An overwhelming majority of U.S. companies are encouraging or requiring their employees to work from home because of COVID-19. So, it’s no surprise that the Cybersecurity and Infrastructure Security Agency (CISA)—an arm of the U.S. Department of Homeland Security—has named cybersecurity engineers, cybersecurity risk management jobs, and information technology staff as “essential for continued infrastructure viability.”
“Workers across the information technology sector are playing a more essential role than ever in enabling critical infrastructure, helping businesses stay online, and keeping citizens connected,” says John Miller, Information Technology Industry Council’s Senior Vice President of Policy.
“These workers are critical to supporting health care providers, manufacturing technology products and components, securing and servicing critical data centers, delivering food and essential needs to communities, keeping out-of-school students engaged, and enabling governments to respond to this global health crisis,” he adds.
At a time when their skills are needed more than ever, there’s a major gap in the number of qualified cybersecurity workers. The shortage in the U.S. alone is already estimated at around 500,000.
Experts have forecast more than 3.5 million open cyber jobs around the world by next year, and that forecast was made before the massive increase in the companies and individuals doing their business online.
Online Use is “Unprecedented”
“What we’ve seen, of course, is unprecedented,” says J.R. Cunningham, VP of Strategic Solutions for Herjavec Group, a world-renowned cybersecurity company. In the wake of the COVID-19 pandemic, companies that don’t normally have remote workers are trying to school themselves on the process. K-12 schools are trying to implement online learning.
“These are challenges that many organizations really didn’t prepare for because it wasn’t part of their normal operating model,” adds Cunningham.
Online meeting and security tools are being leveraged more than ever before. Since the COVID-19 outbreak the use of Webex—an online video and audio conferencing program—has skyrocketed 22-fold with 3.2 million meetings held using Webex in 24 hours alone.
Companies using the tools they can to continue business, but protect their data, has also led to a surge in the use of virtual private networks (VPN). One report shows VPN use up by more than 200 percent in the Netherlands, Austria, and Canada. The U.S. increase is 66 percent, so far, and expected to climb rapidly as more employees are forced to work remotely.
Cybercrimes, Scams, and Hacks
Even with security measures in place, hackers are still finding their way through data protections. Last year, cybercrimes accounted for $2 trillion in losses, despite 83 percent of company directors increasing their investment in cybersecurity since 2018.
Phishing emails—cam emails that look like they’re from legitimate senders but are designed to implant malware into your computer or steal your information—and outright cyber-attacks—like the one that hit the U.S. Health and Human Services Department computers—are rampant.
An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the COVID-19 crisis, according to a Reuters news agency report.
CISA is urging VPN users to apply software patches for an added layer of security.
CISA also warns individuals to remain vigilant and follow these recommendations:
- Avoid clicking on links and attachment in unsolicited emails
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information on COVID-19
- Do not reveal personal or financial information in email, and do not respond to emails soliciting this information
- Verify a charity’s authenticity before making a donation
Demand for Skilled Cybersecurity Workers Continues
Anne Neuberger, Director of the Cybersecurity Directorate at the NSA, spoke with WorkingNation about the shortage in cybersecurity workers last year, warning that “America is the most connected country in the world, and with that connection comes significant vulnerabilities.”
At the same time, she added, “There’s work to secure those networks, whether working for a company, whether working for a city, state or a government entity, or whether opening a business related to cybersecurity. There’s a lot of opportunity in that space.”
Andy Ellis is the Chief Security Officer for Akamai Technologies, an American cybersecurity provider, content delivery network, and cloud service company. Ellis says the goal of security is to ensure users are accessing safe systems and, with that increase in usage, comes more attempted cybercrimes.
He notes that Akamai is expecting to do more hiring than had been anticipated prior to the pandemic. Ellis says that transferable skills can lead to work in the cybersecurity sector. “Any skill can be applied to security,” he says.
For example, Akamai has passive reference libraries of documentation regarding its clients’ particular systems. “That information has to be updated every year. That is a librarian skillset,” explains Ellis.
Global information technology association ISACA’s State of Cybersecurity 2020 report shows 70 percent of respondents said that fewer than half of their cybersecurity applicants are well-qualified, and 72 percent of cybersecurity professionals believe their human resources departments do not regularly understand their needs.
“Cybersecurity jobs are in high demand but, as many organizations are all too aware, it continues to be a real struggle to find the right candidates with the right skills and experience to meet the demands of these roles,” says retired Brigadier General Greg Touhill, ISACA board director and president of the AppGate Federal Group.
“They lack good communication skills, proper understanding of security architecture, awareness of risk as a discipline, project management knowledge, and critical thinking skills,” Sandy Dunn, chief information security officer for Blue Cross of Idaho tells Tripwire.
Creating a Cybersecurity Worker Pipeline
“I think the solution is for cybersecurity professionals, people like myself who are part of the hiring and managing of cybersecurity teams, to embed ourselves in the college curriculum and partner with college educators to influence the skills required in a cybersecurity program,” reports Dunn.
Beyond traditional higher education, digital college Calbright—created by the California Community College system to focus on educating and training working adults so they can move to higher-paying jobs—offers both cybersecurity and IT programs.
Learners in the cybersecurity program pathway will be prepared to successfully complete the CompTIA Security+ certification exams (SY0)-501, which is an industry-recognized certification. The IT pathway prepares students to complete the CompTIA A+ certification, which is also an industry-recognized certification.
The program leverages online classes, apps and partnerships with hiring managers for internships and a pathway to jobs. As a job-competency program, students learn at their own pace at their own location. Since the program caters to working adults, their work experience and knowledge can help them move through the program faster.
Neuberger is a fan of these nontraditional, skills-building initiatives. “What’s the value of a four-year or a two-year college? There are entire, really interesting ways to get cyber-related certifications that one can do outside of the college environment…and then show you have the skills which employers value,” Neuberger says.
Educators Partnering with Businesses
Nonprofit Per Scholas anticipated the cybersecurity need several years ago and created partnerships with Symantec and Barclays International to develop cybersecurity training for military veterans and unemployed adults.
All of Per Scholas programs are information technology-related, tuition-free, and use the independent-study model and small class sizes in whcih students learn by hands-on experience and instructor assistance when needed. The average program takes 14 weeks, and, on average, quadruples students’ income. The graduation rate is 85 percent, and 80 percent of graduates find jobs.
Programs such as the Akamai Technical Academy, is a year-long training program for individuals with no technical background, but transferable skill sets. Upon completion, they’ll could join the company at what it calls an “insertion level job,” as opposed to an entry-level job.
Cybersecurity Training Resources
Transferable skills are valued by the CISA, which launched a training catalog of 2,000 classes for current cybersecurity workers looking to update their skill sets, students who want jobs in the industry, and working professionals looking for a career change.
Specifically for current government workers, the DHS created two online trainings that include courses on the newest technology, executive-level training and industry certification courses.
If you’re considering a job in cybersecurity:
- Professional inventory of your skills: are you computer savvy? Detail oriented? A problem solver? Able to identify and easily explain – to non-technical folks – the challenges, needs and solutions?
- Education: In addition to traditional higher education institutions, community colleges, programs like Calbright, community nonprofits and more can provide the appropriate training. Tripwire has compiled a list of providers to consider.
- Credentials: As you choose your program, check if it’s accredited by the DHS’ National Centers of Academic Excellence.
- Certifications: These are an acknowledgement of current and best practices. Consider the CISSP.