Our increasingly connected and digital world is vulnerable to attack and needs more skilled professionals who know how to defend it. As connected devices proliferate, particularly smart devices creating what has been called the “Internet of Things,” the problem is getting worse. In 2016, there were 6.4 billion connected devices in use in homes and businesses across the country. By 2020, that number is expected to more than triple.
Each of these connections – whether from a laptop, a smartwatch, a television or even an insulin pump – offers a potential doorway into our homes and workplaces. It can allow hackers to disrupt our lives, steal our personal data and in some cases threaten our physical well-being. And these connected devices can be marshaled together to attack banks, government agencies and even core internet service companies.
There aren’t enough people with the skills and experience to protect us. An analysis of federal data found that more than 209,000 cybersecurity jobs in the U.S. went unfilled in 2015. Major cybersecurity companies like Cisco and Symantec have projected that global demand for cyber professionals could grow to 6 million by 2019 – with as many as 1.5 million of those positions going unfilled for lack of qualified candidates.
Federal and state governments, academic institutions and private companies are all scrambling to address this urgent need, spending millions of dollars on various efforts. But the most effective solutions to the labor shortage will not be found individually. Rather, we must collaborate and partner widely, as in the effort I lead at the Florida Center for Cybersecurity (FC2). The lessons we have learned could serve as models for other states and communities to join forces and help defend the digital tools that increasingly aid our lives.
Public and private sectors collaborate
Founded in 2014 by the state government to bring the state universities and businesses together, FC2 is housed at the University of South Florida, a geographically centralized location in the state. But the effort involves all 12 members of the state’s public university system.
Academic institutions are key elements in supplying cybersecurity workers because employers want to hire educated and experienced staff. As many as 84 percent of cybersecurity job postings require a bachelor’s degree, and 83 percent need at least three years of experience.
In addition, the work crosses many disciplines and involves a wide range of skill sets, both technical and nontechnical. Universities are well-suited to provide expert-level training on diverse topics, like data analytics, risk management, psychology, legal and public policy.
And the skills are ever-changing. For example, 18 months ago, ransomware was virtually nonexistent; today it is considered one of the biggest threats, targeting hospitals, public transit systems and individuals alike. Universities are constantly retooling classes to ensure they are relevant and responsive to real-world developments, making them well placed to respond to changing threats and industry demands.
In one course, industry feedback about student performance suggested the professor should add more hands-on training about exploiting web vulnerabilities. As a result, faculty members added an exercise covering that topic and allowing students to practice web-defense skills.
In the nearly two years since launching, FC2 has helped to add more than 20 degree programs and graduate certificates in the various universities in the state university system. We also developed specialized training programs for military veterans. All 20 members of that group’s first class graduated with job offers in hand.
Input from the private sector is vital, to ensure educational institutions stay current with industry trends and needs. Close relations between businesses and university cybersecurity programs not only allow efficient curricular updates; they also can give students opportunities for real-time experience and training, which are critical factors in hiring decisions.
Expanding our reach
Our center is also working to develop other ways to build interest, for the longer-term needs of the industry. Last summer, we held two sessions of a week-long program that taught cybersecurity to 40 high school students and some of their teachers. We also ran a week-long class in which computer-savvy high school students learned how to defend systems against cyberattacks.
While we don’t know where and when the next cyber threats will arise, we can be sure that our society’s use of and demand for digital connections will only grow. As a result, we’ll also see the demand for cybersecurity professionals rise – and the opportunities for new ways of thinking, learning and collaborating.