OKLAHOMA CITY – Cyber threats are growing in number and sophistication, as is the demand for trained specialists to protect businesses and government agencies.
A group of experts discussed the issue with Log record Editor Joe Dowd during a recent JR/Now webinar.
“Every industry is impacted in this space,” said Josh Snavely, a cybersecurity and privacy expert and attorney at McAfee & Taft. “No one is safe, unfortunately.”
There are currently 3.5 million unfilled cybersecurity jobs worldwide and 455,000 in the United States, Snavely said.
Nearly 4,000 of those job vacancies are here in Oklahoma, said Jeremy Thomas, provost and vice president of student affairs at Oklahoma City Community College. “There is definitely a need,” Thomas said.
“As these attacks happen, it will start to cripple businesses,” Vince Bridges said., vice-president for academic affairs at the OCCC. “The labor shortage is a serious problem.
Bridges said cybersecurity is growing 33% faster than all other occupations, according to Bureau of Labor Statistics projections for new positions needed by 20230.
These are well-paying jobs with a median annual salary in Oklahoma of about $88,000, he said.
OCCC is one of the colleges in Oklahoma that offers cybersecurity programs. John Claybon, dean of business and information technology, said the program was developed to meet the growing demand for “cyber warriors” needed to protect critical information systems.
Graduates get a two-year applied science degree in a dynamic, engaging and lucrative career field that won’t go away, he said.
This degree and certifications are all that is needed for most private sector jobs, said Jon McHenry, professor of computer science at the OCCC. Most jobs in the federal government require a bachelor’s degree, he said.
McHenry said many students are former military personnel who already have security clearances, former law enforcement officers and workers in fluctuating industries like the oilfield. Young players often do well in the program because they “already have the mindset of trying to work around things and break them,” he said.
Cybersecurity isn’t just for coders, McHenry said. There is also the managerial side, people who create policies, analyze and audit. Even the auto industry needs cyber experts because vehicles are internet-enabled, he said.
“It’s not just a technological problem. It’s an executive leadership problem that really needs a wide range of approaches,” Snavely said. “It’s an enterprise-wide risk, so you need people in your organization…to understand that.”
Snavely – who does incident response for small businesses – said 90% of the last three months started with compromised credentials or a phishing attack. In almost all cases, the problem could have been avoided if the IT department had deployed multi-factor authentication, he said.
In one case, it saved a company nearly $50,000 based on the records hackers were trying to view. In another case, the lack of multi-factor authentication cost the company $900,000 in repairs, Snavely said.
Hiring someone who is a cybersecurity expert could be worth $1 million or your entire business, he said, noting that 60% of businesses go bankrupt within six months of a ransomware attack.