$150k security guards
Oregon has 9,000 positions in cybersecurity but 2,911 of them are currently unfilled according to the U.S. Department of Commerce.
Charlie Kawasaki, a Certified Information Systems Security Professional, formed PDX Cyber Camp to partially fill that gap. He says it is widening simply because the need for cybersecurity experts is increasing faster than the supply. Every company runs on computers now, and with data outsourced to the cloud and staff using their phones for work, there are multiple ways of being hacked or exploited that can bring a business to its knees.
"First, let me say we're not teaching hacking," Kawasaki told the Business Tribune. "The students are not learning how to break into your computer systems. The camp is designed for students who have no experience with programming, and are only interested in computers enough to make the commitment to spend a week during the summer. It's a pretty intense class with a lot of hands on labs and lectures, and guests present from the industry."
By the end of the week, the students have expertise with both Microsoft Windows and Linux, configuring systems, making sure that the firewalls are turned on and the backups are working appropriately.
The goal is very straightforward: "What they're training for is what it takes to be a good cyber security professional, that you might want to be in a regular organization that uses computers, like a business or a nonprofit, and working to defend computer systems. The camp requires a pretty broad understanding of how networks work, and how things like firewalls work to keep people out of your networks."
The race is on
Cyber security tools evolve very quickly in the tech industry. "That being said, there are a lot of tools that are readily available today and you can buy those or you can turn them on in the cloud."
The hard work is in getting them configured to make sure that they don't let people in the wrong way.
The choice in the industry seem to be either one, join a small team at a company, managing the network and anticipating threats. Or two, work for a cybersecurity company making the products.
"We have an unusually large number of high profile and very successful cyber security companies here in Oregon: McAfee,
Tripwire, Cylance, Iovation, and they're all building different kinds of cyber security products. What that also means is students are learning those skills that would make them valuable employees for those companies as well."
The camp has no prerequisites, other than a teacher recommendation that they are a deserving and motivated student. Even the computer hotshots are often new to cybersecurity.
"We start with the basics: Here's what a firewall is and how it works. By the end of the week, the students engage in a competition for who can make the most secure computer systems. It's scored by our online service."
Northwest cyber camp is part of a broader initiative, a collaboration between the state of Oregon, industry and the educational system to raise the level of awareness of cyber security, under an umbrella called Cyber Oregon.
The grown-ups in the room
On the Thursday afternoon, down the road at the college Oregon Tech, there was an industry and education sector summit which brought in industry professionals to try and figure out how they can collaborate to grow the size of the trained cybersecurity workforce. When this many executives show up at a meeting in a college, it has to be serious. At the summit, industry leaders stressed the need for cyber security professionals.
"I can't get people to respond to my ads. The jobs I'm looking to fill pay $150,000," said Mark Cooper, CEO of PKI Solutions.
Kawasaki explained why the field is booming.
"Just a few years ago, you might only have to worry about securing your network. But now you have to worry about all that stuff in the cloud. And how do I keep all my files from being copied over to Dropbox? So, there's lots of new security challenges all the time."
He says the job has never been just about staring at screens. Telling employees not to click on rogue links is part of it, since social engineering exploits the weakest link in the chain: human gullibility. "Education is a big part of it, educating employees." Interacting well with people is key.
"You have to work with your entire organization to understand what's important, what new technologies you need to be paying attention to. It's very much a collaborative kind of environment. You can't possibly stay on top of everything, all by yourself."
He added it's a challenging career because those currently holding companies to ransom are smart.
"The attackers who are organized criminals are very clever. So, they're always coming up with new kinds of attacks. So even if you're a savvy technology person, there's new attacks coming constantly."
Humpday is low defenses day
Apparently, Wednesday is a big day for email attacks.
"You're busy, and you're in between meetings, and you're trying to check your email and you're driving to interview
somebody, and someone sends you an email that looks completely realistic, you know, 'Your bank has said you might have a security problem...' It's easy just to click the link. And it takes everybody working together to make sure that you don't have a breach."
The camp has had more than 200 students. It's hard to track them, but he knows of one who is now doing an internship in Washington, D.C.,at a cyber security company and runs the OSU cyber security club. Two have joined Cylance and are working on artificial intelligence technologies to block malware. And one of them is going off to Embry-Riddle Aeronautical University, which has a nationally recognized cybersecurity program.
Locally, Oregon State University and Mt. Hood Community College have strong programs.
"You might want a four-year degree for secure software engineering, but there are hundreds of roles for someone doing a two-year degree, say for coming in and securing your firewalls."
Ransomware is big business. The criminals have call centers and can take credit card details for payment. "It's a cash business and the cost of operating that business is very low. You can reach the entire world from your basement. As long as you can get someone to click that link the cash is yours."
There are different roles in cybersecurity. In forensics you have to think like a detective. Threat analysts try to make sure that you're not vulnerable. Architects think 'How do I take my entire network and make it secure?' And there are software engineers.
Kawasaki sums the camp up: "The prerequisites are being motivated, being creative and being willing to learn."
And also the career. Although it's one sided — the attacker
only has to succeed once — Kawasaki says it's "An interesting and exciting career that I don't see an end to. By some measures, the average job in the cyber security career pays about three times the national average. And I've seen numbers, the average salary of a cyber security professional, ranging around $100,000 to $120,000
a year, for somebody in mid-career, in their 30s or 40s. You're
not getting that straight out of college."
Lauren Hurley, also 16, said she is good at chemistry and math but didn't know many details about cybersecurity before the camp.
At home they have a family network. Her parents have their own computers and the kids have their own laptops. "So, some of this stuff doesn't apply very easily to Chromebooks, because it's not Windows or Linux based. But I'm still able to, like learn how to have better safety, which is good," Hurley told the Business Tribune.
She says what she is learning is "fairly technical. In Linux you have to know these commands to execute programs. But coding like coding a game, it's not the same at all."
She's considering it as a career, although it is second to becoming a pilot.
"Those are the two highest needed jobs right now. I would like to go to Air Force Academy."
In cyber security right now, she thinks, "If you're good, you can kind of pick and choose what you want to do, because there is such a high need for it, which is a good thing."
Hurley has a 4.1 GPA. Could one skip college and go straight into this?
"You could, just because of how high the need is, but then you'd have to be really, really skilled. And I don't have that natural skill. So, I would for sure want to go to college and get a bachelor's in computer science."
She likes that at the camp they have lectures then immediately, hand on projects where they learn quickly in pairs.
"One of the things that I really enjoy about it is that there's only one outcome. Even calculus, there's so many different approaches. But with computer science, and this is why it's my favorite thing, you can only do one way, it's the only way that'll work."
Hurley doesn't mind being cooped up inside for a week in summer. "I'm I enjoying it and the food here is amazing."
She has a summer job at Jamba Juice, where all the smoothies are pre-programmed and the blenders have bar codes. Even the cash register is big buttons on a touchscreen. "It's fun to work there and everything, it's kind of a brain break. And the people there are super fun.
The Jamba Juice franchise owner had someone write the code for the computer, and while it sometimes goes wrong, she sees no way of getting under the hood, or if it is running on Windows.
"I have no idea actually. The operating system that we use for the till is Toast. I mean, there's ways that you could access to it, but we don't have access to there."
Reporter, The Business Tribune
Follow us on Twitter, Facebook and Instagram
Subscribe to our E-News
You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.