Many Called, Few Ready: the Cybersecurity Workforce

P85 - russian bots.jpg

Threat of the week

Ominous, confusing news releases emerge with alarming regularity from the shadowy world of cybersecurity actions. Surfacing this week was a Russian bot campaign to cripple 500,000 routers, mostly in Ukraine, while the country’s attention focused on the Champions League final between Real Madrid and Liverpool.

In response, companies and governments are mobilizing defenses. Unlike conventional military conflicts, though, which take place in full view, cybersecurity battles are almost invisible. They take shape along electronic fronts, through malware and viruses, countered by coding fixes and patch updates, monitored on countless screens all around the clock, all around the world.

Start making sense

These circumstances make it hard to see and understand the work people do in cybersecurity. And they’re some of the reasons we recently published our career guide to cybersecurity, which was just highlighted in the New America Foundation cybersecurity initiative.

Our career guide can help provide students and teachers alike with answers to some of the first questions people have about cybersecurity career opportunities:

  • Who are the people working on the cybersecurity front lines?
  • Where do they work?
  • What do they do?

In this post, we’ll explore some of these questions and sketch out the high-level dimensions of the cybersecurity workforce.

Workforce overview

CyberSeek is a public-private partnership that works to gather data about and analyze the U.S. cybersecurity workforce. The National Initiative for Cybersecurity Education, or NICE, is the government-side of the effort, a hub of efforts to explain and expand the cybersecurity workforce to public audiences. Much of the information here comes from these sources.

The U.S. cybersecurity workforce numbers about 747,000 people. Most, by far, work in the private sector: about 715,000. Another 32,000 work inside government. By comparison, about 4,000,000 people work in computer-related occupations, and the engineering workforce runs to about 1,600,000.

 Jobs in cybersecurity are readily available to candidates with the right training. Many students in cybersecurity programs get offers before they finish their studies.

Jobs in cybersecurity are readily available to candidates with the right training. Many students in cybersecurity programs get offers before they finish their studies.

The field is growing fast. In a 2015 report, cybersecurity jobs were increasing about 3.5 times faster than jobs in IT and 12 times faster than jobs in the overall economy. Since then, the pace has almost surely only accelerated. Over 285,000 jobs are currently open.

What the jobs are

Top cybersecurity job titles illustrate the overlap in skills and function with computer-related and engineering fields:

  • Cybersecurity engineer
  • Cybersecurity analyst
  • Network engineer/architect
  • Cybersecurity manager/administrator
  • Software developer/engineer
  • Systems engineer
  • Systems administrator
  • Vulnerability analyst/penetration tester

Few are ready

Cybersecurity jobs can be hard to fill. One reason is the dearth of qualified applicants, as schools and training programs have only recently ramped up their capacities to identify and educate candidates for entry into the cybersecurity workforce. Over 200 universities offer cybersecurity programs, up from seven only a decade ago. This summary of reports from the Congressional Research Service shows how government efforts have also multiplied across many different agencies.

 CyberSeek breaks down job openings by various categories, including by state, to show demand and supply in the cybersecurity field.

CyberSeek breaks down job openings by various categories, including by state, to show demand and supply in the cybersecurity field.

Always shifting hiring ground

The cyber threat landscape can be unpredictable, a roiling stew of geopolitical tensions, evolving technologies, and shifting alliances among transnational actors in public and private spheres. Hiring the right set of skills, technical and otherwise, into this environment is a challenge. A multi-university project is under way to develop a Cyber Aptitude and Talent Assessment tool, important because, as the research team states, “one of the biggest challenges [in cybersecurity] lies in concisely characterizing the space of work roles.”

Various tools exist to assess candidates’ aptitudes for cybersecurity work, including one at IBM and another at the SANS Institute, a leader in cybersecurity certification and operator of the unnerving online forum for cybersecurity threats, the Internet Storm Center.

Cybersecurity roles

The state-of-the-art rendering of cybersecurity professionals’ various roles comes from the NICE Cybersecurity Workforce Framework. Phrased in terms of actions or functions people carry out, the framework has seven elements:

  • Analyze: review and evaluate information to assess usefulness for intelligence.
  • Collect and Operate: defend against threats and collect information to feed into further operations.
  • Investigate: explore events or crimes across multiple domains.
  • Operate and Maintain: ensure ongoing IT systems viability and strength.
  • Oversee and Govern: lead, manage, or direct teams and organizations.
  • Protect and Defend: identify and mitigate threats to systems and networks.
  • Securely Provision: design, build, procure systems and tools.
 Show students all the different kinds of things cybersecurity professionals do in their jobs. The field has something to offer students with highly varied skills and interests.

Show students all the different kinds of things cybersecurity professionals do in their jobs. The field has something to offer students with highly varied skills and interests.

The Start Engineering Cybersecurity Career Guide

Our just-published career guide to cybersecurity expands on this framework in greater detail to help middle and high school students start to understand what cybersecurity careers are all about. The book is designed to help students identify and connect the skills and interests they already have with educational pathways and possible career destinations available to them in the cybersecurity field. We partnered with experts at NICE, the Department of Homeland Security, the National Security Agency, and private-sector firms to gather and develop the contents of the book.

And finally

Have you had any exchanges with students interested in pursuing a career in cybersecurity? What kinds of information or resources have proved useful to you?

We’d love to hear what else people are doing to help students make sense of this new, vitally important field. And please feel free to share with interested colleagues and friends.


Eric Iversen is VP for Learning and Communications at Start Engineering. He has written and spoken widely on engineering education in the K-12 arena. You can write to him about this topic, especially when he gets stuff wrong, at eiversen@start-engineering.com

You can also follow along on Twitter @StartEnginNow.

Brand new for 2018! Our new Cybersecurity Career Guide shows middle and high schoolers what cybersecurity is all about and how they can find the career in the field that’s right for them. A great pair with the recently updated version of our Start Engineering Career Guide.

We’ve also got appealing, fun engineering posters for K-2 and 3-5.

Our books cover the entire PreK-12 range. Get the one that’s right for you at our online shop.