Cybersecurity experts needed to meet growing demand

Alec Ross, senior adviser for innovation at the State Department, has a piece of advice for students tasked with the nerve-rattling problem of choosing a college major.

“If any college student asked me what career would most assure 30 years of steady, well-paying employment,” Ross said, “I would respond, ‘cybersecurity.’ ”

That’s because cybersecurity is a field where the rules of the recession seem flipped: There’s plenty of jobs, but relatively few qualified applicants.

The government needs to hire at least 10,000 experts in the near future and the private sector needs four times that number, according to Tom Kellermann, vice president at Trend Micro and former member of President Obama’s cybersecurity commission. Booz Allen Hamilton, a private security firm in McLean, has hired nearly 3,000 cybersecurity experts in the past two years, and that trend is expected to continue.

Cyberattacks generally come in two varieties: state-sponsored intellectual capital theft and strikes against critical digital infrastructure, such as power grids and banking systems.

Both kinds are being carried out thousands of times a day. No one knows the precise cost; some experts put the dollar figure in the billions and others say it could reach hundreds of billions or more. Defense Secretary Leon E. Panetta has said that the threat of cyberattacks against infrastructure targets keeps him up at night, and former National Security Agency director Mike McConnell recently warned that the U.S. government isn’t equipped to detect and deflect a catastrophic attack.

“We’re going to have a catastrophic event [in cybersecurity]. Some of these tools already being built are going to leak or be sold or be given to a group that wants to change the world order, and we’re incredibly vulnerable at the infrastructure level,” said Adm. Mike Mullen, former chairman of the Joint Chiefs of Staff.

How can the government become better prepared? It needs more “white hats” — the good guys of the Internet, experts say. But not enough digital experts are entering the cybersecurity field to meet the ever-growing demand.

“It’s tough going out there,” said Edwin Kanerva, vice president at Booz Allen Hamilton. “Every company in [the area] is looking for the same thing. There’s just not enough of them. The gene pool is small.”

Recruiters for the company visit colleges across the country, but that may not be enough. According to a 2009 study from the Georgetown University Center on Education and the Workforce, college graduates earning degrees in computers and mathematics represented just shy of 6 percent of all graduates. Of those, only 36,500 of them, or 2 percent, earned a degree directly related to cybersecurity.

Why is that percentage so low? Kanerva said many college students who train in computer science are attracted to fields other than security, such as software development or computer engineering, which are considered more appealing and can sometimes offer six-figure starting salaries. The median salary for a graduate earning a degree in security was $55,000 in 2009, compared with $75,000 for computer engineering.