When information security experts gather in Las Vegas this weekend for Black Hat USA, the industry’s largest annual conference, they will have a lot of things to worry about.
The continued threat of state-sponsored hacks, unprecedented ransomware worms such as WannaCry and growing susceptibility of U.S. critical infrastructure top the list.
Unlike with many industries in Las Vegas, job security won’t be one of them.
As more and more objects — like homes, cars and infrastructure — connect to the Internet every day, hackers simply have more things to target.
Gartner Inc., a research firm, forecasts that 8.4 billion objects around the world will be connected to the Internet this year, up nearly one-third from last year. By 2020, that number will more than double to 20.4 billion.
Keeping those additional billions of connected objects safe will require a global army of information security specialists.
The problem is that the world is already experiencing a deficit of cybersecurity personnel.
“The shortage of information security professionals is the most acute perhaps in the 20 years that Black Hat has been around,’’ said Tim Wilson, co-founder and editor in chief of Dark Reading, an industry news source. Dark Reading and Black Hat are owned by UBM.
Black Hat USA, which will be held at the Mandalay Bay, attracts more than 15,000 cybersecurity specialists representing both private industry and government from approximately 100 countries. The event has grown more than six-fold since 2005 as cyberattacks become more prevalent and as the monetary and reputational losses from breaches grow.
This year’s attendees include security representatives from American Express, Exxon Mobil, Lockheed Martin, Sony Music, the Department of Justice and the U.S. Department of State. Nearly 300 companies will be on hand to exhibit their cybersecurity solutions.
The event is closed to the public.
The six-day event, which starts Saturday, includes four days of technical training in topics such as digital forensics, advanced hardware and infrastructure hacking. More than 70 courses will be offered. The final two days on Wednesday and Thursday will feature briefings on a range of issues like phishing and threats to power grids.
Facebook Chief Security Officer Alex Stamos, who is responsible for protecting the social network’s 2 billion monthly active users, will deliver a keynote Wednesday highlighting how security has failed to keep pace with the importance of technology in people’s lives and how to confront that problem.
Black Hat, now in its 20th year, will for the first time focus on promoting women in the industry as a way to attract talent and help solve the labor shortage issue. Women account for only 12 percent of security specialists, Wilson said.
“If we had as many women in the InfoSec workforce as we have in other industries, it would certainly make up for a good chunk of the shortage,” Wilson said.
The cybersecurity workforce gap is on pace to hit 1.8 million by 2022, a 20 percent increase over 2015, according to a June report published by the Center for Cyber Safety and Education. Cybersecurity Ventures, another industry research firm, puts the global labor gap much higher, at 3.5 million.
The gap can not be closed quickly simply by pumping out more university graduates, say headhunters. Tim Howard, a managing partner at Fortify Experts, a cybersecurity search firm based in Texas, says most of the people he places in security jobs are between their mid 30s and late 40s with many years spent in network or application development.
“Now we are at a point where the new cyberthreats are really advanced and someone out of college doesn’t have the experience to deal with them,” said Tim Howard, who will be attending Black Hat.
Howard said a security architect can earn 15 percent to 18 percent more than a standard network architect, with salaries sometimes reaching $200,000 or more.
Las Vegas casino companies, the Clark County Department of Aviation and Northrop Grumman are among companies looking for information security specialists, according to a LinkedIn search. Cyber Coders, a Silicon Valley-based headhunter, is seeking two network security engineers in Las Vegas with a yearly salary between $120,000 and $150,000.
The worker shortage is one of the factors behind the belief among the nation’s security community that the country and its companies aren’t well-prepared to defend themselves.
According to a recent poll by Black Hat of its conference attendees, roughly two-thirds said they don’t have enough staff to meet threats and expect their own organization to experience a major security breach in the next 12 months.
Nearly as many expect a successful attack on U.S. critical infrastructure in the next two years.
The downbeat forecast is exacerbated by what security industry employees say is a lack of understanding between IT departments and those running a company.
“Security pros say they continue to struggle with corporate management that sets priorities differently than they would,” according to the Black Hat poll.
Correction: This story has been updated with the correct spelling of the name of Facebook Chief Security Officer Alex Stamos.
Contact Todd Prince at firstname.lastname@example.org or 702-383-0386. Follow @toddprincetv on Twitter.