The year was 2010 and NPR correspondent Tom Gjelten was covering issues of US diplomacy and military affairs. Gjelten decided to write on an emerging field of concern: cybersecurity threats. Here’s an excerpt from that report:
“There may be no country on the planet more vulnerable to a massive cyberattack than the U.S., where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking. What’s worse: U.S. security officials say the country’s cyber defenses are not up to the challenge. In part, it’s due to having too few computer security specialists and engineers with the skills and knowledge necessary.”
Clearly, Gjelten was on to something important. At the time of Gjelten’s radio report, there were only about 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyber defense tasks. Gjelten suggested in his report that another 20,000 to 30,000 similarly skilled specialists would be needed to fill the gap.
Times have changed. Right now, in the United States, there are more than 258,600 job openings for cybersecurity professionals, but according to the Global Information Security Workforce Study, cybersecurity workforce gap is on pace to hit 1.8 million by 2022 — a 20 percent increase since 2015. And by 2022, North America alone will have 265,000 more cyber security jobs than skilled workers. The quantum leap in numbers is no surprise. Nearly three-quarters of Americans have personally experienced a major data breach such as fraudulent credit card charges or stolen account numbers. The computers that we rely on every day; the device which you are presently using to read this article, they are all at risk, with more sophisticated cybercriminals popping up nearly every hour of the day.
A recent report released by Barclays summarizes the issue well. “Given the documented demand for cybersecurity professionals, one might think that sufficient efforts to build a strong talent pipeline would be well underway. However, few young people are made aware of and encouraged to pursue a career in cybersecurity. In Raytheon and the National Cyber Security Alliance (NCSA) 2015 annual survey “Securing Our Future: Closing the Cyber Talent Gap,” 67 percent of men and 77 percent of women agreed that the option of taking this career path was never mentioned to them by a teacher, guidance counselor or supervisory adult, and 80 percent of U.S respondents have never interacted with a cybersecurity professional or, if they have, were unaware of it.
Dr. Allen Parrish, former Chair of the Cybersecurity Department at the U.S. Naval Academy, and now Associate Vice President for Research at Mississippi State University, recently penned an article for Inside Higher Ed about the long-term need for cyber security education to address this pipeline issue. As Parrish said:
“While enrollment numbers in U.S.-based four-year institutions are down, universities across the globe are producing students in record numbers. But, that doesn’t mean they have the right skill sets to meet the demands of our global tech sector. The sheer speed of technology innovation is challenging educational institutions, nonprofit organizations and vocational training programs to think differently about how to deliver course materials that can pivot quickly enough to stay in sync with industry trends.”
And, therein lies the opportunity.
Barclays, Google, IBM, and nearly every other corporate institution out there have a vested interest in building a strong cybersecurity workforce. Institutions of higher learning, particularly those with engineering and computing programs, have a stake in preparing their students for this enormous need.
At ABET, we believe that some of the best learning can happen “on the job” and we see an opportunity for more programs to align with industry in order to build real-time training programs that put students at the center of this growing field. Last year, ABET launched accreditation criteria for cybersecurity to ensure students receive the knowledge and skills needed to prepare them for future careers in cybersecurity. One of the critical aspects of our accreditation process is preparing student “enter the profession” upon graduation, and in the dynamic field of cybersecurity, we need our academic programs to be highly innovative. We know that every innovation in the field of cybersecurity workforce development can lead to the increased safety and security of our global economy.
Within the popular programming language Python, there is a mantra that states “there should be one — and preferably only one — obvious way to do it.” However, when it comes to building a strong, agile, and diverse global cybersecurity workforce, the same is far from true. Rather, we must realize that there’s a role for all of us to play in preparing our engineering students to defend against this great threat, which we cannot see.