This article can also be found in the Premium Editorial Download "Information Security magazine: Best practices for securing virtual machines."
Download it now to read this article plus other related content.
When Kevin Quinlan took a position a decade ago at Bertucci's Corp., he started as a network administrator, ensuring that restaurant chain's critical systems were available at all times. Today, Quinlan is senior director of information technologies at Bertucci's, and a major part of his time is devoted to data security and compliance initiatives, a role he says has evolved over the years.
"I was a general network technician, but it became clear that security was going to be more important every day on the job," he says. "People started losing files and I had to start putting the pieces of the puzzle together."
Like Quinlan, most people who become cybersecurity professionals are drawn into the profession while on the job, says Alan Paller, director of research at the SANS Institute, a Bethesda, Md.-based security training and certification organization. With few people emerging from colleges and universities trained in cybersecurity, Paller believes more work needs to be done to get better skilled security professionals in the government and in the private sector.
"Our very future depends on it," Paller says. "If we want to remain competitive and have strong cybersecurity defenses, we need a larger talent pool. So, our goal is to make cyberskilled people as cool as sports skilled people by giving them visibility."
That's why the non-profit thinktank,
While there are some good cybersecurity programs at the college level, their numbers are few and far between. Universities and colleges develop many of their programs based on demand, making the focus on the high school level an important part of developing future talent, said Karen Evans, the national director of the U.S. Cyber Challenge.
"What you have to do is have a group of individuals interested in developing a specific career path," says Evans, an IT veteran who held the title of U.S. chief information officer in the George W. Bush administration. "Students don't know that these opportunities exist, and if you can try to pique their interest, you'll see a greater demand for programs at colleges."
The SANS Institute is providing the training material for the program. Students who register take a series of tutorials followed by several timed quizzes in March and April that test their knowledge in networking, operating systems and system administration. Statewide winners will get cash prizes of up to $100; winners will be announced at the end of April.
Rhode Island was among the first states to pilot the program last fall in three high schools. Officials there said the competition was successful in at least exposing the career path to young students. Now that the program is being implemented more broadly, those behind it hope it could find 10,000 Americans interested in pursuing cybersecurity.
"We don't have an efficient robust cybersecurity workforce at the ready," said Congressman James Langevin (D-Rhode Island) in a press conference kicking off the program. "We're finally challenging our young people in the area of cyber capabilities and networks."
Bertucci's Quinlan said he thinks programs aimed at high schoolers could broaden the talent pool of IT professionals, but cybersecurity may be a skill better learned on the job. Various factors make it the career path a hard-sell, he says, but those who pursue it find it very rewarding.
"Security is something that you fall into after a real-world experience," says Quinlan. "You can theorize and think you know what you need to do to secure data, but when you get into the real world you find there are different departments and people that you have to have to address. It's not a clear cut career path."
Robert Westervelt is News Director of the Security Media Group at TechTarget. Send comments on this article to firstname.lastname@example.org.
This was first published in March 2011