Diverse cyber security work force must have technical expertise, flair for problem-solving

Attacks on government, corporate, and individual computers have exposed the vulnerabilities of an increasingly networked world, while revelations of widespread government surveillance cause many to wonder whether personal privacy is a thing of the past. Cyber threats have been called the United States’ greatest security problem—as highlighted by the recent Sony hack. The cyber security profession offers solutions, and not all of them are technical.


As in past times of national crises, the United States faces a shortage of people with a particular set of advanced technical skills. According to a 2014 study by the Ponemon Institute, an information security and privacy research center, the demand for cyber security professionals in both the public and private sectors far exceeds the supply. There is a need for people with expertise in computer science, math, programming, electrical engineering, and logic, but also for people with a range of technical and nontechnical problem-solving skills.

Cyber security is a young, rapidly evolving field that encompasses many different jobs and roles. A 2010 Bureau of Labor Statistics report estimated that there were about 72,670 people in the "information security analysts" job category, which does not include all cyber security positions. The need-much greater than demand, which is actual job openings-for cyber security professionals in the United States is staggering, considering there are about 6 million businesses and 90,000 local governments and school districts, all of which must, to some degree, protect their data and their networks.

Does the cyber security job boom mean opportunities for women? Eugene Spafford, PhD, professor of computer science at Purdue University, believes inclusion in the field of cyber security is a must, and that attracting and retaining women is crucial to finding the kind of technical talent needed. He says when women get shut out or leave the field, their strengths are lost and the profession suffers. Dr. Spafford, who is also executive director of Purdue's Center for Education and Research in Information Assurance and Security, said, "If you have women on the design team, you're more likely to get discussion about privacy side effects and human/ computer interface. Having a diversity of views and experience always leads to better results."

Jeremy Epstein, longtime board member of Applied Computer Security Associates (ACSA), agrees. ACSA is a 30-year-old nonprofit organization whose mission is to improve understanding of the theory and practice of cyber security. It sponsors cyber security research conferences, including ACSAC (Annual Computer Security Applications Conference) and NSPW (New Security Paradigms Workshop). Epstein, who has been a cyber security professional for 25 years, said, "Women are historically very underrepresented in computer science and in computer security. When I started in computer security 25 years ago, the field was 20% to 30% women. Now it's between 5% and 10%. That's obviously going in the wrong direction."

Troubled by this trend, Epstein persuaded ACSA's board to fund scholarships for women who want to study cyber security and need financial help.

The first scholarships were awarded in 2012. Since then, ACSA has been able to increase the number of awards it makes by partnering with HP and the Computer Research Association's Committee on the Status of Women in Computing Research (CRA-W). For the academic year 2014-2015, there are 11 scholarship winners, both undergraduate and master's degree candidates, from colleges and universities across the United States.

The National Science Foundation (NSF) also has awards for cyber security education, including the CyberCorps Scholarships for Service (SFS) program, which offers full scholarships to students in academic cyber security programs. In addition, the NSF supports interdisciplinary, cyber security-related research and education programs, such as the NSF/Intel Partnership on Cyber-Physical Systems Security and Privacy (CPS-Security) and Secure and Trustworthy Cyberspace (SaTC).

In response to the demand for a larger, more highly skilled cyber security work force, a growing number of universities, and even some community colleges, are adding cyber security classes. With the help of a $200,000 NSF grant, the departments of electrical engineering and computer science at Cleveland State University and Case Western Reserve University (CWRU), both in Cleveland, are collaborating on an undergraduate cyber security curriculum. The sequence includes courses in hardware, software, and information security. The final exam for the hardware class is a hacking exercise in which students hack their classmates' computers and defend their own. Although controversial as a teaching method, hacking, which exploits a system's weaknesses, is one way to learn how to identify and remedy these weaknesses. CWRU Professor Swarup Bhunia, PhD, contends that hands-on, simulated attack-and-defense classes prepare students to come up with solutions to the specific security vulnerabilities they will encounter in the workplace.

Pablos Holman, an inventor, futurist, and hacker, said in a TedXMidwest talk, "Hackers have minds that are optimized for discovery." He pointed out that hackers methodically attempt to compromise every aspect of a system's defenses, "just to see what will fall into their laps." The hacking mind-set, however, can be applied in an ethical way to other kinds of problems. Holman is part of a multidisciplinary team of scientists at Intellectual Ventures Laboratories that is analyzing the lifecycle of the malaria parasite. By understanding every stage of malaria and looking for weaknesses, the team has come up with some novel ideas for controlling the disease, which kills hundreds of thousands of people annually, mostly children in Africa.

<< First < Previous 1 2 Next > Last >>

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me