The recent ransomware attacks on Colonial Pipeline and meat producer JBS have exposed a longstanding problem: a profound lack of cybersecurity experts.
There are thousands of openings in the field and demand is expected to grow. The Bureau of Labor Statistics reports that jobs for Information Security Analysts is projected to increase by 26% through 2026. That’s nearly four times the average for overall job growth.
Wichita is hoping to catch that wave.
Several local universities – including Friends, Wichita State, Butler Community College and Wichita Tech – are now offering cybersecurity degrees and certificates.
Two national cybersecurity firms – Novacoast and Millennium Corporation – have opened offices here this year. Both cited the area’s educational programs and existing cybersecurity talent as major draws.
Ashley Scheideman is executive director of FlagshipKansas.Tech, a trade organization for the state’s tech sector. She recently talked with Tom Shine and The Range about what cybersecurity experts do, why the field has had trouble attracting talent and Wichita’s push to become a player in that field.
The interview was edited for length and clarity.
Tom Shine: Tell me, kind of in a nutshell, what do cybersecurity experts do?
Ashley Scheideman: So it's the job of the cybersecurity professional to find out where those holes are, find out where those attacks are coming from, figure out how to patch those holes and really look at the companies that they're working with or the companies that they're in and try to find those holes themselves; to defend their companies against those malicious attacks.
The ransomware attack on Colonial Pipeline (last month) really brought the issue of cybersecurity and whether we're really prepared to the forefront. But I'm guessing it's really an issue that has existed for a long time. Is that correct?
The more data that we have out there and the more technology that we're using, the more susceptible we become for hacking and for cyber attacks.
So it's been around for a while, but it's really come to the forefront, and I think is why cybersecurity professionals are in such high demand now.
Why has the field had trouble attracting potential employees? Has it been more of a training issue?
The training issue is definitely there … because prior to the past couple of years, we haven't had a lot of training programs in place. We've had more software writing, programming, those types of programs in place.
And so I think as the need for cybersecurity has increased over the past couple of years, it's really made us see that we need to increase those educational opportunities to get the cybersecurity professionals up to speed and with the skills that they need in order to be desirable by companies.
Wichita's put together kind of an educational hub … of cybersecurity programs at several schools. How did that all develop?
I think they definitely saw a need for cybersecurity as these hacks and infiltrations were becoming more and more prevalent. I think that they saw a need for companies to understand that they need a line of defense against being hacked or infiltrated.
What I think is fantastic about the Wichita area schools is that they are all working together. … They see such a high need for this type of professional to be in our workforce here in the Wichita area that they're making the path to achieving this relatively easy for individuals who want to go into this line of work.
Fair to say that Novacoast (and later Millenium) came here, in part, because of the educational programs we have here?
I would wholeheartedly agree with that. They saw that we have workforce development opportunities in place for cybersecurity professionals. We have the educational system in place.
It's a very attractive location to cybersecurity companies who want to grow and want to be able to employ people directly in our city.
What is Flagship Kansas' role in increasing the number of cybersecurity experts that the state produces?
We're doing a couple of different things. One has to do with just awareness of the issue. We're trying to raise awareness of the educational opportunities for people to take in order to become cybersecurity professionals. And then we're working with the local cybersecurity companies in that workforce development and trying to help place people, just trying to help bridge that gap and make companies aware that we do have cybersecurity professionals in the area.
Hard to believe that a company of any size or government agency … does not have cybersecurity people on staff.
You would think so. I think that some companies fall back on McAfee or one of the (personal computer security) programs, and those are great. … You absolutely need to have those. But depending on your industry and the information that you are storing, you need to make sure that you're evaluating that information and your level of cybersecurity threats, and then what you're doing to defend it.
From what I've read, it seems like the bad actors … are getting pretty aggressive and pretty good at this, too. So it seems like there's a little bit of a race there between (training more cybersecurity professionals) and the bad guys.
There is. I would say there are more bad guys out there trying to get into our information then there are people defending it, and that's why we need more people in the field. But that's also why cybersecurity professionals are so important because not only are they just defending against the malicious attacks, they're actually out there trying to hack their own companies, trying to find those holes.
So, like you said, it's a race: Who can find those holes in that company information first? And hopefully, it will be the cybersecurity professional and not the malicious person.