Oregon has 9,000 positions in cybersecurity but 2,911 of them are currently unfilled according to the U.S. Department of Commerce.
Charlie Kawasaki, a Certified Information Systems Security Professional, formed PDX Cyber Camp to partially fill that gap. He says it is widening simply because the need for cybersecurity experts is increasing faster than the supply. Every company runs on computers now, and with data outsourced to the cloud and staff using their phones for work, there are multiple ways of being hacked or exploited that can bring a business to its knees.
"First, let me say we're not teaching hacking," Kawasaki told the Business Tribune. "The students are not learning how to break into your computer systems. The camp is designed for students who have no experience with programming, and are only interested in computers enough to make the commitment to spend a week during the summer. It's a pretty intense class with a lot of hands on labs and lectures, and guests present from the industry."
By the end of the week, the students have expertise with both Microsoft Windows and Linux, configuring systems, making sure that the firewalls are turned on and the backups are working appropriately.
The goal is very straightforward: "What they're training for is what it takes to be a good cyber security professional, that you might want to be in a regular organization that uses computers, like a business or a nonprofit, and working to defend computer systems. The camp requires a pretty broad understanding of how networks work, and how things like firewalls work to keep people out of your networks."
The race is on
Cyber security tools evolve very quickly in the tech industry. "That being said, there are a lot of tools that are readily available today and you can buy those or you can turn them on in the cloud."
The hard work is in getting them configured to make sure that they don't let people in the wrong way.
The choice in the industry seem to be either one, join a small team at a company, managing the network and anticipating threats. Or two, work for a cybersecurity company making the products.
"We have an unusually large number of high profile and very successful cyber security companies here in Oregon: McAfee,
Tripwire, Cylance, Iovation, and they're all building different kinds of cyber security products. What that also means is students are learning those skills that would make them valuable employees for those companies as well."
The camp has no prerequisites, other than a teacher recommendation that they are a deserving and motivated student. Even the computer hotshots are often new to cybersecurity.
"We start with the basics: Here's what a firewall is and how it works. By the end of the week, the students engage in a competition for who can make the most secure computer systems. It's scored by our online service."
Northwest cyber camp is part of a broader initiative, a collaboration between the state of Oregon, industry and the educational system to raise the level of awareness of cyber security, under an umbrella called Cyber Oregon.
The grown-ups in the room
On the Thursday afternoon, down the road at the college Oregon Tech, there was an industry and education sector summit which brought in industry professionals to try and figure out how they can collaborate to grow the size of the trained cybersecurity workforce. When this many executives show up at a meeting in a college, it has to be serious. At the summit, industry leaders stressed the need for cyber security professionals.
"I can't get people to respond to my ads. The jobs I'm looking to fill pay $150,000," said Mark Cooper, CEO of PKI Solutions.
Kawasaki explained why the field is booming.
"Just a few years ago, you might only have to worry about securing your network. But now you have to worry about all that stuff in the cloud. And how do I keep all my files from being copied over to Dropbox? So, there's lots of new security challenges all the time."
He says the job has never been just about staring at screens. Telling employees not to click on rogue links is part of it, since social engineering exploits the weakest link in the chain: human gullibility. "Education is a big part of it, educating employees." Interacting well with people is key.
"You have to work with your entire organization to understand what's important, what new technologies you need to be paying attention to. It's very much a collaborative kind of environment. You can't possibly stay on top of everything, all by yourself."
He added it's a challenging career because those currently holding companies to ransom are smart.
"The attackers who are organized criminals are very clever. So, they're always coming up with new kinds of attacks. So even if you're a savvy technology person, there's new attacks coming constantly."
Humpday is low defenses day
Apparently, Wednesday is a big day for email attacks.
"You're busy, and you're in between meetings, and you're trying to check your email and you're driving to interview somebody, and someone sends you an email that looks completely realistic, you know, 'Your bank has said you might have a security problem...' It's easy just to click the link. And it takes everybody working together to make sure that you don't have a breach."
The camp has had more than 200 students. It's hard to track them, but he knows of one who is now doing an internship in Washington, D.C.,at a cyber security company and runs the OSU cyber security club. Two have joined Cylance and are working on artificial intelligence technologies to block malware. And one of them is going off to Embry-Riddle Aeronautical University, which has a nationally recognized cybersecurity program.
Locally, Oregon State University and Mt. Hood Community College have strong programs.
"You might want a four-year degree for secure software engineering, but there are hundreds of roles for someone doing a two-year degree, say for coming in and securing your firewalls."
Ransomware is big business. The criminals have call centers and can take credit card details for payment. "It's a cash business and the cost of operating that business is very low. You can reach the entire world from your basement. As long as you can get someone to click that link the cash is yours."
There are different roles in cybersecurity. In forensics you have to think like a detective. Threat analysts try to make sure that you're not vulnerable. Architects think 'How do I take my entire network and make it secure?' And there are software engineers.
Kawasaki sums the camp up: "The prerequisites are being motivated, being creative and being willing to learn."
And also the career. Although it's one sided — the attacker only has to succeed once — Kawasaki says it's "An interesting and exciting career that I don't see an end to. By some measures, the average job in the cyber security career pays about three times the national average. And I've seen numbers, the average salary of a cyber security professional, ranging around $100,000 to $120,000 a year, for somebody in mid-career, in their 30s or 40s. You're not getting that straight out of college."
Matthew Cummings, who will be. A junior at Stayton High this fall, said he knew the basics of windows and had a surface level interaction with Linux before the camp.
"This camp really deepened my knowledge in both of those, especially Linux, which is a lot more complex and powerful than I thought."
He says because Windows 10 tries to simplify things for the average user, it makes it harder to get under the hood and configure it. On his borrowed computer, he shows off a virtual machine of Linux, which is a simulation of a computer running Linux inside of a Windows 10 computer.
Cummings clicks around inside some folders, which look familiar to any Windows user, changing settings — things like how often a password must be changed, who is hidden behind a firewall.
"If I wanted to work on some security features, Administrative Tools is one of the most important things gives you a list of all the various things that you can work on."
You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.