Own IT. Secure IT. Protect IT.
That’s the joint message from the federal government and the cybersecurity industry this October, National Cybersecurity Awareness Month. The annual campaign — complete with a toolkit — is designed to call attention to what you, as an individual or as part of a company, can do to be “safer and more secure online.”
It is easy to see why the campaign is needed.
There’s a dangerous upward trend in cyberattacks worldwide and they come in many forms. Last year, there was a 350 percent increase in ransomware attacks, a 250 percent increase in spoofing or business email compromise, and a 70 percent increase in spear-phishing attacks (malicious codes or malware embedded in an email link), according to a recent report.
Customers are feeling the effects. Data breaches affected millions of people in 2018 including customers of Dunkin’ Donuts, Marriott, and Under Armour. This year, medical testing company LabCorp revealed that a breach exposed the personal and financial information of 7.7 million customers. One estimate predicts cybercrime will cost consumers worldwide $6 trillion annually by 2021.
Companies are trying to respond appropriately and be proactive, but it’s a global struggle. More than half of organizations recently surveyed believe they are at extreme or moderate risk of a cyberattack, partially due to staff shortages.
Vulnerabilities and opportunities
“Some of the most recent forecasts have been that there will be 3.5 million open jobs in cybersecurity by 2021. That’s an amazing number,” says Anne Neuberger, the Director of Cybersecurity at the National Security Agency, and who last week added Deputy National Manager at the NSA to her title. “(Cybersecurity) means a lot of opportunities for anyone looking to get into the field, or simply looking for a job.”
In addition to the startling number, she says there are three reasons why she sees continued and increasing opportunities in cybersecurity. The first is vulnerability. Ninety-one percent of those already working in cybersecurity believe organizations are at risk for a cyberattack, and 94 percent of cyber professionals believe the hackers have the advantage.
“America is the most connected country in the world, and with that connection comes significant vulnerabilities,” warns Neuberger. “Across networks, across the Internet of Things, the small devices that are increasingly connected to the internet, there’s work to secure those networks, whether working for a company, whether working for a city, state or a government entity, or whether opening a business related to cybersecurity. There’s a lot of opportunity in that space.”
Neuberger is a fan of companies expanding beyond traditional work arrangements and says this is the second reason she sees these employment opportunities. Those who may not be looking or available for work on a full-time basis can still be a solution to the workforce gap.
“There’s a lot of good opportunities that are part-time,” she says. “You can augment a cybersecurity team at a company, or you can consult and run your own consulting business, helping individuals on their home networks, or small companies.”
The third reason cybersecurity is a growth area for jobs, she says, is the more diverse education options. A bachelor’s degree and certifications are the typical credentials for jobs such as information security analysts, but they’re not the only way to qualify.
Pathways to cybersecurity jobs
As WorkingNation explored with Cracking the Code: A WorkingNation Town Hall on Closing the Cybersecurity Skills Gap, collaborations between employers and educators are producing innovative solutions to training and upskilling. For a position such as a network and computer system administrator, a post-secondary certificate or associate’s degree, with commitments to continuing education, may fulfill a hiring manager’s qualifications.
“What’s the value of a four-year or a two-year college? And what’s really the value of acquiring skills? There are entire, really interesting ways to get cyber-related certifications that one can do outside of the college environment…and then show you have the skills which employers value,” Neuberger tells WorkingNation.
In addition to technical skills, the ability to interact with customers, supervisors, and co-workers is critical, according to a West Monroe Partners report. Otherwise-talented candidates are losing out on jobs because of their inability to communicate and collaborate. According to the report, 98 percent of human resources leaders say these soft skills are an essential part of a technology job, and 67 percent say they withheld a job offer from an IT candidate because they lacked those skills. This is where, Neuberger says, women may have the advantage in this field.
“When you look at women, women have lots of different skills. Some are natural problem solvers,” she says. “There is a growing number of women involved, particularly in the less technical aspects of cybersecurity, bringing people of different disciplines together.”
Women represent a minority in the field
Still, equal representation by women in the industry is a concern. A survey of cybersecurity professionals shows that less than half of respondents believe women have the same career advancement opportunities as men. Currently, women now make up 20 percent of the global cybersecurity workforce, up from 11 percent in 2013, and Neuberger says there’s room for some balance — taking care of life responsibilities and having a future in cybersecurity.
Her own journey to working in cybersecurity for the government started 20 years ago, after she was already working on Wall Street, pursuing her MBA, and raising a family. “My dad came to this country as a refugee from Hungary. My grandparents are all Holocaust survivors, and they raised me to feel a great deal of gratitude for being an American. So, at some point, I decided I wanted to repay a small piece of that debt by going to government service,” she says.
One of her professors at Columbia University suggested she look into the White House Fellows Program. “I applied and I was accepted. I was sure I’d be going to a Treasury-related role, and instead, they assigned me to the Pentagon. So, my life took a left turn, and I ended up in National Security,” Neuberger explains.
She became part of a new team called Cyber Command, which was established to protect military networks. That led to a 20-year career at the National Security Agency and to her current role in which she is responsible for raising the security of critical private sector cyber-infrastructure.
“Anne Neuberger’s extensive leadership at NSA as our First Chief Risk Officer, Assistant Deputy Director of Operations, and our lead for the Russia Small Group, have more than prepared her for this new role,” said Gen. Paul M. Nakasone, Director, NSA, in a news release announcing the promotion.
Open to opportunities
The path wasn’t what she planned for her life. “Very unexpected. So, while planning a career is great, being open to opportunities, and having people who give good advice in your life is probably just as important.”
“For somebody who likes puzzles or problem solving, cybersecurity is a great field,” she continues. “There are many aspects to cybersecurity. One can actually code, one can work on securing networks and understanding network protocols, one can manage a team, or one can interface with people who know nothing about technology and want it spoken to them in (plain) English. ”
And there are millions of opportunities out there.