On a recent visit to an unnamed government intelligence organization, Ed Rios spotted cybersecurity specialists using virtual reality to suss out the bad guys. Another was monitoring 50 simultaneous chats.
That led Rios, the new CEO of the National Cybersecurity Center in Colorado Springs, to ask, “What jobs do you need the most?”
“I was thinking it would be technology or software or something with algorithms,” Rios said. “His response was: ‘I need anthropologists and sociologists. I need people to know how to think about cultures, about change and about the way we look at cyber and why cyberhactivists do what they do.'”
The shortage of tech workers is apparently at its most scarce in the cybersecurity world. Rios, speaking at the Colorado Technology Association’s Tech Summit on Wednesday, said that in Colorado alone, there are 10,000 job openings in cybersecurity. We need to think differently about how to fill those jobs, he said.
“We need to extend beyond our traditional academic methods of teaching cyber,” he said. “We still need cyberengineers, hardware engineers and computer scientists. I’m not saying to stop that. But at the same time, we need to bring in relevant skill sets to match the pace of technology and the changes going on. That way, when a person graduates, they have immediate value.”
Of course, Colorado isn’t alone. With the rise in cybercrimes in all industries from retail to healthcare, cybersecurity companies are ramping up to sell their services. A report by Cybersecurity Ventures projects that $1 trillion will be spent globally on cybersecurity in the next three years. That will lead to a workforce shortage of 1.5 million by 2019, compared with the 1 million job openings at the beginning of 2016. The report also cited a Stanford University Peninsula Press study that said the current shortage is at 209,000 unfilled cybersecurity jobs in the U.S.
Rios joined a panel called “Cybersecurity: How Colorado Is Leading the Way.” It wasn’t a debate. All the panelists agreed on the worker shortage.
“We need to catch them earlier,” said Deborah Blyth, chief information security officer for the Governor’s Office of Information Technology. “If we’re trying to educate students about cybersecurity in college, that’s too late.”
Smaller firms, including Secure Cloud Systems in Colorado Springs, must compete with larger companies for the same workers. That’s getting David Schoenberger, its chief innovation officer, to consider alternatives, such as hiring people without a degree in cybersecurity or computer science.
“At smaller companies like mine, maybe we have to take a risk and start bringing in some kids who maybe don’t have a traditional degree and start training them on-site,” said Schoenberger, whose Colorado Springs company makes internet-of-things security tokens. “Does that qualify for a degree? It probably should because we’re giving them more relevant experience than the coursework in their books.”
After the panel, Rios said the shortage isn’t just about training. In Colorado, there are six military bases. To work with them, companies need security clearance for their employees.
“If an individual doesn’t have security clearance, he can’t bid on a government contract. And if a person bids on a contract, he or she has to wait until that clearance happens. Sometimes that takes months or a year. It depends on the backlog,” he said. “We have to find a way to solve problems like that. It’s not just the IT space, but the whole package of what it takes to get that job.”
Last spring, Colorado took a big step at emphasizing the importance of cybersecurity after the state approved $8 million to renovate the former TRW manufacturing plant in Colorado Springs and turn it into National Cybersecurity Center. Rios, a retired U.S. Air Force colonel who last week was named CEO of the center, said the facility opens partially in early November. But it’s still being renovated, and it needs to raise $17 million to complete the future research and education center.
But the importance of such a center is to tackle big issues. Without proper cybersecurity, the threat could extend to the global economy, Rios said.
“If there was a cyberattack on a major port in California, that would halt shipments at this time of year to all the retail organizations and Amazon as they are trying to prepare for the Christmas holidays,” he said. “All of a sudden, we have a second and third order of economic issues we need to contend with. And that’s not only in that retail organization or the U.S. It becomes a global problem.”
