States that are at a disadvantage in the race to recruit cybersecurity experts
CHICAGO (AP) – Austin Moody wanted to apply his cybersecurity skills in his home state of Michigan and team up with state police investigators to analyze evidence and track down criminals.
But the recent graduate put the idea aside after learning an unpaid internship that was his only path to the Michigan agency.
“I don’t know a lot of people who can afford an unpaid internship, especially when it’s so popular in the private sector,” Moody said of other cybersecurity job seekers. “Unpaid internships in cyber are not really something outside of the public sector.”
Hiring and retaining employees who are able to stave off a constant stream of cyberattacks and less serious online threats is high on the list of concerns for government technology leaders. There is a grave shortage of these professionals and insufficient financial firepower to compete with federal counterparts, global brands, and specialist cybersecurity companies.
“People still in school are being told, ‘There are really good opportunities in cybersecurity, really good opportunities to get high pay,'” said Drew Schmitt, senior threat intelligence analyst at cybersecurity firm GuidePoint Security. “And ultimately, these state and local governments cannot compete with many private organizations from a salary point of view.”
State governments are regular targets for cyber criminals drawn from the treasures of personal data in government agencies and computer networks essential for patrolling highways, maintaining voting systems, and other vital government services. Notable hits since 2019 include the Washington State Chartered Accountant, the Illinois Attorney General, the Georgia Department of Public Security, and computer servers that support many of the Louisiana state agencies.
Cities are also attacked and have even fewer resources than states to maintain cyber defense.
With the support of industry groups, the federal government and individual federal states have launched training programs, competitions and grants in order to generate more cybersecurity professionals nationwide. However, it could take years for these strategies to pay off. States have turned to outside contractors, civilian volunteers, and National Guard units for help when their systems are destroyed by ransomware and other hacking attacks.
According to CyberSeek, a joint project by the Computing Technology Industry Association and the National Institute of Standards and Technology, states had to fill nearly 9,000 cybersecurity jobs as of this summer. The total number is likely higher as the project does not count job advertisements that were only published on their own job portal.
Heads of state are reluctant to disclose the number of vacancies, fearing that potential attackers could be further lured. Since the National Association of State Chief Information Officers and Deloitte began surveying the group in 2014, top security officials in the state have made under-staffing their primary concern every year.
The problem is not limited to the state governments.
US officials make no secret of their own efforts to hire or retain cybersecurity professionals. The Department of Homeland Security alone has 2,000 cybersecurity vacancies, and the Biden government promoted 300 new employees this summer.
According to a survey conducted by the International Information System Security Certification Consortium, the average salary of a local or state government cyber employee of $ 95,412 in 2020, compared to salaries in federal government, financial services, and IT services remained around $ 25,000. Dollars or more back. a trade association.
According to the Bureau of Labor Statistics, information security analysts earned an average salary of $ 103,590 in May 2020. Cyberseek reports starting salaries of nearly $ 90,000 for all employers.
Homeland Security officials realized in 2014 that lower wages put their agency at a disadvantage, but it was not until this year that a rule was released that allowed higher salaries for cybersecurity functions – capped at $ 255,800, the maximum salary for the vice president.
âThe department urgently needs a more flexible hiring process with incentives to secure talent in today’s highly competitive cyber skills market,â says part of the rule that is due to come into force this fall.
Executives in this area often complain about the expensive and time-consuming certification requirements and background checks that cybersecurity roles employers insist on, saying this keeps jobs vacant and discourages women and people of color from working in cybersecurity.
Nicole Beebe, chair of the information security and cybersecurity department at the University of Texas at San Antonio, said the states’ struggles are more fundamental. Private companies and the federal government aggressively recruit students while studying and send representatives to courses and career fairs.
Government agencies are rare, said Beebe, who advises students long before graduation who are weighing multiple job offers.
“If it’s a hypercompetitive field, you can’t just put in a job posting and think it’ll be the same attraction,” Beebe said.
Lower salaries in public offices can be a deterrent, but many students prefer a position where they can leave their work at home, which is not always the case with private companies.
The role of a state or local government cannot be compared to the âmeat grinderâ constantly reacting to new attacks or vulnerabilities in a cybersecurity team for Microsoft or Amazon, said Michael Hamilton, founder of the PISCES project. The organization connects cybersecurity students with local governments that have no staff dedicated to this work.
“State agencies can hire interns, prepare them and show them that state government is a promising place to work,” he said. “But what I see is that with all the others that these people want to hire, they just get into a fist fight and lose.”
Sienna Jackson, a 2020 graduate of the University of Texas at San Antonio, accepted a position as an engineer at defense company Northrop Grumman after interviewing the company at a conference. She started her studies as an accountant, but discovered cybersecurity through a classmate.
After interning at Dell while at university, she hoped to find a company of similar size with a strong training program and other benefits.
Salary and help with moving or looking for an apartment also counted for Jackson, who had several jobs during her studies and has to pay back her student loans. She didn’t rule out jobs in the state government, but she didn’t see agencies at on-campus career fairs or at conferences.
“After graduation and interview, I realized that I had a lot of options,” she said. “I can choose where I go and my standards and not just take any job that comes my way.”
Moody, the Michigan native, received a Department of Defense scholarship that required the agency to work for at least a year after graduation. Moody said he understands that state governments don’t have the kind of money federal agencies or private companies spend on recruiting and lavish salaries.
But sending cybersecurity guards to speak to students about their jobs and what it means to thousands of citizens can have a big impact without costing a lot, he said.
“A lot of people want to take on a role in the civil service and are open to starting there,” said Moody.
Copyright Â© 2021. All rights reserved. This website is not intended for users located within the European Economic Area.