The Cybersecurity Industry Is Hiring, But Young People Aren't Interested 289
Daniel_Stuckey writes "Cybersecurity, as an industry, is booming. According to the Bureau of Labor Statistics, jobs as network systems and information security professionals are expected to grow by 53 percent through 2018. Yet, young people today aren't interested in getting jobs in cybersecurity. By all accounts it's a growing and potentially secure, lucrative job. But according to a new survey by the defense tech company Raytheon, only 24 percent of millennials have any interest in cybersecurity as a career."
hire me (Score:5, Insightful)
I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.
The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.
Re:hire me (Score:5, Interesting)
I have to agree. I would have worked for Raytheon if they were interested in me as I have all the required study and would work initially for cheap, but they have basically said f*** o** to me in the past with no response. How am I supposed to now be interested in working for a company that only seems to want people with existing experience as well as skills? Sounds like they want to avoid training anybody and have poor HR people, do little advertising at universities, and cry like babies when they "can't find anybody."
Re: (Score:2, Funny)
If they are having labor shortages they need to hire more Chinese H1Bs.
Re: (Score:2, Interesting)
Yup, There is no labor shortage, They Just want to hire very cheap foriegn workers. Notice who is publishing the report, a company that wants to hire cheap labor.
Re:hire me (Score:5, Insightful)
Re: (Score:3)
Re:hire me (Score:5, Informative)
They don't want to spend the time and money on getting clearances.
First, the contracting companies that hire the people do not pay for the clearance. The fed pays a third party to do all the investigations. It is all about the time. It can take a year or more to get a clearance. The government will not put any one in for a clearance unless they are working on a contract that requires that the person has a clearance and most contract will not allow a person to work on the contract unless they already have a clearance. It is a catch-22.
Re: (Score:2)
But yes, neither I nor my contractor paid for it.
Re:hire me (Score:5, Informative)
No, that's not how it works now (recently).
Somebody pays for that clearance process and it boils down to the hiring company, granted they may reflect that in their rates and the difference between what they charge the customer and pay the employee (rolled up into their nebulous "overhead"). The process is typically a few months, rarely a year.
The way the catch-22 is resolved is you'll be hired as a short-term contractor (~6 mo) and given minor/lower level work while waiting for the clearance. If it doesn't come, the contract ends and you look for something else.
It is just less risk for them to hire somebody with one already - modern corporate America doesn't want the risk and prefers not to invest in their workforce unless they have to - such a person can start earlier.
Re:hire me (Score:5, Informative)
What the civilian world calls cyber security, the military calls information assurance (IA) and information warfare (IW).
My personal story:
I was in the army's IA ranks. I had an active TS/SCI clearance, had published policy papers within my...inner specialty, was a welcome addition to Defcon - I have an Ivy League education, at the time had an incredible network of IA/IW contacts, and left the army as a JMO (Junior Military Officer).
When I left the army (at 28) I was considered a hot commodity in the cybersecurity world. I interviewed with both Raytheon and SAIC, and turned down head-hunters from several other companies. Both companies made me an offer; SAIC for $55,000 a year, and Raytheon for $42,000 a year. Both offers were less than I was already making, and both companies explained that everyone starts at the bottom and works their way up. I declined both and took a position outside cybersecurity for $79,000/yr.
At the time, cybersecurity wasn't willing to pay a clean-cut, clean-record military officer already in the field with requisite training, clearances, background screening and aptitude as much as I already made in the military, and the military isn't where high dollar jobs are.
Re:hire me (Score:5, Insightful)
It's the same way at higher levels and higher clearances: I accepted a job some years back, as a task and team lead to hire and train up some newbie security types.
For that, they paid me $125K. (I've got nearly 30 years of experience). Then I found out, that some of the sub-contractors I was training were making 137K. Needless to say, after pointing that out to my management, they weren't interested in doing anything about it, in fact, they told me that **MY** cost was stretching them. I left a month or so later. . .
Re:hire me (Score:5, Insightful)
SSDD. Companies that complain the loudest about "not being able to find people" generally pay squat and/or are a miserable place to work. Oddly, the companies that pay decently and are decent places to work have much less of a problem finding qualified people. Glad you found a better job.
Re: (Score:3, Insightful)
Creating a "job" doesn't give a company the right to fill that position, especially on the crappy terms a lot of them offer. I'm in a job that I was one of two applicants for, and I'm getting out ASAP. I've been here almost six months and any small amount of confidence I had that I could turn this job into something worth doing is gone.
I'm underpaid in a toxic environment and meet resistance on everything I try to improve, fix, or address. They constantly complain about the low quantity and quality of ap
Re: (Score:3)
Wow that is a fucking insult and a half. $42k/y? The national average wage in the US is $43k, someone who can program (really program) is rare so add 50%, someone among those who can program who's good enough to hack? add another 50%. Someone who is trust worthy, somehow managed to learn to hack without being arrested/sued/put on some watch list that prevents them from obtaining security clearance, is willing to work for "the man", and has an ivy league education, add another 25-50%. $120,000-$145,000 i
Re: (Score:3)
An E-5 jumping to $60k salary is a nice step up, but was a step down from my officer salary. Both offers were in Washington D.C., where the cost of living is exorbitant.
I've been out of the industry too long to return, and I should have caveated my OP with the note that I was never a good programmer; I was a good project manager. I still am, just in a different industry.
I got one for a $300 job, in a couple of weeks (Score:3)
A contractor I did gigs for me got me a general security clearance before a job that paid (me) about $300.
As I recall, it was a one page form.
Re:hire me (Score:4, Informative)
With regard to avoiding training anybody, all American companies are like that. Training costs are an externality they unload onto their employees. It is not, however, difficult to recruit qualified people even under those circumstances. All you have to do is offer them 20% more than your competitor does, and candidates will line up outside your door.
Companies just whine instead are not serious about recruiting and/or want government support in the form of H1-Bs.
Re:hire me (Score:5, Interesting)
Re:hire me (Score:5, Insightful)
Re:hire me (Score:5, Insightful)
I don't know who the fuck made the conclusions but 24% is a friggin big portion.
that's like bigger than firemen, airline pilots or what have you. it's such a big pile of people that there's no frigging way for them all to have jobs in "cybersecurity".
would be rather pointless too if more than a quarter of a generation was needed for it. that would be quite telling of the fact that they wouldn't be actually doing any cybersecurity work but working as STASI.
Re: (Score:3)
Came here to say exactly this. There is just no way that 24% can be viewed as "low" in this context; it's frickin' huge!
Re: (Score:3)
I don't know who the fuck made the conclusions but 24% is a friggin big portion.
Oblig. Python:
Host (Michael Palin): Good evening. Tonight 'Spectrum' looks at one of the major problems in the world today - the whole vexed question of what is going on. Is there still time to confront it, let alone solve it, or is it too late? What are the figures, what are the facts, what do people mean when they talk about things? Alexander Hardacre of the Economic Affairs Bureau.
(Cut to equally intense pundit in front of a graph with three different coloured columns with percentages at the top. He talk
Re:hire me (Score:5, Insightful)
The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.
11 months ago I finished my Commercial Pilots License - I haven't been able to find any work at all since completing it. That was the last time I touched a plane.
The same problem exists. People are expected to splash $100k AUD on their license, then work for ~$25k a year. Not to mention get themselves to jobs on their own dime etc... I hear the same lines "There is a massive pilots shortage!!" - which is absolute bullshit. We just have to take other jobs to pay off the loans etc we took for our training.
It just about gutted my career - but this is the world we live in. Now I'm only casually employed - and making about the same amount as I would as a pilot - while working only a handful of hours.
Re: (Score:2)
Exactly, if they want to get people raise it to $36 an hour to START.
Re: (Score:2)
I'm not a millennial, but I am familiar with computer system security, and while I don't have a security clearance, I do have a clean record which makes it possible to get one. Perhaps raytheon et al are simply expecting too much for too little pay. They're not going to find BS degree'd, clean cut 20 somethings with no criminal record if they insist on offering $12/hr wages. That mythical 22 year old working 22 hours a day for 22k a year doesn't exist.
The employees are out there but they cannot work for chinese slave labor wages, nor do they want that lifestyle.
Did you bother to even glance at TFA?
The pay is actually pretty good. A Semper Secure survey found that workers in cybersecurity were pulling down an average of $116,000 a year. Given that job prospects are otherwise exceedingly grim for young folks, why aren’t they all packing lecture halls on Cisco Systems?
I work in IT security. It pays very very well and ,pun intended, is a very secure job if you're good at it.
Re: (Score:3)
The employees are out there but they cannot work for chinese slave labor wages
Doesn't matter. This whole "We can't find enough workers here in the U.S.!" schtick is just a ploy for them to go running to Congress and beg for more H1B visas (like pretty much every other tech company now). They don't give a shit how much American workers are willing to work for, because all they're interested in is importing cheap indentured servants from overseas, with the full blessings of our "representatives" in Congress of course.
Re: (Score:2)
hmm...i seemed to have missed where it says Raytheon (or any other security-interested contractor) is expecting to hire trained, degreed IT security consultants for "$12/hour".
oh...yeah...because it doesn't and they don't.
No, but they might be starting at $15-18/hour for a fresh out of college, no real world experience, no clearance (but clearance-eligible) sort of person. And, you agree to stay at that rate for 3-5 years to pay back the company for getting you a clearance. In addition, those first jobs are almost always insanely boring and tedious, where all you do is run canned scans and create reports.
I know somebody exactly like this (although not with Raytheon, but another large defense contractor), and he bolted just
I'm not surprised. (Score:5, Insightful)
I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.
Re:I'm not surprised. (Score:5, Insightful)
Re: I'm not surprised. (Score:5, Insightful)
It was where they took bright engineers, gave them tedious and excruciatingly boring tasks, burned them out, and replaced them. You'd think cyber security would be somewhat cool, but in reality, it was taking several multi-thousand line spreadsheet checklists, run some scripts, and manually put passes or fails for the things the scripts didn't cover. Do that all day every day for every type of server and every project, repeatedly, till all or almost all checks were passed. And then, do documentation.
I would say that where I worked, the youngest crowd were the only suckers willing to take that work. Everyone else knew better.
Re: (Score:2)
I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.
Long before that you could decide to take your chances elsewhere - same job, different employer?!
Re: (Score:2)
I certainly wouldn't take a job that would force me to flee to another country for asylum if my conscience makes me become a whistle blower.
I imagine you would if it was the only way to pay for your spouses' cancer treatments.
There are a lot of jobs we're rather not take. But sometimes we're forced to chose between the lesser of two evils. Being responsible for other people can be a heavy burden.
Re: (Score:3)
Re:I'm not surprised. (Score:4, Informative)
I am familiar with IA, I work with it almost all the time, but it isn't my primary function. I'm currently in the market for a job in the SE Pennsylvania region AND I have a clearance. I think you are spot on with what the tasks are.
In SE PA there are a lot of medical companies, and thus their IA concerns relate to keeping their trade secrets secret, and even more importantly, keeping medical records secret. Unfortunately for me, I'd love to work for some of these companies, but damned if it's easy to meet their requirements.
Engineering? Check
IT systems? Rusty on the hands on work, but I mainly work architecture level designs.
Experience with medical systems? Umm no, sorry that's pretty specialized.
It's kind of like the Cheap, Fast, Reliable and other 'tri-feature' You pick two options. I can give you two, but that experience in medical systems always gets me. Unfortunately for a lot of these companies, a lot of the IA experience they ask for comes from the Defense industry, but rarely do we work with medical stuff.
Re: (Score:2)
So then don't. There's a ton of useful and interesting work in cybersecurity where the risk of that is basically zero.
Does everyone have to work in cybersecurity?!?! (Score:5, Insightful)
I would've thought 24% of young people being interested is pretty good. Especially for a niche job like this.
millenials (Score:5, Insightful)
such a retarded word
Re: (Score:2)
Re:millenials (Score:5, Funny)
Referring to them as "young adults" would force people from older generations to engage with the fact that they've aged out of their role as the dominant cultural and economic force. It would tie with the enormous cottage industry in writing editorials about how my generation is going to ruin the planet, at any rate.
Re: (Score:3)
"Industry"? You mean people expect to get paid for that?
This is exactly the kind of spoiled, lazy thinking that has ruined the great culture that my generation left you! In MY day, we considered this sort of thing a civic duty, and we were thankful for the opportunity! You should all be doing this as part of being respectable citizens, not as a chore that you'll only do if someone pays you
Re: (Score:3)
Re: (Score:3)
You're thinking of "centenarian". A Cential would be someone born in the year 100. So, about 1,913 years old.
Way older than a Millenial!
Re: (Score:2)
s/Cential/Centenial
Re: (Score:2, Informative)
It's not even well defined. Here it means people who were born from 2000 to 2010, although of course it should be from 2001 to 2011. So those people would be between 3 and 13 now, a tad young to work in cybersecurity.
Re: (Score:2)
Re: (Score:3)
The term was coined for people who were going to "come of age" after 2000, so basically anyone born after the early '80s.
Re:millenials (Score:5, Insightful)
For those of us born in the early 80s, we get to pick and choose the best parts of generation X and the millenials. We are the generation that fell through the cracks as far as media labeling is concerned. It's great!
Media complains about Generation X, we get to poke fun on our 'cloud' access devices.
Media complains about Millenials, we quickly skip to Nirvana in the playlist and scoff at this new generation.
Re: (Score:3)
Re:millenials (Score:5, Insightful)
Systems that were written largely by members of Generation X and marketed by Baby Boomers. But no, keep thinking that everything is the fault of which ever generation is the youngest.
Good point. I always shake my head at articles about how poor the millenial generation turned out. Isn't it the responsibility of the previous generation to guide the new generation? It's not like you are born with a life instruction manual. If there are problem with the current generation, the blame falls squarely on the preceeding generations. This is the world the millenials were born into, and they grew up with the guidance from the existing generations.
Like raising a dog, if it's ill-tempered, look to the owner.
Re: (Score:2)
It's ok, cause any tenuous, stereotypical point you might have had was utterly undermined by the last word of your post.
Bulls**t: 24% is a _lot_! (Score:5, Insightful)
Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.
Terje
Re: (Score:2)
Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.
Try to get competent at it without breaking U.S. law. I believe the criminal trespass laws when into effect in 1984, and Dmitry Sklyarov was arrested under the DMCA when he went to DefCon after being granted a Visa for the purpose of attending the conference.
I'm going to guess that most of them also don't want to become good pickpockets, good safecrackers, or anything else that could land them in jail just for visiting the U.S..
Re: (Score:2)
"Try to get competent at it without breaking U.S. law. I believe the criminal trespass laws when into effect in 1984, and Dmitry Sklyarov was arrested under the DMCA when he went to DefCon after being granted a Visa for the purpose of attending the conference."
Not hard at all, you can EASILY set up a Cybersecurity lab in your basement with useless garbage class computers. Even Windows Server software and OS is free for you to use for 30 days, wipe the drive rand reinstall every 30.
If you cant figure out
Re: (Score:2)
Try to get competent at it without breaking U.S. law. I believe the criminal trespass laws when into effect in 1984, and Dmitry Sklyarov was arrested under the DMCA when he went to DefCon after being granted a Visa for the purpose of attending the conference.
That isn't hard at all, as another poster pointed out, setup a lab in your basement with previous generation networking gear. $20,000 routers of that generation can be had for less than $100 bucks. Learn how to setup virtual machines and emulate a few hosts on the network, or just stick one or two old physical machines on it. Then practice.
But real cybersecurity is learning about CM, audits, tests, and lots of seemingly mundane boring activities and the regulations/policies which govern industries. Si
Re: (Score:2)
The other 76% want to be Youtube channel millionaires.
Re: (Score:3)
Right I think that is sorta the problem. We have been spoon fed this idea that boomers are the most entitled generation ever and perhaps at the time they were but I think its the people that experienced childhood in the roaring 90s and their teen years in the early 2000's when it still looked like you could somehow get rich by taking a loss year over year with your online "business".
It may be that besides a few piercings and somewhat questionable taste in music, Gen X and at little past (Late 70's and very
Re:Bulls**t: 24% is a _lot_! (Score:4, Insightful)
Re: (Score:2)
Because Corps are Distusting! (Score:2)
Only large corps really spend money on security... But let's face it, why would a young and promising guy with a bright future ahead of him, work for a disgusting corporation that's full of bureaucracy, politics, and incompetent managers? What's in it for him other than the money which he can probably get elsewhere?
Small companies are not just more fun; your opinions are heard, things move much faster, there's less bureaucracy, and there's usually minimal to no politics. I would gladly shave a chunk of my s
Re:Because Corps are Distusting! (Score:5, Insightful)
A very surprisingly large number of corporations do NOT spend money on security.
Which is why the FBI surprised over 70 companies a couple years back when the FBI told them their systems had been hacked for the company's intellectual property. The companies in question had _no_ idea they'd been hit. Which is also why the NSA makes a point of touring US-based companies to present corporate execs (primarily in the IT end of things) un-classified reports on the latest security threats (if you don't already know, take a look at the NSA Information Assurance program). Which is why I was laid off because one such company was not going to listen to someone suggesting to them their computer security really sucked and were actually in the process of slashing intellectual property protection and computer security jobs. Again. For the eighth time in four years. So they could use the money "saved" on the salaries of people at my level who were also laid off to "buy" low level grunt "talent" in their China operations. That company's security still sux and remains far too easily hacked, and this is in a sixty year old high tech company that would've known better had they not be bought out by an aggressive "rollup" company to then be run by a bunch of greedy WallStreet-types who extract, literally, $100's of millions of dollars for themselves from the companies they've absorbed and stripped of assets.
So, no, many companies could give a rat's rear about security.
Only large corps really spend money on security...
Profit vs. Cost Center (Score:3)
That's because companies view network security as a cost center, rather than a profit center, so they want to spend as little on it as possible. Being a network security specialist is a "reactionary" job - you do everything you can to make the network safe (on the usually meager budget you've given to do so), and then wait for ... something ... to happen, after which you'll be implicityly if not outright blamerd for it. You can also look forward to carrying a pager, possibly 24/7. In order to do the job
Re: (Score:2)
Most companies their CSO is the virus software disk.
Re: (Score:3)
I've found that having a wife and kids to support made it difficult to forgo the better-paying jobs. YMMV, obviously.
Not just security (Score:5, Interesting)
It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.
Having worked in IT for far too many years, I know how it goes: when you hire new employees, you know they aren't going to be up to speed for at least 3 - 6 months. However, these companies are mostly new start-ups, so they think it is like hiring a contractor, and they want their new staff to be up to speed immediately. It's just not going to happen, but until they see sense and learn to plan for the long term, the situation will be that way; lots of jobs that go unfilled, and lots of well qualified people the can't find jobs. And it's not about money, really; these web companies could afford to think ahead and invest in people with good potential - and one could argue that they can't really afford NOT to do so.
On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration. In the old mainframe days you would call them System Programmers, and they would be your most sacred asset. But what the web companies really mean when they say "DevOps" is just a low ranking build engineer, who knows how to use Puppet, Chef or Jenkins and is doing the same, repetitive task over and over, provisioning into the cloud. And they all want somebody who has "at least 5 years experience with the cloud"; has "The Cloud" even existed that long?
Re: (Score:3)
It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.
That doesn't mean you need to fall for these sap stories. It's the companies' own fault if they have incompetant HR or terrible business practises that force people out after short stints. In a free market if it is critical to their business and they stuff it up they should go out of business and good riddens.
On top of that, they don't actually know what they are looking for. Take this new buzzword, "DevOps"; it comes from "development" and "operations", and it means somebody who sits in the middle, between a development department and system administration; ideally this is a person who can do everything a developer does and everything a system administrator does, and such person is probably a developer who has grown into system administration.
I have done this dual job before and trust me, the HR types do not care one iota. If it saves money, great -- screw that guy some more. Who really benefits from a burnt out IT guy? The manager that can
Re: (Score:2)
It isn't just security either; I see lots of jobs advertised at the moment here in London. It is overwhelmingly what they call "DevOps" and Java development. I have been following the market for a long while, and I can see the same roles coming up again and again, so clearly the companies are having trouble finding people.
It's also possible after gaining experience and the needed clearances they discover they can make more elsewhere.
only 24 percent of millennials have any interest (Score:5, Interesting)
only 24 percent of millennials have any interest in cybersecurity as a career
That is not a lack of interest - it is an enormous interest. Think of when you were in class - if a quarter of the whole class were interested in one career. It is so high that I have difficulty believing it. If you assume that in any class you are going to have a 5% with no academic interest, maybe another 5% who truly want to pursue something non-technical, be it lawyer, politician, professional musician, sportsman, minister of religion, or artist - then I would say that it would be all the non-security related scientific, technical, and computer related industries that should be worried. If that figure were true it would mean that *most* people who are going to want a technical career would be looking at jobs in computer security.
Re:only 24 percent of millennials have any interes (Score:5, Funny)
Pretty even split between train drivers and astronauts.
That's the boys, obviously. I have no idea about the girls and they have cooties anyway.
Re: (Score:2)
I think you've underestimated how many people want to be "a Indiana Jones" and the ever-present contingent committed to a career as a fire truck.
Learn from the GCHQ and NSA (Score:2)
Cybersecurity is sold as protecting data but could mean helping track dissidents or build deep packet inspection.
The brand is a key factor too, if you are facing more congressional hearings or whistleblowers show you hawking your domestic surveillance skills to govs. Also don't ask your staff to do mass surveillance.
Cyber this, Cyber that.... (Score:4, Funny)
Or maybe, just MAYBE, they are afraid of being lumped in with the clueless bunch that are brandishing the term 'cyber' for everything, like it was some demented talisman to ward against evil net spirits.
I mean everybody knows that a 'CyberSecurity Specialist' is only a small and mostly accidental step away from a 'CyberBully', or 'CyberTerrorist', or OMG!!! Cyborg!!!
"Why yes, I'm a Terminator for the NSA, DHS, and in my spare time, the FBI and CIA! I'm a hit at all the parties!"
Re: (Score:2)
Or maybe, just MAYBE, they are afraid of being lumped in with the clueless bunch that are brandishing the term 'cyber' for everything, like it was some demented talisman to ward against evil net spirits.
I mean everybody knows that a 'CyberSecurity Specialist' is only a small and mostly accidental step away from a 'CyberBully', or 'CyberTerrorist', or OMG!!! Cyborg!!!
"Why yes, I'm a Terminator for the NSA, DHS, and in my spare time, the FBI and CIA! I'm a hit at all the parties!"
Or security for that matter - i.e. security guard, mall cop...tsa, etc...
Because it doesn't involve creating anything! (Score:2, Insightful)
The idea of working on mechanisms to stop other people from doing things seems like such a depressing job, even if the objective is to stop malicious people from doing bad things! The goal is to suppress and defeat the actions of other people who actually lead interesting lives!
Meanwhile, almost every other kind of development job involves creating something visible, something meant to be shared, something constructive, helpful, or fun!
Supply and Demand (Score:2)
As with anything, they could try offering them more money and better conditions.
And as always, businesses would rather avoid that in favour of having others (college/govt/other countries) train them and create a surplus of people trained in the sector to depress the wages.
While it's nice when people can enjoy their work, most people work to live, not live to work. Give them training, more money and time off to enjoy it and you'll get more applicants.
Enhancing is better than restricting. (Score:2)
Give me comparative numbers (Score:2)
dafuq (Score:4, Insightful)
Am I missing something? 24% of millenials sounds like a huge number if its not just IT workers polled.
Lies, damn lies, and statistical illiteracy (Score:5, Informative)
From the Raytheon article key figures: "Young men (35 percent) are far more interested than young women (14 percent) in a career in cybersecurity." If that many people are interested in cybersecurity, I'd call that "an overwhelming proportion" of persons being interested in cybersecurity. By that count, that's an enormous population of paranoid technofreaks.
"The survey also found less than one-quarter of young adults aged 18 to 26 believed the career is interesting at all." And how much of the total population gets employed in computer security AS A WHOLE? Less than 0.1% easily. How many other types of jobs, areas of interest and careers are there WITHOUT EVEN leaving the IT world?
The study page even highlights that they didn't target IT graduates. This is from a general, untargeted smattering of 1,000 members of the population. That's not even a proper sample size.
Bad journalism. Bad study report. Bad.
Maybe they just don't want to work at Raytheon (Score:4, Funny)
Of course they aren't interested (Score:2)
Security is an ungrateful business (Score:5, Insightful)
So will anyone congratulate you for a job well done? No, they will only see money spent on your salary with zero results. You will look as if the company could do without you. You know better, but the people who might give you a raise don't. And the people who could fire you to safe on salaries and increase profits don't.
You get much better recognition in a job that visibly produces positive results.
Re: (Score:3)
Already in a police state (Score:2)
Why the surprise? We all live in police states. From the recent scandals and revealations, that opinion is no longer fringe. If in doubt, just watch some evening news and try to find a story where police/justice/govt is _not_ involved. Small wonder people seek the distractions of sports & gossip.
The tension imposed by the police state stresses everyone (not least the officers themselves). People naturally shy away from it. Even legitimate security efforts suffer under the toxic cloud. Fear of bei
It's the political infighting (Score:2)
I've done security work as part of systems engineering, and helped other companies with it, for decades. It would be difficult to pay me enough to take that as a primary role. Many projects think of security as something that can be painted on after a project is done: others have managers or core developers who think of every moment spent thinking about security as wasted, non-profit-generating work.and actively discourage any attention to security implications. Others rely on external firewalls to say "we
CraigsList Ad's Don't Show It (Score:2)
So I googled the topic and found out some intelligence the easy way. 4 job openings at the DHS. Typed in "Cyber" just like the instructions said to do.
Only 24% (Score:2)
are interested in cybersecurity? And that's not enough? I think what they are saying is that they need more to be interested and to train for it so they can hire a few at really low wages, otherwise I guess they'll just have to start looking for H1B visa hires...
Because *I* want to compete with offshore labor... (Score:2)
Making $5/hr when I live in a country with a cost structure designed for someone making $50/hr. Yeah, sure. How could I turn *that* offer down. And of course, only millenials matter for cybersecurity jobs. Can't hire those 50+ guys. No way. Even if there are lots of them looking for work.
I'm pretty sure you don't need a full quarter (Score:2)
of the population working in "cyber security" so how is this a problem?
Maybe no one wants to work for Raytheon? (Score:2)
What "we can't find people" really means (Score:2)
Allow me to debunk the myth (Score:2)
Why oh why are our young not interested in MINT professions? And especially in that awesomely secure security business?
Easy. It's less hassle, less work and requires less brain power to push through some idiotic MBA degree, with the much higher chance to get a well paying job with way fewer overtime hours. It's simple as that. It's simply better paid to push numbers about and bullshit people out of their money than actually do something sensible that the economy could benefit from.
Re:Soon to be obsolete (Score:5, Insightful)
Progress is slowly being made in the use of capability based security.
If you think a technology will solve all our security problems, then you don't understand what security is all about.
Securty is a process, not a technology.
Every time you think you've built something idiot-proof; nature comes right in, and delivers you a more idiotic idiot.
Until you can eliminate all humans in organizations; computer security can never be a solved problem.
Because most security problems are caused by humans, AND IT security falls within the broader umbrella of risk management.
You will never own a perfectly secure system. Not now. Not in a thousand years.
It doesn't matter what fancy new capability-based models you come up with; there will always be threats and vulnerabilities.
Re: (Score:2)
Hey, if I own anything in a thousand years, I'm doing alright!
Re: (Score:2)
Hey, if I own anything in a thousand years, I'm doing alright!
You never know... some people have cryogenicists freeze their body, with an intention of being revived some day in the distant future.
Re: (Score:2)
This, a thousand times this. I have never met a security professional that thought their environment was secure. Everything is always coached within the context of risk management.
Re: (Score:2)
Securty is a process, not a technology.
Not only that, but people really should understand that *security is not about absolutes*. Things are not either "secure" or "insecure". Well executed security is essentially about a trade-off between "easy accessibility for authorized usage" and "difficult accessibility for unauthorized usage".
The only way to "completely secure" a computer hard drive, for example, is to completely destroy it. Otherwise, there is some risk that someone can eventually gain access to it and recover some data. Short of th
Re: (Score:2)
Progress is slowly being made in the use of capability based security. This will eventually (15-20 years from now) mean that computer security will be a solved problem.
Assuming capability based security will be the next big thing (I don't have enough experience to confirm or deny that), there will still be a need for people who design, write and audit programs using capability based security. So "a solved problem" would mean "the approach everyone uses" not "something that doesn't need attention".
Additionally, computer security can be outsourced and managed remotely, so it is likely to be commoditized, in much the same way as IT Administration was.
Only if you can trust a third party with your data. Also, I don't think you can fully separate computer security from information security: someone has to decide which people and
Re: (Score:3)
Re: (Score:2)
Given that no individual link in the security chain can be trusted (pretty much proven by the NSA), a single security method will never suffice.
Re:Lol, Tech. (Score:4, Informative)
Meh, grow up. Been doing tech work for over 40 years now. Haven't been replaced yet, but I also keep up on new tech and stay curious. If you get set in your ways and decide that your current skill set will keep you in Doritos and Mountain Dew forever, you _will_ be replaced.
And jeeze, get over the "Obamacare" rhetoric. It just makes you look like a spoiled child who's not getting their way.
[John]