Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released today.
Driving this widening shortage is not only the often discussed lack of qualified workers but also a greater need to bring in more warm bodies to tackle the rapidly evolving ways that cybercriminals and attackers are launching their nefarious activities, according to the report. It’s getting easier for low-tech criminals to get into hacking, thanks to malware-as-a-service operations and crimeware kits.
Analyst Comment: Cybersecurity will continue to plague the US and this greatly increases the risk of systems disruption for average Americans.
Source: Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
Sure, they keep whining about this shortage and have for the past few years, but good luck finding a job in the field if you’re over 40 nowadays, no matter how much IT experience and training you’ve had across multiple platforms. Ask me how I know. On second thought, don’t.
So they’ll do like they’ve always done; hire H1B people from the usual countries and pay them a third of what they’ll pay nasty American citizens, or they’ll just punt and take their chances; I’ve seen both more times than I care to account.
And during my last year at a really big IT corporation, the security audit team they brought in to audit US were all ESL speakers. I almost fell off my crummy prolecube chair.
So we can expect more disruptions, hacks, cracks, etc., and my guess is that sooner or later parts of the Grid will get hit and hit hard. It’s almost like they WANT this to happen, but that couldn’t be right, could it?
No, they don’t want to pay for cybersecurity.
They want a bunch of $20/hr H1-Bs to do the work.
They also assume it can be “bolted on”, or that one fireman can go around and firewall or fix things while there are dozens of arsonists.
I do both security and embedded (they are related). I can get paid for embedded.
1.8 billion? No, they’ll just release insecure devices or use PR to mitigate break-ins.
As Bruce Schnier observes, it is market failure, no Vendor of an IoT device like a light bulb or a camera will be held accountable for a breach and DDoS attack, and Consumers just want the cheapest and won’t be held accountable either though their ISP might tell them to unplug if it gets too noisome.