity professionals and apparently people could get in with a Bachelor of Arts or a Bachelor of Media Communications. Makes absolutely no sense.

Is this even worthwhile if you are hiring unqualified people imo? Sure, on paper you may seem like an absolute gem of a firm for having 50 staff on hand for cybersecurity related matters, but when you realise that 45 of them had studied English literature and haven't the slightest clue what they're doing, it's a lot less impressive (especially when they're getting paid big time!).

I love Australia so much but I can't live with spiders
My friend is a cybersecurity specialist in Australia and she has told me that in IT sectors, sometimes they don't care much about your educational background and what matters the most is your working experience and I would say that it's true at some point. I have often seen people finishing MBA working as a fullstack developers, I have even seen one as a DevOps engineer in one bank after finishing an intense Bootcamp and learning course.

Just saw in one LinkedIn job offer section that the requirements for cybersecurity analyst was - A qualification or equivalent work experience in Information Technology.

[Kittygalore]

~

At least in my country the acquisitions made for a hospital, for example, are made by politicians, economists and doctors. Take a wild guess, are they vulnerable?
I guess that this goes on in many companies, countries, fields. Although we're in a tech dependent world, many don't understand that fully; and some of those are the people who make the decisions, buy equipment, hire personnel.
The real world is not as smart as we'd like to believe.

It's not they don't understand, it's because they don't like spending on IT too much, companies are notorious for cutting costs when it comes to stuff like their security especially if they are exploiting the people that they're hiring. But so far, these mentality of cutting costs for IT is waning because people have seen how devastating a compromise is in their IT infrastructure.

[cryptomaniac_xxx]

Same thing here in Australia.

I've seen LinkedIn ads here hiring for cybersecurity professionals and apparently people could get in with a Bachelor of Arts or a Bachelor of Media Communications. Makes absolutely no sense.

Is this even worthwhile if you are hiring unqualified people imo? Sure, on paper you may seem like an absolute gem of a firm for having 50 staff on hand for cybersecurity related matters, but when you realise that 45 of them had studied English literature and haven't the slightest clue what they're doing, it's a lot less impressive (especially when they're getting paid big time!).

I love Australia so much but I can't live with spiders
My friend is a cybersecurity specialist in Australia and she has told me that in IT sectors, sometimes they don't care much about your educational background and what matters the most is your working experience and I would say that it's true at some point. I have often seen people finishing MBA working as a fullstack developers, I have even seen one as a DevOps engineer in one bank after finishing an intense Bootcamp and learning course.

Just saw in one LinkedIn job offer section that the requirements for cybersecurity analyst was - A qualification or equivalent work experience in Information Technology.

True, as long as you have a background in Information Technology, like a programmer or data base admin, the company can retool you and give you the proper training in order to be a cyber security analyst/expert.

Speaking of Australia, they are one country that really take cyber security very seriously, regardless of private companies being attack or government agencies, they are very quick to response to any situation.