Here are 5 reasons that cybersecurity talent gap is a threat to your own security – and what you can do about it.

5 Ways the Cybersecurity Talent Gap Makes Your World More Dangerous

By Molly Castelazo

Americans know precious little about cybersecurity. That lack of awareness is dangerous. What’s even worse is the fact that there are far too few people in a position to protect the systems we rely on. (In Arizona, there are 6,875 unfilled job openings in cybersecurity; there are 285,681 unfilled positions nationwide.)

Here are 5 reasons that cybersecurity talent gap is a threat to your own security – and what you can do about it.

1. Cyber attacks are a fact of modern life.

There were 1,579 data breaches in the U.S. in 2017 – 44.7% more than in the previous year. Most were malicious hacks, though accidental exposure of sensitive data happens too. Regardless, the consequences were the same: personal information out on the Internet for the taking. 53% of breaches exposed social security numbers and 19% exposed credit card numbers.

It’s what a person could do with that personal information that’s really frightening. Nearly 158 million Americans had their social security numbers exposed in 2017 alone. Armed with an SSN, a criminal can open financial accounts, get medical care, take your tax refund, and steal your benefits, among other crimes.

2. IoT adds convenience – and danger.

Companies are rushing to build connected devices as part of the Internet of Things. Fridges. TVs. Doorbells. Baby monitors. Thermostats.

It is nice indeed to be able to call out from the couch “Alexa, turn up the heat!” or check up on the babysitter without disrupting date night. Yet many IoT device manufacturers are putting vastly more thought into developing those conveniences than in securing them. The world witnessed the consequences of that in October 2016 when a massive denial of service attack essentially shut down the Internet for much of the eastern U.S. The hackers had created a botnet that eventually infected 600,000 IoT devices.

Not that big a deal, you say? How about the time a hacker proved he could take control of the steering wheel of a connected car – and crash it? IoT security matters, but as NPR put it recently, “Ultimately it’s up to us to decide whether to buy the most convenient new gadget or the most secure. We may not be able to have both.”

3. Security in cyberspace has consequences in the real world.

In 2007, a red team at the Idaho National Lab proved that a cyber attack could cause the failure of physical components of the power grid. (In this case, the attack caused a diesel generator to explode.) That was a test; in real life, Russian hackers have already cause power blackouts that have affected an entire city. And while those attacks didn’t permanently disable the power grid, they could have.

Experts say Ukraine is not Russia’s end game, just its test lab – for an attack on the West. It’s why programs like the associate’s degree in IT and Power Systems Security from Estrella Mountain Community College are so important. (EMCC, right here in Maricopa County, has been designated a National Center of Academic Excellence in Cyber Defense Two-Year Education by the National Security Agency and the Department of Homeland Security.)

4. A small group of hackers can do a huge amount of damage.

Cyber criminals have an unfair advantage. While it takes a team of cybersecurity experts to protect an organization, it takes only a small group of committed criminals to attack a whole bunch of organizations. That’s partly due to the fact that cyber protection is siloed. While government organizations certainly work hard to enable cybersecurity, it’s primarily up to individual companies to protect themselves. And they’re not always good at sharing things like threat intelligence with other companies.

5. Technology alone can’t solve these problems.

Yes, software and hardware solutions are important protection mechanisms. But we need people to develop them. And people to monitor them. And people to react when a breach does occur.

The problem with the cyber war – and yes, we are at war – is that the enemy is always a step ahead. Winning will take a combination of defense and offense – and that will require a much bigger army than we have today.

I am not a cybersecurity expert (I don’t even play one on TV), but I have spent lots and lots of time talking to, and writing for, people who are experts. Overwhelmingly, their key message is this: Be afraid. Be very afraid. That doesn’t mean go cower in a corner. It does mean take the issue seriously, and put all the effort we can muster to motivate enough people to pursue careers in cybersecurity so that we’re not always two steps behind.

What you can do:

  • If you employ cybersecurity talent, you can be part of the solution. Helping fill the cybersecurity talent pool can be as simple as speaking at your local high school’s career night or as involved as offering apprenticeships – and lots in between. Explore the continuum of work-like experiences.
  • If you haven’t yet started your career, or are thinking about changing careers, consider cybersecurity. If helping save the world isn’t motivation enough, consider this: the average salary for an entry-level cybersecurity specialist is $81,000.
  • If you’re an educator, you can be part of the solution, too. You can work together with employers to better align your curriculum with their needs. You can also help students build much-needed work experience by infusing work-like experiences into the curriculum. Explore what you can do as an educator.
  • If you’re none of the above (like me), there’s still a lot you can do. Talk to people about the ways the cybersecurity talent gap makes our world more dangerous – because awareness is the first step to change. Point the young people in your life to where they can learn about careers in cybersecurity.

Whoever you are, the cybersecurity talent gap affects your life. So be afraid. And take action.

Molly Castelazo is the founder of Castelazo Content, a Phoenix-based technology marketing firm. Passionate about helping bridge Arizona’s tech talent gap, Molly serves as co-chair of the Arizona Technology Council’s Workforce Development & Education Committee. She also volunteers her time and talent to the AZ Cybersecurity Collaborative – including as creator of this website.