As reported by The Tampa Tribune, colleges across Florida are racing to create the next generation of cyber security professionals who have the required knowledge to fight back against today’s increasingly sophisticated and well-funded bad actors. For example:
-The University of South Florida has launched the Florida Cybersecurity Center, which functions as a hub to share knowledge, resources, and training among the state’s dozen public universities.-Saint Leo University (Saint Leo, Florida) recently began offering a masters program in cyber security, to go alongside its undergraduate program in information assurance and security.
-As part of its degree track in computer science and information technology, Florida Polytechnic University (Lakeland, Florida) is now offering a concentration in information assurance and cyber security.
-Starting in Fall 2015, the University of Tampa will begin offering an undergraduate degree in cyber security.
“The demand [for trained cyber security professionals] is very high. I’ve had students get into cyberspace companies with just one security class, never mind an entire major,” commented Kenneth Knapp, a professor of information and technology management at the University of Tampa. “With all of the high-profile breaches over this last year or so, more focus has been on security than I’ve ever seen, and I’ve been doing it since I was 21 years old in the Air Force.”
As evidenced by the spate of new college programs, the demand has led to a perilous cyber security skills shortage in the US and around the world. Last year, we highlighted a study and infographic by Norwich University that found:
- -Over the past 5 years, demand for cyber security professionals has grown more than 350% faster than demand for other IT jobs.
- -The field of cyber security has grown more than 1200% faster than demand for all other non-IT jobs.
- -There is a shortage of 330,000 new cyber security professionals worldwide, including 600 with the US Department for Homeland Security, 5,000 with the US Cyber Command, and 10,000 with the US Federal Government.
- 56% of organizations worry that they have too few cyber security professionals to manage current and emerging threats.
- -35% of organizations want to hire new cyber security professionals right now, but cannot find qualified people.
It’s certainly a step in the right direction for colleges and universities to launch new cyber security training programs, whether such institutions are in Florida, the UK, or anywhere else. However, even the most aggressive approach to churning out engineers and analysts is not going to solve the problem anytime soon. As my colleague Doug McLean wrote last May:
This is just a case of aggregate demand far outstripping total supply. It takes years of study and work experience to even become one of these “unicorns” [i.e. trained and qualified cyber security professionals] that all enterprises desire. Even if you do find a security analyst you can expect to pay him (there are few women in this field), an average salary of $120,000 plus benefits, and you can’t expect much loyalty, as it’s a very mobile workforce. You can also expect to spend months looking for a truly qualified candidate. One CISO at a well-known wealth management firm recently told us his interview to hire ratio is 40:1. Finally you can’t expect this problem to get better anytime soon. The fundamental trends in the threat landscape point to this problem only getting worse for the foreseeable future.
Unless and until this massive skills gap closes, the only practical way for enterprises to investigate all of the cyber security events generated by their network security products is to fully automate their traffic analysis, incident response, and threat remediation at each step in the kill chain.
Because, as Doug noted, the shortage is going to get worse before it gets better. For vulnerable enterprises that cannot adequately staff their Security Operations Centers (SOCs), this isn’t just frightening: it’s unacceptable.
In the meantime, learn why the experts are saying that breach detection is your new must-have, cyber security tool.