Cybersecurity training aims to catch up amid major breaches - Crain's Detroit Business
Amid increasing cyber breaches with costs into the billions of dollars, there's also a shortage of workers to play both offense and defense in preventing and mitigating against those attacks. In Michigan alone, there are more than 7,100 unfilled cybersecurity jobs, with about 4,400 of those in metro Detroit, according to CyberSeek. Nationwide, there are more than 464,000 cybersecurity job openings.The cybersecurity sector has a roughly zero percent unemployment rate, by some estimates.Driven primarily by the sheer expanding need for cybersecurity amid increasing threats and attacks, academics and executives are exploring any and all options to fill some of the gap. To what extent that can be done remains an open question, according to Doug Miller, director of the Upper Peninsula Cybersecurity Institute at Northern Michigan University in Marquette. "I don't want to sound like an alarmist, but I personally think we're playing catch-up," Miller told Crain's. "It's going to take a lot of people being really interested and coming into this career field before we really start putting a dent in those numbers."To a large extent, Miller and others say a key goal to create a pipeline for a cybersecurity workforce means hooking would-be workers when they're young.
Laura Clark, chief security officer for Michigan's Department of Technology Management and Budget, said state government is heavily invested, along with industry stakeholders, on working within the K-12 system to highlight cybersecurity as a possible career path for students. "I spend a lot of time ... having conversations about what are creative pipelines for getting individuals to focus on cybersecurity as a career," Clark said. "We do a lot of assessment on our current toolsets and if there's places we can automate ... to really pinpoint where we need to focus our resources."To put the issue into perspective, and as Crain's has previously reported, risk management and risk mitigation makes for the optimal strategies with cybersecurity, as breaches vastly increase and some kind of loss becomes all but inevitable. In 2020, there were 791,790 complaints of suspected internet crime, an increase of more than 300,000 from 2019, according to the annual Internet Crime Report released by the FBI, which notes that financial losses were in excess of $4.2 billion. The top three crimes reported by victims in 2020 were phishing scams, nonpayment/nondelivery scams and extortion, according to the report. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud.To that end, President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said last week, according to an Associated Press report. The Aug. 25 meeting comes as the White House is scrambling to help companies protect against ransomware attacks from Russia-based criminal syndicates and as the administration confronts an aggressive cybersecurity threat from the Chinese government.The increasing threat level from computer crimes and breaches speaks to Miller's point about the large shortage of workers for the cybersecurity sector having more to do with the sheer scale of the need, as opposed to a lack of attraction to the industry. In Michigan, the average pay for cybersecurity engineers in 2019 was $91,750, or $44.11 per hour, according to data from the U.S. Bureau of Labor Statistics, cited in a release from the University of Detroit Mercy. To see the growth of cybersecurity, one needs look no further than Ann Arbor and the cluster of companies that has congregated in the university town southwest of Detroit. Much of that began with Duo Security, the Ann Arbor-based company acquired by software giant Cisco for $2.35 billion in 2018. Duo has helped spur the growth of several other companies in the area, which includes Blumira Inc., a company focused on the detection and response aspect of cybersecurity and which last year closed on a $2.6 million round of venture capital financing.
Blumira CEO Steve Fuller, in an interview with Crain's, declined to provide a revenue figure for the company, but said it's experiencing triple-digit growth, working primarily with what he described as small and midsize enterprise customers. Fuller said solutions like Blumira, which are heavily dependent on automation, will likely relieve a good deal of the pressure from the lack of people available to meet the demand. His company, with a headcount of nearly 40 employees, has focused on offering an "inclusive culture" as it seeks to grow. Providing a path for career growth is also part of the strategy, Fuller said."One of our strategies is to hire people earlier in their career, help them grow and give them a path to advance within the organization," he said. "Some of them will advance and take their skills elsewhere, which is perfectly fine and a normal part of a healthy ecosystem."The automotive sector, as it becomes increasingly focused on connected vehicles, is heavily seeking cybersecurity professionals, and academic institutions around the state are rushing to help fill those positions. Formed earlier this month, with a $1.12 million grant from the U.S. Department of Defense, the Metro-Detroit Regional Vehicle Cybersecurity Institute aims to be one part of the puzzle that can inject workers into the field.The Cybersecurity Institute initially includes the University of Detroit Mercy, pipeline institutions Washtenaw Community College, Oakland Community College and Macomb Community College, and the University of Arizona, which will provide research support to the consortium through its research institute that was established in 2014, according to a news release. The University of Michigan and Henry Ford College are expected to join the consortium in the coming years.The consortium of academic institutions seeks to "expand and enhance" the number of cybersecurity engineers in the region, and will work alongside industry partners, according to the release. "The consortium also supports upskilling and reskilling for vehicle cybersecurity by prioritizing underrepresented populations, military personnel and veterans," the release said."Without an increase to the workforce now, the cybersecurity risk to DoD (Department of Defense) and commercial ground vehicles will keep falling further behind the increasing threats from actors in multi-domain contested environments," Paul Spadafora, director of professional engineering programs for UDM's College of Engineering and Science, said in the release. –The Associated Press contributed to this report.