Cybercrime damages cost the world $3 trillion last year alone, according to a recent report from Cybersecurity Ventures, and that figure is expected to double by 2021, putting it on par with the current sum of U.S. corporate debt. This catastrophe will probably worsen before it improves. As smart-home technology spreads through the Internet of Things (IoT), a Security of Things (IoT) infrastructure will need to come with it.
Unfortunately, there are too few people with the expertise to build it—or, for that matter, to meet the widening range of other cybersecurity challenges impacting everything from banking to statecraft. In other words, there isn't just one type of cybersecurity—there are manifold sectors with different hubs in different parts of the world, including places far afield from Silicon Valley, where top tech talent likes to cluster.
As cybersecurity issues and the skills gap compounding them get even more global, one company is aggressively building an internship program to tap into affordable talent all around the world. But will it be enough?
BullGuard is a U.K.-based personal security company, but it's found a rich seam of talent in Romania, where it also has offices. The company recently gained a foothold in Israel, too, after acquiring the pioneering SoT company Dojo Labs last month.
For a company like BullGuard, which maintains four global offices altogether, hiring in multiple locations around the world isn't optional—it's just necessary. But CEO Paul Lipman says it's also unlocked a hidden advantage that firms based in tech hubs like the Bay Area may not grasp. "We’ve had great success with an intern program that we kicked off this summer in Bucharest, where there is a hub of cybersecurity talent," he explains.
Since cybersecurity is a relatively new field, professionals in the sector tend to pick up expertise on the job. It's only more recently that universities have started seriously ramping up programs. But BullGuard finds that's been happening internationally, not just in the U.S., so it's making moves to tap into those talent pipelines pretty much as soon as they're constructed.
With its new Romania-based internship program, Lipman explains, "We took computer science students with cyberexperience in their college studies, and put them into our more innovative projects over the summer. It’s been a real win-win. We get access to new blood [and] fresh thinking, the interns get valuable real-world experience, and we build a relationship with the university."
Establishing this ability to "hire straight out of college," Lipman says, "is another way to overcome the cyberskills shortage in the wider marketplace," without having to compete for the most high-cost professionals in the priciest talent markets.
Next year, BullGuard plans to expand its intern program in Bucharest and elsewhere around the world, then bill that global presence as a key advantage to promising new hires. It's hoping that the chance for Romanians and Israelis to work for the company in London and California, for instance (and vice-versa), will prove a tempting carrot and lay the groundwork for a loyal workforce—at a time when cybersecurity companies like BullGuard need that most.
Others are more circumspect that this will work. Gary Hayslip is one of the world’s foremost experts on cybersecurity and San Diego’s chief information security officer. San Diego is another center of cybersecurity know-how, not least because of its long historical connection with the city’s huge naval base and the head office of Qualcomm. Hayslip believes much more needs to be done than recruit graduates.
In the U.S. alone, he says, "there are thousands of unfilled cyber positions, and there aren’t enough schools to produce the people for these positions, but in the last three years I have seen a major growth in colleges and universities offering classes and degrees in cybersecurity." So have companies like BullGuard, which are moving to scoop them up.
"However," says Hayslip, "popping out a bunch of squeaky new graduated cyberanalysts doesn’t fix the issue because cyber is a multifaceted discipline that goes beyond classwork; you need experience."
It'll take more than creative partnerships between companies and universities to close that gap, he believes. The public and nonprofit sectors both have roles to play "so our next generation of cybersecurity professionals have an organization to protect and learn their discipline. We as a community must get involved if we expect to solve the problem," he says.
If Hayslip is right, BullGuard’s Romanian internship program would still appear to be ahead of the game. But to some extent, he feels, businesses like it are still swinging in the dark. "I don’t think companies truly understand what they are trying to hire," he says. "I have seen numerous organizations trying to hire a 'unicorn'—basically a cybersecurity professional with skill-sets across multiple fields such as firewalls, forensics, cloud security, open source tools, compliance-regulations audit, and so on."
Those candidates don't come around that often and are often prohibitively expensive, Hayslip says. "Trying to hire that rock star is not the best way to go," he continues. "It’s better to hire two or three junior- to mid-level security analysts, mentor them internally, and build that rock star team."
That's ultimately what BullGuard is trying to do, even if, as Hayslip argues, it may not be able to do it alone. The hope, though, is that making job-experience opportunities more accessible and attractive to a truly global talent pool (ideally with the support of nonprofits and government groups), the industry can bring down the high costs of staffing cybersecurity positions, and do it fast. Let's hope it can. More and more depends on it every day.