Keyboard wars: US turns to rookies as cyber threats worsen

Demand for internet security experts is dramatically overwhelming supply, write Sandrine Rastello and Jeanna Smialek.

Five dozen teenagers are hunched over computers in a hotel conference room near Washington. While other kids their age are playing baseball, these competitors are decrypting codes, cleaning malware and fending off network intrusions, to score points in the finals of a national cyber security contest, called CyberPatriot.

Just hours later, these very same high-school students get a glimpse of the appetite for their skills, from potential sponsors such as network equipment maker Cisco Systems. Internships start as young as 16 at companies such as Northrop Grumman, which reserves 20 spots for participants in the contest.

"We're the largest provider of cyber security solutions to the federal government, so we know that we've got to help build that talent pipeline," said Diane Miller, Northrop's program director for the CyberPatriot contest. She says there is a shortage of people applying for the 700 positions the security company has open.

Security breaches experienced by institutions ranging from Facebook to the Federal Reserve are spurring spending on cyber security. President Barack Obama describes the threat as one of the nation's most serious perils, and the Department of Defence has said the Chinese military has targeted government computers. With few specialists trained to respond to evolving attacks and most universities still adjusting to requirements, demand is overwhelming supply.

"I cannot hire enough cyber security professionals, I can't find them, they're not qualified," said Ryan Walters, who founded mobile data security company TerraWi in 2009. Walters helped prepare 48 students who competed in the CyberPatriot contest this year. Twelve made it to the finals. He says he has received calls from companies and government agencies to interview his proteges.

"I love the activity - it's like a passion," said Ramon Martinez-Diaz, a 16-year-old coached by Walters. "But it's also great that there are so many job openings."

Listings for cyber security positions rose 73 per cent in the five years to 2012, 3½ times faster than postings for computer jobs as a whole, according to Boston-based Burning Glass, a firm that collects data from more than 22,000 online jobs sites.

"You have to scratch your head and ask whether the supply could possibly keep up with that," said Burning Glass chief executive Matt Sigelman.

There were 64,383 jobs related to cyber security listed for the 12 months to April, about 3 per cent of all information technology positions, according to the company.

To prepare the next generation of specialists, the US federal government's National Security Agency is working to strengthen college-level education through its National Centres of Academic Excellence in Cyber Operations program, which gives a designation to universities that meet curriculum and other criteria.

Companies and government agencies are finding many candidates coming from college programs inadequately prepared for highly skilled jobs crucial to cyber security, said Frank Reeder, former senior official at the US Office of Management and Budget responsible for information policy. "In the cyber security world, it's still a little bit of the Wild West," he said.

The threat of cyber attacks has for the first time become a greater concern than terrorism, James Clapper, the top US intelligence official, told the House Intelligence Committee. A spate of recent disclosures by corporations about security breaches include Facebook, which said it was targeted by hackers in January who installed malware on laptops used by company employees.

The Federal Reserve said in February intruders breached a website used to stay in touch with banks during emergencies, though no critical operations were affected.

Companies and governments are boosting spending on cyber security. Mr Obama's 2014 budget recommends more than $US13 billion for computer network security, about $US1 billion more than current levels, including a 21 per cent increase at the Pentagon.

US companies and public sector organisations will raise outlays on computer security to an estimated $US89.1 billion in the fiscal year ending in October, more than double the 2006 level, according to data collected by the Ponemon Institute.

Increased awareness of cyber risks means more business for Boston-based Rapid7, which sells security software to small and medium companies and has more than tripled in size since 2011, now with 350 employees.

"The challenge for us is finding the balance of the skillset with the cultural fit," said company spokeswoman Christina Luconi. "There's a lot of really talented hackers or people with cyber security skills - it's finding those folks who want to use their skills for good, not evil."

As a result, workers the company seeks are often being courted by other employers, she says.

That shows up in pay: in a survey released in February of more than 6300 US information security professionals, 62 per cent had received a pay increase. Seven per cent reported a raise of 10 per cent or more, with the average worker earning $US109,156.

Even those without college degrees are commanding good salaries. A participant in last year's CyberPatriot contest earned certifications and went from high-school to a job paying $US62,000.

Bloomberg