An increase in high-profile cyber security breaches is driving new and emerging opportunities in the IT job market. This article presents a look at noteworthy attacks and the in-demand skills and cyber security job roles employers must fill to combat future threats.
Despite recent advancements in cyber security infrastructure and technologies, the frequency and severity of high-profile attacks is on the rise. A January 2013 attack on the U.S. Energy Department is the latest in a string of malicious technological assaults targeting The New York Times, The Washington Post, The Wall Street Journal and social media giant, Twitter. During the last several years, governments and corporations alike have seen critical digital defenses circumvented by sport-hackers, political dissidents and technologically-inclined malcontents. These attacks and thousands of others have reinforced the demand for a competent cadre of next-generation IT security specialists.
Over the next decade, the need to plug gaping cyber security holes will spawn thousands of new jobs in public and private sector organizations. The Pentagon alone plans to expand its cyber-security workforce to 4000 employees - nearly five times its existing 900 staffers - over the next several years to "bolster defensive and offensive computing capabilities." In the corporate America, 27% of businesses will hire full-time IT security professionals in 2013, according to Computerworld’s IT skills forecast. All told, the U.S. Bureau of Labor Statistics - conservatively - predicts over 65,000 new cyber security jobs will be created through 2020.
Here are some recent high-profile security breaches, plus the skills and job roles to combat future attacks:
Breaches of supposedly airtight firewalls and security nets that encase government websites are always noteworthy. Over the years, several U.S. government agency sites have been exposed to significant data breaches.
One of the more comprehensive of these breaches came in late January of 2013. Citing the need to exact revenge for the death of internet activist and Reddit founder Aaron Swartz, infamous hacking group “Anonymous” hijacked the U.S. Justice Department's Sentencing Commission website (USSC.gov). As part of the break-in, hackers replaced the site's usual content [of sentencing guidelines for federal crimes] with a video containing cold-war era nuclear imagery and a written threat to release sensitive DOJ data files.
Two days later - shortly after the DOJ regained control of the website - Anonymous hacked the site a second time, this time turning the site into the video game "Asteroids." These consecutive attacks of the federal web portal are just a sample of dozens of recent breaches exposing critical security vulnerabilities in the government's computer systems. With a more robust team of in-house internet security experts these breaches may have been far less disruptive or prevented altogether.
Combating this type of high-profile, politically-motivated breach requires a particular set of skills. The Department of Homeland Security's cyber security task force has a wide range of job openings for qualified technicians. Skills that are perennially in demand at the DHS include cyber-security risk analysis, vulnerability assessment, digital forensics & investigation, network & systems engineering, and cyber incident response. These are the very same skills sought-after at large corporations that employ in-house cyber security teams.
The department also administers a number of internships and fellowships that aim to instill the specific skill sets that homeland cyber security positions require. DHS interns receive hands-on training in malicious code analysis, computer forensics, incident handling, software assurance, network intrusion detection and prevention. These skills are also useful for IT security specialists who wish to work in counter-terrorism.
In late 2012, the governor of South Carolina was forced to announce that taxpayer data files (including 3.6 million Social Security numbers as well as credit card & debit card data of close to 400,000 citizens) was stolen from Department of Revenue computers by an "international hacker." Although none of the public's funds were accessed and few of the Social Security numbers have resurfaced under suspicious circumstances, this attack put state leaders in an uncomfortable spot and uncovered myriad vulnerabilities in vital state-run data centers.
The security breach in South Carolina, and countless similar crimes, highlight the need for improvements in cyber security protocols. In fact, "preventive services" comprises a major pocket of growth within the cyber-security jobs market. As governments, corporations and nonprofits realize the need to hire IT security experts who can effectively analyze attacks to preemptively design appropriate safeguards, trained and certified preventative security specialists, such as Certified Ethical Hackers, will find themselves in high demand. There is also a significant increase in the hiring of IT executives who can write security policy, and manage cyber security teams and projects.
The computer forensics sub-field of cyber security is attracting a new generation of bright young people who love the thrill of the chase. Computer forensics education programs require prospective specialists to learn cutting-edge tracing techniques and become well-versed in malicious hacking methods. In essence, these courses require students to master the very same tools that cyber criminals use to steal data and create mischief. EC-Council, a leading certifying body in the information security domain, sums up this philosophy in the tagline for its popular CEH credential: “To be a hacker, you need to think like one.” Despite its newness, enterprise IT departments and government security enclaves across the globe are actively hiring trained and certified computer forensics technicians.
Given the high stakes of the cyber security arms race, the speed with which technology renders yesterday’s protocols obsolete and a demand that far outstrips the available talent pool, the job market for IT security specialists will continue to grow at breakneck speeds through 2020 and beyond. Existing technicians looking for a career change, as well as aspiring technology professionals, will do well to consider this lucrative and exciting discipline. With a broad range of employment opportunities in an ever-expanding field, cyber security could just be the technology industry's most promising sub-sector.
Contributing Editor: Information technology and employment blogger, Stacy Rost, is passionate about cyber security tactics and physical security measures, such as the new optical turnstile.