Editor's note: This piece was written before the most recent huge cyber-security breach -- at Sony.
Within the information-technology sector, cyber-security is considered its own super sector. As information becomes increasingly digitized and a growing array of transactions can be completed in the cloud, individuals, governments and enterprises become increasingly more vulnerable.
This vulnerability is capitalized upon by hackers and other cybercriminals, as evidenced in the high-profile breaches at the U.S. Postal Service, Target/TJX, JP Morgan Chase, American Express, Home Depot, Neiman Marcus, the Internal Revenue Service —to name a few. Others not reported in the media range from insurance and retirement companies to higher education institutions and government agencies.
While computer users are much easier and more lucrative targets, the increasing ease of conducting transactions via mobile devices has also led to a proliferation of mobile-based attacks.
The (ITRC) reports nearly 5,000 breaches between 2005 and 2014, more than a quarter of which were caused by hacking, that is, unauthorized individuals penetrating a computer network generally with the intent of obtaining information or disrupting the network.
Breaches by Sector, 2005-14
|Total number of records breached||641,037,690|
Source: Taking a Strategic Approach to Closing the Cyber Gap
Data breaches are very costly for businesses. Citing the security firm Symantec, a recent article in The Economist estimated the annual global cost of cybercrimes to be $113 billion, with the number of victims standing at 378 million. Not surprisingly, the U.S. ranks first in the cost of data breaches around the world.
Locally, New England’s economic reliance on the financial services, high-technology, education and health-services sectors—and its significant array of businesses engaged in research and development involving intellectual property and personally identifiable information—make cyber-security a field that warrants a strategic and coordinated approach to close the middle-skills gap.
The available pool of qualified cyber-security professionals is insufficient to meet current workforce demand. With an expected reduction in the New England labor force by 2020, this talent shortage is a prime area for taking a supply-chain approach to resolving.
Closing the gap in cybersecurity should be conceptualized through a continuum that includes advancement from certificates, associate and bachelor’s degrees, and moving onto graduate school credentials. It should also engage employers in identifying the technical competencies, soft skills, as well as industry-specific knowledge and continuing education that potential cyber-security employees need to succeed in entry-level jobs and beyond.
Engagement of high school students—digital natives—while still in high school would also help provide early exposure and garner interest in the field.TripWire’s Cybersecurity LifeJourney Experience provides a good “test drive” of cybersecurity careers.
Quantifying the demand for cybersecurity talent
The U.S. Bureau of Labor Statistics estimates that cyber-related jobs will grow by 37 percent through 2020. According to a report released earlier this month by Burning Glass, a company that tracks job postings among other services, between 2007 and 2013, cyber-security jobs grew by 74 percent —a growth rate that is more than twice all information-technology jobs. According to the “Job Market Intelligence: Report on the Growth of Cyber Security Jobs,” demand for cyber-security talent by far outpaces supply. On average, it took 24 percent more time to fill cybersecurity-specific jobs compared with other IT positions and 36 percent more time compared with all other jobs.
With 7,107 openings in 2013, Massachusetts ranks ninth in terms of total cyber-security jobs. Between 2007 and 2013, Boston had an 87 percent job growth rate in cyber-security, based on data published in the report. The Greater Boston area ranks seventh in total number of job postings (6,336). Washington, D.C., and New York lead the country as the top two cities for jobs in cyber-security.
New England’s call to action
Earlier this month, Mass Insight and its Advanced Cyber Security Center announced the creation of the New England Cyber-Security Research Consortium. While few details have been released on the consortium, its focus will be on research and collaboration among higher education institutions with research capacity and industry.
Although research and the innovation economy are critical to the region, in this instance, filling the middle-skills gap in cyber-security is equally critical to the region’s economic vitality and continued competitiveness of the key sectors that underpin the New England economy. In the public higher-education sector, we see MassBay Community College, Middlesex Community College, and the University of Massachusetts taking the lead in developing academic programs that can train people for these jobs and begin to close the labor gap.
Cybersecurity jobs provide a ladder for workers going from entry-level security analysts to engineers, auditors, testers, administrators and architects. Filling this range of positions calls for collaboration among community colleges, four-year colleges and universities, industry and policymakers. These jobs have the potential to financially sustain digital natives, the short- and long-term unemployed looking to acquire the skills to help them rejoin the job market.
Cyber-security is a prime area for public- and private-sector collaborations with higher education because those jobs hold high value to businesses. For the workforce, they hold a high career lifetime value and provide ladders for advancement.
Yves Salomon-Fernandez is vice president for strategic planning, institutional effectiveness and grants development at MassBay Community College and executive officer of MassBay’s Framingham Campus. This originated at The New England Journal of Higher Education, a service of the New England Board of Higher Education.