This week I would like to discuss the need for more cyber security professionals in the US. There are several reasons why, some of them being outside threats, state sponsored hacking groups, plain criminals, and need for securing our domestic infrastructure. Every day we have news about new US companies being hacked to just few days ago someone hacking the emergency sirens in Dallas.
So why don't we just get more cyber security professionals. Well here are some of my observations. The entry into the career of a cyber security professional is extremely difficult. To get a job in the private or government sector one has to have several years of hand on experience. Most businesses require a certification such as CISSP or similar which have prerequisites of being in the field and having several years of experience in order to get certified. How is one going to get the experience when every single job posting requires certifications and experience which a student doesn't have.
The next problem I personally have is the transition into the security career. I have worked with data and analytics for 15 years and as a Manager in my current job, I would have to drop into a entry role that doesn't require a security certification (which they all do). I would have to start at half of what I earn now while having a Master's degree in cyber security. What is the incentive for us wanting to work in this industry. The median pay of 66k annually? That is one sad pay rate for someone who has to learn about thousands of different things such as networking, encryption, cloud computing, risk management, operating systems and so on. The amount of learning and skill does not translate into the pay scale of a security professional. Compare that to a data scientist who can earn six figures with much less skill, learning and no certification required straight out of college. For what? Few statistics models, knowing a bit of "R" and building few queries in SAS during their education. While we are expected to be experts in everything in order to protect assets against most cunning black hat's, criminal organisations, and terrorists. It just doesn't add up.
What do you think?
This is the end of my rant and my blog post for this week.
No comments:
Post a Comment