When companies such as Marriott International, Yahoo! and Equifax experience a data breach, the consequences are huge for customers whose personal information has been accessed by criminals or enemy states. And so it’s no surprise that major players in the private and public sector are boning up their cybersecurity to avoid such PR and real-life disasters.
But even if a corporation’s firewalls are strong, chances are a dedicated antagonist can find her way into treasure troves of information.
“The probability of losing data or being hacked is a probability of 1,” said Barbara Endicott-Popovsky, executive director of the Center for Information Assurance and Cybersecurity at the University of Washington. “There’s no end to how you can get inside.”
Endicott-Popovsky has watched for two decades as online adversaries have evolved from curious young people trying to prove they could access sensitive places to nation states and lawbreakers weaponizing the cyberspace for their own benefit.
“Pretty soon the criminal element recognized that you didn’t have to rob a bank and break in the front doors with machine guns. When was the last time you heard of a robbery like that?” Endicott-Popovsky said.
Today, she believes that much of the world is in a state of war online, where turmoil is less provocative compared to the bloody conflicts from history books or the news, but where the threat of injury is still dire. It’s in this environment that companies are trying to conduct business and us our personal affairs, she said.
“You could cause incredible damage in a cyber sense without even having to drop a bomb or doing anything that was controversial,” Endicott-Popovsky said.
Much like other times of war, when an industry has boomed out of an immediate need for defense mechanisms, the cyber field is experiencing tremendous growth as more and more people become aware of the implications a hacker being able to penetrate their systems represents.
“The expansion of cybersecurity pathways means you don’t have to be a deep techie, which seems to be the imagined barrier,” said Endicott-Popovsky. “That is where we’ve spent our time developing curriculum, which is to appeal to the myriads of people that could be re-skilling, up-skilling, changing careers, taking advantage of this wealth of diversity.”
According to cyberseek.org, there are currently more than 300,000 cybersecurity job openings across the United States, and there’s a major talent shortage.
In context, that dearth makes sense. Like in any burgeoning industry that’s relatively new to the market, the talent pool doesn’t exist yet. Moreover, cybersecurity belongs to the Information Age, a time that defies almost all industrial precedent during the 20th century.
“We’re going through an upheaval every bit as dramatic as what the farmers went through during the Industrial Revolution,” Endicott-Popovsky said.
And as technology continues to evolve, so does Endicott-Popovsky’s particular niche as its fortifier. “This is I have to say one of the most dynamic fields that I could ever imagine because it’s changing at such a rapid rate,” she said.
Endicott-Popovsky knows her students at the University of Washington may have learned at least some information that is already obsolete by the time they graduate from their program. That’s how volatile the industry is right now.
But for bright people, this ever-changing landscape coupled with the lack of qualified candidates can prove an advantage. Endicott-Popovsky said she teaches her students how to stay up-to-date on cybersecurity procedure. “If you’re any good,” she said, “you get pulled up into leadership roles.”
“If you are ambitious, if you’re thoughtful, if you understand yourself, and how to grow yourself, and how to learn, you will be wanted and needed, and you will find yourself progressing in the field,” she said.
For those considering entering cybersecurity, Endicott-Popovsky made it clear that the career shift does not mean starting over. Nor does it mean coming from a certain background. In films and TV shows, it always seems as though cybersecurity experts are portrayed by white men — in reality, some estimates measure female representation in information security to be as low as 11%. But for stronger cybersecurity, companies need a more diverse workforce to fully assess vulnerabilities, according to experts.
“You do not want to have a monolith of a group evaluating your cybersecurity problems,” Endicott-Popovsky said, “or you’re going to have problems.”