Cybersecurity is one of the main tasks in the world of digital commerce and payments, and it’s a task that is getting more attention from consumers, companies, regulators and others. But there’s a big problem in this realm a shortage of cybersecurity experts, the people with the training and expertise to defend retail and payments from increasingly sophisticated online criminals.
That shortage served as the foundation of a recent TWSJOURNAL discussion with Jay Kaplan, CEO and co-founder at Synack, which bills itself as a crowd-sourced penetration platform, a company that finds online security vulnerabilities for its clients. Synack was started about six and a half years ago, he said, with its founders all having cybersecurity experience at the federal government level.
Now, even as cybersecurity becomes a more important job for all kinds of companies — not least, businesses building innovative products and services, along with deeper consumer experiences, for payments and commerce — there is a shortage of professionals in that field, one reason for the move to the crowdsourcing model.
According to Kaplan, some 3.5 million cybersecurity jobs will need to be filled by 2021. “There is a massive talent crisis,” he said, and companies looking to increase their defenses against fraud, data breaches and hackings will have to deal with that issue. “Even if you hire a big consulting firm” to map out potential holes in an organization’s cybersecurity, he told TWSJOURNAL, that work is limited by what the particular consultants know and don’t know. “If you miss just one vulnerability,” he said, that can lead to financial and reputational — and perhaps even regulatory — disaster for that business.
The shortage of cybersecurity professionals is being felt across the industry and has led to various responses. As covered by TWSJOURNAL, for instance, the issue also applies to the federal government, often a training ground for cybersecurity experts who then enter private industry.
Not only that, but just 4.2 percent of federal cybersecurity workers are aged 30 and under. That compares to nearly 14 percent who are at least 60, according to figures from June 2018. Those people are charged with protecting the country’s digital infrastructure via jobs in such departments and agencies as the Department of Defense, CIA, Federal Election Commission and Department of Energy (which designs, tests and creates nuclear weapons for the U.S., among other tasks).
To help solve that problem, Mastercard recently launched a program called the Cybersecurity Talent Initiative — backed by Microsoft, Workday and 10 federal agencies (including the ones listed above) — that seeks to place recent college grads with relevant educational backgrounds into federal cybersecurity jobs, after which those professionals can stay on or join the private sector, and possibly see their student loan debt wiped out.
The shortage of cybersecurity experts also provides opportunity for new models, such as crowdsourcing, which basically involves hiring what are often called “white-hat hackers” to probe online security vulnerabilities at businesses or other organizations. “Think about your home,” Kaplan told. If you had five people bent in breaking into it, you could probably, with little trouble, figure out how they would go about it — one through the front door, for example, another through a basement window, and so on.
But if you had 100 guys trying to break in, you would run out of ideas. That’s the idea — to have as many people as possible looking for vulnerabilities that you might not be able to imagine. And those cybersecurity experts will likely be able to find those hidden, unimagined vulnerabilities. That’s largely because a good cybersecurity pro is, above most other things, very creative, Kaplan said.