One in an occasional series
The nation's future cyber sleuths are in training in a third-floor classroom in Drexel University's Bossone Hall.
Even as security breaches make headlines - the alleged Chinese hack attack on the U.S. government's federal personnel records in June, the compromise of 1.1 million Neiman Marcus credit cards in January - Kapil Dandekar's wireless network security class practices hacking into and defending make-believe information networks and communication systems.
"The size of the security threats out there is staggering," said Dandekar, a professor of electrical and computer engineering. "To hear about all of the attacks happening right now, I'd say there's high demand for people with knowledge who can understand these attacks."
When Dandekar's students earn their post-graduate degrees in cyber security, they will join one of the nation's fastest-growing occupations, as projected by the U.S. Labor Department's Bureau of Labor Statistics.
Every two years, the bureau issues a report on the fastest-growing jobs, with the latest projecting job growth to 2022. The next, projecting jobs to 2024, is expected in December.
The job market for information-security analysts, including cyber security professionals, is set to grow 36.5 percent by 2022, with 27,400 jobs being added, the bureau predicted.
"The statistics are not surprising to me," said Steven Weber. "Over the past year as the director of the Drexel University Cybersecurity Institute, I've spoken to local and international companies. The story is always the same. There's a growing cyber threat."
Drexel launched its cyber security master's program last fall. Many universities are introducing similar undergraduate and postgraduate programs. In class, the students hack for information and jam make-believe networks and communication systems. They then present the information they managed to hack.
Apart from hacking, they also encrypt information for transmission, study authentication, and learn how to identify impostors and block transmissions from dubious individuals. These are all make-believe networks built by Dandekar and his teaching assistants.
Groups that track hiring in information security already are reporting increased demand.
Worldwide, there is a shortage of one million information security professionals, according to an estimate by Cisco Systems Inc., a California-based network company that publishes an annual security report.
The Computing Technology Industry Association, CompTIA, an Illinois-based trade association for the technology industry, reported that job postings for information security analysts in the U.S. more than doubled - 13,577 to 28,642 - between the second quarter of 2014 and the second quarter of this year.
Yoh Services L.L.C., a Philadelphia-based staffing company that specializes in engineering and technology, saw a dramatic increase in postings, too. In 2014, 58 of 752 tech jobs filled were for cyber security. This year, as of the end of July, Yoh had filled 92 cyber security jobs out of 458 tech requests.
One problem is that the field is evolving so quickly that businesses do not understand what kind of cyber security specialist they need, said Frances "Candy" Alexander, board member at the Information Systems Security Association, a nonprofit organization for security professionals.
Most of the time they end up disappointed with their hires, said Alexander, who has been an information security analyst for more than 25 years.
"We've seen companies saying they need a chief security officer or security manager when all they need is someone to set up firewalls or police network traffic to make sure there are no threats or intrusions," she said.
To bridge the gap, companies should consult their own information technology departments, consultants, or professional recruitment sites that specialize in cyber security or information technology, she said.
Salaries for information technology security professionals range from $60,000 to $70,000 for entry-level jobs, according to CompTIA. The labor bureau reported that the median salary in 2012 was $86,170. The lowest 10 percent earned less than $49,960, the top 10 percent more than $135,600.
James Stanger, senior director of products for CompTIA, said the trick to being a competitive hire is to have a college degree, certification, and experience.
"I've seen people with professional expertise coming in without college degrees and do well. But, in general, you need all three," Stanger said.
He suggests that, if an internship is not possible, volunteer at a community center or any nonprofit or religious establishments to gain experience.
At Drexel, Weber said he strongly encourages graduates to pursue additional certification to stay abreast of the ever changing technological landscape.
"At colleges, the goal is to teach foundational knowledge that will be relevant to a student's career in the next 30 to 40 years. Certs have a shorter-term goal. They're relevant for today's marketplace," he said.
Jake Kouns, chief information security officer at Risked Based Security in Richmond, Va., is cautious about certifications but emphasizes college and work experience.
Certification, he says, should be used to complement a college education and work experience.
"Certs provide good material. But they can't substitute real-world experience or problem-solving and critical-thinking skills that college teaches," said Kouns, who has four professional certificates.
What makes a good information security analyst?
Be adaptable, embrace change, and keep on learning, said John P. Donohue, associate chief information officer of technology and infrastructure at the Hospital of the University of Pennsylvania.
"Cyber security is not something you want to take lightly," he said. "It's a commitment to improving your knowledge and education in a dynamic security landscape."