With cyber threats escalating every day, there is an increasing demand for talented workers with up-to-date skills to combat those threats. The U.S. Bureau of Labor Statistics estimates that information security analyst jobs are expected to grow 28 percent from 2016 to 2026, faster than the average of all occupations. The demand for top talent is high — making it tougher for Maryland companies to compete.
According to the Maryland Department of Commerce, Maryland ranks first in the percentage of bachelor’s degrees in computers, mathematics and statistics. Maryland also has the highest concentration of STEM professionals among the states. So why is there such a shortage?
Experts believe there is a skills gap in available workers, which is why Maryland’s colleges and universities have ramped up cybersecurity curriculum and training to invigorate the workforce pipeline.
“We, in higher education, and our state partners are very interested in expanding the size and pool of cybersecurity talent. There’s not a lot we can do to increase the number of cyber experts with 10 years of experience. Experience is finite,” said Caroline Baker, assistant vice president for careers and corporate partnerships at the University of Maryland, Baltimore County (UMBC). “But what we can do is expand, broaden and diversify the pipeline and increase the number of students completing degrees in cyber, machine learning, and AI.”
Baker says the computer science degree program has seen a 25 percent increase in enrollment in the last few years. This year also proved to be a record year of organizations participating in UMBC’S fall career fair. Of the 140 organizations that came, 75 percent were from the private sector, including tech giants such as Google.
By their senior year, Baker said, many UMBC students will have more than one job offer to consider.
Other colleges and universities are also working to increase the pipeline. In January, the University of Maryland, College Park was awarded a $5 million grant from the National Science Foundation’s CyberCorps Scholarship for Service program, specifically to address the cybersecurity workforce demand.
Still, Maryland-based companies must compete against major tech giants nationwide.
Steve Pennington, managing director of business and industry sector development at the Maryland Department of Commerce said the agency is working all angles to not only increase the talent pool but also retain it.
“The demand continues to exceed the available talent and we are working our tails off to make sure we can identify as many sources of talent,” Pennington said.
Pennington said the agency is working to connect Maryland’s larger companies with entrepreneurial companies when it may make sense to do business together. Their efforts have been fruitful. In October, AllegisCyber and DataTribe announced they would be moving to Port Covington and bringing with them a $400 million cybersecurity investment fund.
Dave Hartman, president and co-founder of Hartman Executive Advisors, a Timonium-based firm that assists middle market organizations with IT business strategy, agrees that the talent pool is small and that the demand is only going to continue to increase.
For him, cyber threats aren’t the only reason the demand for talent is high. His company works with businesses who understand how critical technology is to their business but who in their own words, “don’t know what they don’t know.”
His firm has assisted businesses in understanding that wrapping cyber under the IT team, for example, may not be the best strategy in combatting cyber risk. To him, IT and cyber are very distinct job functions, yet many businesses house cyber under the IT umbrella.
“Cyber is a business-wide risk, not just an IT issue – and one that should be approached much differently,” Hartman said.
A chief information officer will approach the information system and security by putting systems in place to protect the data. A chief information security officer addresses cyber risks at the business level and then develops plans for mitigation and response.
When companies divide information system infrastructure into two separate IT and cyber categories, it increases the demand for additional information security jobs with very specific skills. But, Joanne L. Martin, chief information security officer at Hartman, says organizations can educate the appropriate person in-house so that both pieces are covered appropriately.
Martin said leaders should approach cybersecurity as they would any other major business decision: with an in-depth analysis of risks and a strategic plan for mitigation. With three decades of technical and business leadership at IBM, Martin knows firsthand the importance of having a cybersecurity expert in place. She said that while an IT leader can become a cybersecurity expert with proper training and experience, separating and defining the roles is key to long-term success.
Higher education is taking this advice to heart. The University of Baltimore plans to create a cybersecurity management master’s program focused on developing cybersecurity leaders. The program aims to meet what educators see as an unmet demand for leadership and strategy. The university said the program is designed for veterans within the cybersecurity industry who want to move from more technical positions to senior leadership roles in their organizations.