Want to be paid $200,000 a year to think like a hacker? Then Uncle Sam wants you.
According to the newly released RAND report, "H4cker5 Wanted: An Examination of the Cybersecurity Labor Market", there is a shortage of highly trained cybersecurity workers, especially in the federal government, with potential negative consequences for national security.
"It's largely a supply-and-demand problem," said Martin Libicki, lead author of the study and senior management scientist at RAND, in a press release from the nonprofit research organization. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time."
For those with the expertise to help secure essential networks and combat cyberattacks, it's a lucrative job market.
"The cybersecurity manpower shortage is primarily at the high end of the capability scale, commanding salaries of more than $200,000 to $250,000," Libicki said.
For the moment, many large organizations are dealing with the crunch by providing training and promoting from within.
But the federal government is especially short-handed in this field. One reason is salary. Experts working for private companies can command double the highest salary a federal agency is permitted to offer. Another challenge for government agencies is that many of the positions require security clearance and are limited to people who have lived and worked in the country for at least five years.
In and out of the government, few women are entering or working in the field. According to the RAND report, "the percentage of women within the upper tier of the cybersecurity profession is well within single digits."
So what do the experts think we should do?
Don't panic. For the most part, the authors contend the labor market will correct itself, although it may take a number of years.
"The difficulty in finding qualified cybersecurity candidates is likely to solve itself, as the supply of cyberprofessionals currently in the educational pipeline increases, and the market reaches a stable, long-run equilibrium," the report states.
RAND recommends a few things the federal government could do to help:
- Relax some federal hiring rules when hiring hard-to-find cybersecurity experts
- Invest in cybersecurity education programs
- Refine ways to identify non-traditional candidates likely to succeed
- Attract more women into the profession
The number of cyberattacks may be on the rise. Fortunately, the number of computer science majors is too.