Cyber security is a problem that we all need to be concerned about. After all, it's something that has the potential to impact each and every one of us. From individuals and small businesses to massive enterprises and government agencies, there's no entity that falls outside of the scope of cyber criminals. What this creates is a computing environment that's filled with malicious threats for all users – if they aren't suitably defended.
With the proliferation of virtual threats out there, the need is falling on potential targets to strengthen their guard when it comes to firming up network security infrastructure. Unfortunately, this is something that's overlooked far too often. At every level, from the individual to the biggest corporation out there, there's not enough being done to defend against cyber attacks. And yet the consequences of being attacked couldn't be clearer: As one industry website pointed out, six out of 10 businesses suffering data loss will cease to be operational within half a year.
After all, nobody wants to do business with an organization that's suffered an attack. Yet many companies and other entities out there find it hard to defend themselves due to a perceived talent shortage in cyber security skills. You'd be hard-pressed to find a more in-demand job right now than a cyber security specialist. From the small startup that just launched its app to the major corporation raking in billions a year, every organization needs cyber expertise. However, such roles call for a relatively new training program, and as a result there aren't the numbers to meet the need in terms of virtual security specialists. But that is beginning to change as young people are being educated in cyber security.
A burgeoning defensive force
Hackers don't exist in a state of stasis. They're always evolving – and as they evolve, so too do the threats they propagate. With each malicious network intrusion, cyber criminals gain power and actionable findings. They learn how to refine their criminal craft, and they equip themselves with the tools they need to bring down even more high-value targets. Unfortunately, this kind of rapid growth within the virtual crime sector hasn't been matched by a commensurate push to evolve cyber defense. But fortunately, developments are taking place.
At the start of 2015, Vice President Joe Biden announced a $25 million grant rolled out by the U.S. Department of Energy to support educational efforts in cyber security. The announcement of the grant was a pivotal moment for the virtual crime fighting sector: Not only did it acknowledge the government's commitment to fighting cyber crime, it also showed that it's ready to significantly invest in the future of computer protection.
That future is embodied by the young people who will be taking up the cyber cause. In addition to being important and highly in-demand work, cyber security jobs pay extremely well. As CIO reported, the average cyber security professional can expect to take home $116,000 a year. As statistics from the Bureau of Labor illustrate, that's about three times the average salaried income. But as Jim Duffey, secretary of technology at the office of the governor of Virginia, pointed out to CIO, the inducement to work in cyber security goes beyond the paycheck.
"For top talent, cybersecurity isn't about just a job and a paycheck," he said. "It is about the hottest technology, deployed by honorable organizations, for a purpose that is inherently important."
Given the lucrative nature of this work, it should come as no surprise that cyber security-based programs are cropping up at educational institutions all over the world. What may be somewhat surprising, though, is how early such educational efforts are beginning. From middle school through graduate programs, the goal with cyber job growth seems to be to get them while they're young and train them into the best experts they can be.
Cyber education begins in middle school
A few years from now, it may be commonplace for 11 and 12-year-olds to learn about cyber security right alongside the periodic table of the elements. But right now, the notion of equipping people at this age with cyber knowledge is still a relatively novel one. Nevertheless, it's an idea that's quickly gaining traction.
Recently, seventh-grader Cynthia Solorio found herself taking some classes where the curriculum was decidedly different from reading and arithmetic. Instead, Solorio was learning about encryption techniques and how you can hide data. These skills were part of an after-school program launched at San Jose State where middle school girls can learn the basics of cyber security. The reason it's a girls-only program is because, as Virginia Lehmkuhl-Dakhwe – organizer of the recent CyberGirlz Silicon Valley summit – pointed out, women only constitute 10 percent of the cyber security workforce. Programs like CyberGirlz exist to make that a more even balance.
"The field of cyber security is expected to grow tenfold over the next 10 years," Lehmkuhl-Dakhwe told Mercury News. "I want that workforce to reflect the diversity of this area, which means 50 percent men and 50 percent women."
For all workers who enter the cyber security field, having a strong set of virtual security skills will be absolutely imperative. After all, the battle against cyber crime will call for a workforce that's able to anticipate moves hackers make before they make them. This kind of thing isn't happening too often these days, since malicious actors enjoy the upper hand. But if Solorio and other cyber security-focused young people reach their potential, hackers may not be able to enjoy their advantage for too much longer.
CyberGirlz is hardly the only computer security educational program focused on building up a huge cyber defensive force. At Iowa State University, the school recently worked to conceive a specially-designated cyber security curriculum that can be put into place at middle and high schools. The curriculum will take the form of a workshop and video-based class, in which participants work to understand malware, unsecured wireless networks and other issues that contribute to the problem of cyber crime.
Where cyber literacy can take you
There are some things we're taught in middle school that we're bound to leave behind. Cursive is a prime example – how many of us use it now? But the educators and strategists who are building cyber education programs hope these efforts instill young people with values and interests that will stick with them and hopefully lead them into a cyber-based career.
To that end, more specialized college and graduate programs devoted to cyber careers are materializing at educational institutions around the country. At St. John's University, for instance, students can elect to enroll in the school's Cyber Security Systems program for their Bachelor of Science. A BS in Cyber Security from St. John's isn't a side program that students can choose in addition to, say, their Political Science Major. Instead, it's a fully immersive, 126-credit program that "prepares students for career opportunities in the cyber security field, including positions as cryptanalysts, cyber law enforcement specialists, security administrators, computer crime investigators and computer forensic specialists." Among the course names for students in the program are "Fundamentals of Cyber Security," "Routers and Router Concepts" and "Cyberlaw and Ethics."
As this last course title suggests, the role of the cyber security professional won't only be a technical one – it will also call for legal and ethical training. According to The National Cybersecurity Institute, a big part of maintaining strong cyber security centers around keeping certain ethical considerations in mind. After all, the nature of computing makes it easy to find yourself with access to someone else's computer account – or even be in a situation where you can make off with someone's work or files. Resisting this kind of behavior is absolutely necessary.
Therefore, in addition to their tech-focused duties, cyber pros will likely play some role in educating the public-at-large on basic computing ethics. A cyber security analyst hired at Company A, for instance, may very well find him or herself not only working to solidify the business' security infrastructure, but also hosting semi-regular meetings on cyber best ethical practices, such as not opening up a colleague's email account. These are the types of behaviors that make cyber problems much worse than they need to be, and they should be stopped.
A future filled with experts
One of the biggest reasons so many companies are hit by cyber attacks these days is because they're simply not prepared to handle any kind of intrusion. The growth of cyber professionals offers businesses the chance at preparation that they so desperately need.
In the coming years, more and more students will graduate from cyber security programs and enter the workforce as newly-minted cyber fighters. When they do, they'll help to fill a much-needed gap between hacker efforts and business defenses. But because these individuals will be in such high demand, it will become important for businesses to offer them appealing employment deals.
As Lee Vorthman, an industry CTO, pointed out, "These people aren't jumping from job to job looking for salary bumps and signing bonuses. Many of them want to work for federal agencies and most of them tend to stick with employers for the long term. For companies, that means they better get them early or risk not getting them at all."
With the push toward rolling out more qualified cyber defenders, it's nice to imagine a future where there's a lot more expertise as far as virtual threat defense is concerned. But just because all these educational programs exist doesn't mean hackers will be deterred from their criminal work. As much as middle schoolers are learning about computing security, hackers are learning all the time as well. What this means is that when students like Cynthia Solorio enter the cyber workforce, they'll have their work cut out for them.