Deep Dive: It’s time to develop our cybersecurity workforce

Cyberattacks are a growing threat that demand urgent action. This year’s cyberattacks on the nation’s largest fuel pipeline, Colonial Pipeline, and on SolarWinds, a major U.S. information technology firm, show the urgency around the issue of cyber security.

In both cases, attackers used vulnerabilities to compromise critical systems. According to the National Vulnerability Database (NVD), the number of new software vulnerabilities dramatically increased from less than 8,000 in 2016 to more than 18,000 in 2020. Among the vulnerabilities, about 24 percent are of “high severity.” This refers to the confidentiality of the information that would be impacted, the difficulty that would be involved in replacing it, or the impact of that information becoming less trustworthy.”

Some examples of vulnerabilities might be ineffective encryption of sensitive information, incorrect setting configurations, or accidental openings where someone might be able to enter a system without appropriate access. The exploitation of these vulnerabilities costs $60 billion every year in the U.S. alone.

We must take action now to fortify our nation’s most critical targets against future cyberattacks and security breaches. The first step is expanding the pipeline of qualified cybersecurity professionals who are entering the workforce.

Right now there is a growing demand for cybersecurity specialists. According to a U.S. Commerce Department database, there are roughly 500,000 unfilled cybersecurity jobs in the U.S. this year. The U.S. Bureau of Labor Statistics reports that employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average job growth of 4 percent for all occupations.

Meanwhile, Google, Microsoft and IBM recently announced a commitment to invest billions of dollars in cybersecurity, including training more qualified professionals.

It is essential to have a skilled workforce that can protect against cyber threats. Cybersecurity professionals must have a unique set of skills and proficiencies, including risk analysis, Unix and Linux system administration, penetration testing, digital forensics, intrusion detection, and troubleshooting.

To develop these skill sets, cybersecurity education must go beyond theoretical lecturing to offer hands-on practical training. Just as pilots train in simulators before they take to the skies, cybersecurity specialists must be able to practice critical thinking and decision-making under pressure.

Students should spend time in cybersecurity labs, simulate penetration testing, as well as observe and analyze the attacks on dedicated networks. Additionally, current cybersecurity professionals must continue to sharpen their skills throughout their careers.

Unfortunately, there are few facilities where such hands-on simulation training is offered. More are needed, particularly in northeast Florida, which is home to many large companies and a growing tech sector.

With time, more education and hands-on training will help produce an army of experienced cyber soldiers to fight back against the growing number of threats.

Dr. Mini Zeng is an assistant professor of computing science at Jacksonville University.