SYRACUSE — A professor at Le Moyne College says the U.S. has a lot of available jobs in cybersecurity and not enough people to fill them. James Enwright, professor of practice in cybersecurity, pointed to data on website Cyberseek.org, which indicated that the U.S. has more than half a million job openings in cybersecurity nationwide, […]
SYRACUSE — A professor at Le Moyne College says the U.S. has a lot of available jobs in cybersecurity and not enough people to fill them.
James Enwright, professor of practice in cybersecurity, pointed to data on website Cyberseek.org, which indicated that the U.S. has more than half a million job openings in cybersecurity nationwide, including 500 openings in the Syracuse area alone.
The number of employees currently working in cybersecurity in the U.S. totaled 997,000 based on the latest results, with 504,000 open jobs in the sector.
“So one-third of all cybersecurity positions are currently open. That is a huge problem … finding people who can do the job, that have the basic skills,” he adds.
Le Moyne College started its bachelor’s degree program in cybersecurity in 2017. It currently has 28 students enrolled as cybersecurity majors. About 10 students also have a minor in the same topic.
Careers in the field can be lucrative, starting right out of school.
“I think as parents hear the average starting salary for a security analyst is $85,000 they’re going to be more motivated to potentially push their kids … toward this degree because it’s job security,” says Enwright who spoke with CNYBJ on Nov. 20 in his Le Moyne office.
With a cybersecurity degree, graduates can pursue jobs that include forensic investigator, computer crime investigator, auditor, chief security officer, ethical hacker, security engineer, risk manager, system and network administrator, cybersecurity analyst (compliance and governance), cybersecurity attorney, per the degree program’s page on the Le Moyne College website.
Enwright noted that entry-level positions available in the sector include security analyst, information-security analyst, and security engineer.
“These are basic jobs where students will get in in an entry level at an organization and a lot of what they’re doing is … what the business needs. If it’s a small business, they could be wearing multiple hats. If it’s a much larger organization, [the job duties] can be very specific,” says Enwright.
Interdisciplinary
Enwright says a lot of people believe that you need to be “incredibly technical” to get into cybersecurity, but “you really don’t.”
For example, you can become an attorney and focus on cybersecurity law. “And there’s a number of new laws and regulations that are currently being passed with regard to cybersecurity,” he notes.
Le Moyne says its cybersecurity degree program is “interdisciplinary,” drawing from computer science, political science, anthropology, criminology, and sociology. The program emphasizes skills such as critical thinking and communications.
The program offers three different tracks that a student can pursue, according to Enwright. They include the information and systems security track and that focuses more on the technical side of cybersecurity. It also has crime, society, and culture, which actually focuses on the criminology and societal impacts. The program also has a policy and law track, which examines topics such as cyberwarfare and the legal aspects of cybersecurity.
“Any students that come through, will get a flavor of all three of those areas,” says Enwright.
Defining cybersecurity
Enwright defines cybersecurity, or information security, as “the act of protecting of our data and systems with regard to confidentiality, integrity, and availability [or CIA].”
“So, we call that in the cybersecurity world the CIA triad,” he added.
He went on to explain that confidentiality is the act of protecting data to ensure that the data or the systems are not accessed by anybody that’s not authorized.
“So, when you think confidentiality, think a data breach … getting hacked, losing credit card numbers,” he notes.
Integrity is making sure that the data is not manipulated or corrupt and the data is reliable. He suggests, when you think integrity, it’s almost like a bank-account number because the data “can be relied on.” Imagine, he says, if your bank-account number was switched with your social-security number (or something that represented you) and you couldn’t rely on that data anymore. “That’s an issue with integrity,” he says.
The last part, he says, is availability, or making sure that the data is available when you need it. When you think of attacks against availability, Enwright says think of a denial of service attack, or when somebody targets a network to try to take down a web server.
Availability also means having the data when you need it. A ransomware attack, he says, is a type of attack that targets availability. Those happen when somebody gets on your network and encrypts your data or your system, so that you no longer have access to it. When they encrypt it, there’s usually a key associated with it. You pay the attackers a ransom and they’ll give you the key that allows you to unlock or decrypt your data.