Black Hat Seduction: Mitigating the migration of qualified professionals to the dark side

0

By Brenda van Rensburg

The statistics are out. There is going to be a skill shortage in the very near future. Security Ventures has predicted that there will be about, 3.5 million unfilled positions by 2021.[1] However, if you look at the current trends, it is the complete opposite.  In Perth, Hays recruitment placed an advert for a “Cyber Security Analysis”.  By the end of the week, this position had over 106 applications and 361 views.  In Melbourne there is a job for a middle tier position as a Cyber Security Manager. This job has 94 applicants.  If we head over to New York, there is a Cyber Security Sales position with 378 applicants.  If cyber security skills are in such high demand, why are there so many applicants for a range of cyber jobs?  More importantly, why are we continually encouraging more people in this field, when the current people can’t even get jobs?  Who has to gain from the ‘alleged prediction’ and what happens to the people with a skill set they can’t get a job with?

In 2014, CISRO made a prediction that the industry will be short of more than 1 million professionals. [2] We can clearly see that this is not the case.  According to John McAfee, there are two job openings for every qualified individual.[3]  Maybe the individuals that are applying for different roles are not qualified?  Or maybe, the industry does not know what they want.  If you look at some current job ads, you will notice a request for a cyber superhero with certificate of every acronym that is listed in the ‘cyber acronym dictionary’? And while you think that this would only fit one individual, I can guarantee you that this job had 121 applicants.  Obviously, a number of cyber superheros in the world.

Cyber Security, although a predicted skill shortage, is not void of certification.  In fact, it is one of the industries where educational institutions have seen a huge marketing opportunity and have offered cyber security degrees/certification.  Being a recognized facility, coupled with the use of common used media statistics, people are lining up to get a head of the curve.  Outside of the possibility that most of these individuals already have a good foundation of ‘hacking’ skills, education facilities are scrambling to provide an education for a platform that is evolving rapidly.  According to emerging future, technology doubles every 11 months.[4]  This means that by the time you complete a degree in Cyber Security, most of the information you learnt, will be history.  It is probably why IBM hire individuals without a degree.[5]

According to Business Insider, a black hat makes an average of $80,000 per month.[6] No certification is needed.  When a student completes their university degree, they are faced with an average of $36,000 debt which could be offset by a possible entry level job of $45,000.  Notably a job that is not guaranteed, and clearly given the mistake of statistically facts, a position that probably will not be there when they graduate. However, they will have a very unique skills set.  A skill set that could be compared to that of a trained marine.  The only difference is that these individuals know how to move in and out of a system without being detected.  They are also able to acquire data and sell it on sites which are, most often, hard to track.  Furthermore, they love to be paid in bitcoin.[7] And with more, and more retailers accepting bitcoin, means that a career on the dark side of the fence is a little more alluring.[8]

As a result, what we will be facing is not necessarily a job skill shortage in the cyber sector.  What will most definitely could expect is an increase of individuals with a unique skill set that would make Bryan Mills (a.k.a Liam Neeson in Taken) look like a ‘private’.

While everyone is scrambling to make a ‘buck’ from selling a dream that may have a nightmarish ending, very few are thinking of the long-term impact.  Cyber Security skills in the wrong hands could be catastrophic.  Tie that with someone who has spent a lifetime in a digital landscape and a number of years acquiring a certification for job that may not exist, then you will most definitely have an equation for disaster.  After all, survival instinct is extremely powerful.[9]  When you place someone in a desperate situation, it is highly likely that they will apply desperate measures.  If these measures mean dancing with black hats, then there is a strong chance that ethics will not longer be part of a solution.

In conclusion, to reduce the migration of our qualified professionals to the darker realm of the digital landscape, we must take on equal responsibilities to offer them a role in which they can continue to contribute positively to the community and support themselves financially.  Whilst it is unlawful to ‘hack into sites’ without an owner’s permission, a person with significant amount of skills will most definitely dance with the concept of being a ‘black hat’ because they too have bills to pay.  Notably, we tend to turn to the private sector to pick up the pieces and offer jobs which were spurred by agencies outside of this area.  However, the responsibilities of ensuring an opportunity of our digital citizens, should fall on everyone’s shoulders who are encouraging people into the cyber industry.   Everyone that is capitalising off the alleged prediction of a cyber security skill shortage, should be equally responsibility in assisting these individuals with acquiring a job.  Unfortunately, when reality does not meet prediction, we are left with the same line that is given to every career decision taken: “We cannot guarantee you a job with this degree, but you have a better chance of one”. Unfortunately, for a country as a whole, we have a rising number of skilled individuals that have shifting ethics, values and morals.  These same individuals will quickly work out that there is a more seductive opportunity on the darker realm of cyber than remaining hopeful that ‘one day’ they will get that job.  The question that we are facing now: “What are we going to do about it?”

[1] https://cybersecurityventures.com/jobs/

[2] https://www.csoonline.com/article/3201974/cybersecurity-job-market-statistics.html

[3] https://www.csoonline.com/article/3201974/cybersecurity-job-market-statistics.html

[4] http://theemergingfuture.com/speed-technological-advancement-ten-years.htm

[5] https://www.cnbc.com/2017/11/07/why-ibm-wants-to-hire-employees-who-dont-have-a-4-year-college-degree.html

[6] https://www.businessinsider.com.au/we-found-out-how-much-money-hackers-actually-make-2015-7?r=US&IR=T#forums–the-online-places-where-cybercriminals-sell-their-goods-1

[7] https://www.coindesk.com/coinbase-white-hat-hacker-dont-want-bitcoin

[8] https://www.lifewire.com/big-sites-that-accept-bitcoin-payments-3485965

[9] https://www.psychologytoday.com/au/blog/the-power-prime/201206/is-our-survival-instinct-failing-us

Share.