facebook icon   twitter icon   linkedin-blue           


For Job Security, Try Cybersecurity, Experts Say

Alec Ross, senior advisor for innovation at the State Department, has a piece of advice for students tasked with the nerve-rattling dilemma of choosing a college major.

“If any college student asked me what career would most assure thirty years of steady, well-paying employment,” said Ross, “I would respond, ‘cybersecurity.’”

That’s because cybersecurity is a field where the rules of the recession seem flipped: There’s plenty of jobs, but relatively few qualified applicants.

The government needs to hire at least 10,000 experts in the near future and the private sector needs four times that number, according to Tom Kellermann, vice president at Trend Micro and former member of President Obama’s cybersecurity commission. Booz Allen Hamilton, a private security firm in Mclean, has hired nearly 3,000 cybersecurity experts in the past two years, and that trend is expected to continue.

Cyberattacks generally come in two varieties: state-sponsored intellectual capital theft and strikes against critical digital infrastructure, such as power grids or banking systems.

Both kinds are being carried out thousands of times a day. No one knows the precise cost; some experts put the dollar figure in the billions and others say it could reach hundreds of billions or more. Defense Secretary Leon Panetta has said that the threat of cyberattacks against infrastructure targets keeps him up at night, and former National Security Agency director Mike McConnell recently warned that the U.S. government isn’t equipped to detect and deflect a catastrophic attack.

“We’re going to have a catastrophic event [in cybersecurity]. Some of these tools already being built are going to leak or be sold or be given to a group that wants to change the world order and we’re incredibly vulnerable at the infrastructure level,” said Mike Mullen, former Chairman of the Joint Chiefs of Staff.

How can the government become better prepared? It needs more “white hats” – the good guys of the Internet, experts say. But not enough digital experts are entering the cybersecurity field to meet the ever-growing demand.

“It’s tough going out there,” said Edwin Kanerva, vice president at Booz Allen Hamilton. “Every company in [the area] is looking for the same thing. There’s just not enough of them. The gene pool is small.”

Recruiters for the company visit colleges across the country, but that may not be enough: According to a 2009 study from the Georgetown University Center on Education and the Workforce, college graduates earning degrees in computers and mathematics represented just shy of six percent of all graduates. Of those, only 36,500 of them, or two percent, earned a degree directly related to cybersecurity.


Click here to read the full article.

Cybersecurity business, jobs expected to grow through 2016

Regional industry analysts see strong potential for city, state

October 21, 2012|By Gus G. Sentementes, The Baltimore Sun


Cybersecurity industry analysts expect the market to grow more than 50 percent in the next four years even as other types of defense spending are expected to flatten or decline, creating new opportunities for workers and businesses in Maryland.

The analysts presented their findings last week at the CyberMaryland conference in Baltimore.


Information security professionals have to wade through an overwhelming amount of digital data every day to monitor for cyber threats — an increasingly cumbersome workload that will create new opportunities for federal contractors and workers, said John Slye, a federal industry research analyst with GovWin, a market intelligence and software company.


"It's no longer like drinking from a firehose," said Slye. "It's like drinking from the ocean."


CyberMaryland Chairman Rick Geritz told conference attendees that government agencies and businesses will be hiring plenty of graduates of Maryland schools in the coming years.

"We need every parent to know there is a great opportunity in front of them," Geritz said.


Gov. Martin O'Malley and other Maryland leaders tout the state's prominence in the national cybersecurity industry, thanks in part to the presence of the National Security Agency at Fort Meade.

The Army base in Anne Arundel County is also home to the U.S. Cyber Command, which coordinates the defense of the country's military networks.


The Maryland Department of Business and Economic Development has worked to promote the state's friendliness to cybersecurity companies. O'Malley created CyberMaryland, a public-private partnership, to promote the state's assets and access to the cybersecurity market.


Click here to read the full article.

Computer Security (Cybersecurity)

Just as the invention of the atomic bomb changed warfare and led to a race to develop new weapons and new deterrents, a new international race has begun to develop over cyberweapons and systems to protect against them.

American intelligence officials have said that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning in mid-October 2012 from Defense Secretary Leon E. Panetta that the United States was at risk of a “cyber-Pearl Harbor.”

American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace.

Among American officials, suspicion has focused on the “cybercorps” that Iran’s military created in 2011 — partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz — though there is no hard evidence that the attacks were sanctioned by the Iranian government.

The attacks emanating from Iran have inflicted only modest damage. Iran’s cyberwarfare capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies.


Click here to read the full article.

Join DHS Cybersecurity

Current Job Opportunities

Cyber theft rings, hackers, and data breaches are just a few of the real-time internet threats that, if left unchecked, could derail our way of life and compromise national security. These threats change in number and sophistication daily. That is why the Department of Homeland Security (DHS) is recruiting dynamic and cutting edge professionals to protect the nation's cyberspace.


We need candidates skilled in:

  • Cyber Incident Response
  • Cyber Risk and Strategic Analysis
  • Vulnerability Detection and Assessment
  • Intelligence and Investigation
  • Networks and Systems Engineering
  • Digital Forensics

Click here to read the full article.

Hiring to Stop Hackers: Cyber Security Jobs Grow 19%

Employers posted more than 4,500 online cyber security job ads in September, growing 19% year-over-year, according to WANTED Analytics™.

New York, NY (PRWEB) October 10, 2012

In September, more than 4,500 jobs were advertised online for cyber security professionals in the United States, according to WANTED Analytics™ (http://www.wantedanalytics.com), the leading source of real-time business intelligence for the talent marketplace. With security threats and breaches becoming a greater concern for private and public sector companies, employersare trying to store and transfer information safely by hiring talent that will be dedicated to this effort. The number of job ads has steadily increased, and despite declining slightly since an all-time high in July, demand in September was up 19% compared to September 2011.

The most commonly advertised job titles that require cyber security experience include:

1. Cyber Security Analyst

2. Cyber Security Engineer

3. Software Engineer

4. Systems Engineer

5. Senior Cyber Security Analyst

6. Information Technology Security Specialist

7. Program Manager

8. Information Security Analyst

9. Information Assurance Engineer

10. Systems Administrator

Cyber security professionals are in-demand across the United States. The metropolitan areas with the highest volume of listings in September were Washington (DC), Baltimore, New York, Atlanta, and San Francisco. The Washington, DC metro area saw the most available positions; however, Atlanta experienced the greatest growth in demand over the past year of these five areas. Here, the number of job ads that were available during September was up more than 200% compared to the same time period last year.


Click here to read the full article.

You are previewing premium content. Become an Insider to read the full article.

Cybersecurity jobs are plentiful, from government, financial services and utilities to manufacturing and retail. But what skills do IT professionals need to qualify for these high-paying jobs?

RELATED: IT certifications lead to jobs, higher pay

We asked the experts and came up with this list of five tips for landing a top-notch cybersecurity job:

1. Get certified.

Security-related certifications are a prerequisite for most commercial cybersecurity jobs and all defense-related IT security jobs. These credentials range from basic CompTIA Security+ to the gold standard ISC2 Certified Information Systems Security Professional (CISSP).

Other popular security certifications include those from GIAC, ECCouncil and ISACA. Vendor-specific certifications from Cisco, RSA, Symantec and others are also in demand.

"There are a lot of security certifications that are very well accepted and are extremely beneficial to the individual," says Jacob Braun, president and COO of Waka Digital Media, a Boston-based IT security consultancy. "They demonstrate a body of knowledge and experience...Some of those certifications are more than written exams. They have some practical components, which are an additional hurdle to achieve."

"I like to see the CISSP," says Dave Frymier, Unisys CISO. "Somebody who has the CISSP has passed a pretty comprehensive test and is likely to share terminology with you so you can make sure you are both talking about the same things."

Verizon, which compiles an authoritative annual report on security breaches, recommends having IT security staff pass a course such as GIAC Incident Handler so they know how to properly respond to a breach.

"A lot of organizations lack personnel on hand who know what to do in the event of a data breach," says Bryan Sartin, director of Verizon's Research Investigation Solution Knowledge (RISK) team. "They need to know how to freeze the environment, how to move toward incident containment, and how to maintain crime scene integrity."

2. Join the military or the feds.

Most companies prefer to hire cybersecurity experts with experience in the U.S. military or law enforcement agencies.

"It's not a requirement, but it helps," Braun says. "Often times, you'll find an individual who is coming from the military or a federal government agency who has received a variety of cybersecurity training that is not yet attainable in the commercial realm."

"Military experience is good to see," Frymier says. "In fact, the security director that we hired last year is ex-military intelligence. The ability to use these [security information and event management] systems and track down persistent threats are skills more closely aligned with the intelligence community than with the IT community."

Verizon has members of its security breach investigation team with military intelligence and law enforcement experience. "The law enforcement are great at interviews...If it's an inside job, they can usually spot the guilty party," Sartin says. "The military people are more process oriented."


Click here to read the the full article.

Hottest IT skill? Cybersecurity

Embattled by hactivists, cybercriminals and foreign rivals seeking to steal proprietary information, U.S. corporations are ramping up their hiring of cybersecurity experts, with open jobs reaching an all-time high in April.

The need for cybersecurity experts spans all industries, from financial services, manufacturing and utilities to healthcare and retail. Among the major U.S. companies trying to fill cybersecurity-related positions are Boeing, Baylor Health Care System, Verisign and Office Depot.

BACKGROUND: Biggest threat to corporate nets in 2011? Hactivists, not cybercriminals 

Cybersecurity jobs also are plentiful in the U.S. federal government market. For example, the Energy Department's Idaho National Lab is seeking a senior cybersecurity researcher to support its lead nuclear research and development facility.

The number of cybersecurity-related job openings listed on the Dice.com Web site for IT professionals rose significantly in April 2012 compared to a year ago. The biggest increase was for cybersecurity specialists, which rose 74% with 920 open job listings. U.S. companies also are hiring thousands of network security, information security and application security experts. 

"Every year, threats go up, so every year companies increase investment in security,'' says Tom Silver, senior vice president of North America for Dice. "On Dice, information security jobs reached an all-time high last month ... Companies want security professionals to counter breaches and also anticipate gaps, suggesting measures to fill them. Protection is key.''

Several trends are driving the demand for cybersecurity experts. Companies have increasingly complex networks, more transactions to process, and more data than ever. They're using cloud applications such as Salesforce and Taleo, which extends their need for information security outside the perimeter of their networks. Additionally, they're dealing with a flood of user-owned mobile devices such as smartphones and tablets.

The cybersecurity skills needed three years ago compared to now "is a whole different ballgame," says Sudhir Verma, vice president of consulting services and project management at Force 3, a Crofton, Md., government contractor that is hiring several senior engineers, solutions architects and analysts for its security team.


Click here to read the full article.

DOD Announces the Expansion of Defense Industrial Base (DIB) Voluntary Cybersecurity Information Sharing Activities

The Department of Defense in partnership with the Department of Homeland Security announced today important developments in defense industrial base cyber security activities.  After a year-long Defense Industrial Base (DIB) cyber security pilot, the DoD’s Voluntary DIB Cyber Security/ Information Assurance (CS/IA) Program is now available to all eligible DIB companies.  In addition, DIB Enhanced Cyber security Services (DECS) will become part of the expanded program.

                 These activities enhance and supplement existing cyber security capabilities to help safeguard sensitive DoD information that is maintained on DIB company unclassified information systems.

                 “The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said Ashton Carter, deputy secretary of defense.  “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks.  This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems.”

                 The United States continues to face a significant risk that critical defense information residing on DIB networks and systems can be compromised by malicious cyber actors resulting in potential economic losses or damage to United States national security.  The Department of Defense is actively engaged in multiple efforts to foster mutually beneficial partnerships with the DIB to protect Department of Defense information residing on or passing though DIB systems. 

                 “I am pleased by the deep collaboration between DoD, DHS and DIB partners.  The success of this program encourages us to explore additional ways to enhance the protection of defense industry networks and DoD information,” said Carter.  “Shared information between DoD, DHS and the defense industrial base can help us defend against the ever-growing threat of cyber attacks.” 

                 These expanded partnering opportunities will advance and support the administration’s efforts to improve the cyber security posture of both public and private critical infrastructure.

                 For more information on these DIB cyber security activities:

Click here to read the full article.