FloridaWest Economic Development Alliance launched its cybersecurity strategic plan at the University of West Florida on Friday, Oct. 13, 2017. (Joseph Baucum/[email protected])
With millions of cybersecurity jobs expected to go unfilled over the next several years because of a talent shortage, the Department of Homeland Security on Wednesday hosted a career information expo at the University of West Florida to spur awareness on the high-paying jobs, there for the taking.
Jeanette Manfra, assistant secretary for cybersecurity and communications at the Department of Homeland Security, sat down with the News Journal following the department’s roundtable discussion with Pensacola government, business and education officials.
Here are three key takeaways from Manfra for those interested in entering a career in cybersecurity:
1. Civilians interested in government cybersecurity work should make connections early.
Manfra urged civilian cybersecurity students — whether at UWF, Pensacola State College or George Stone Technical Center — to establish connections with federal security agencies before their final year at school, if they plan to eventually work in a role with the government.
She said the reason to get started now stems from the time required to secure the appropriate security clearance that many government cybersecurity jobs require.
“The security clearance process takes a while,” Manfra said. “What we’re trying to look at is ways we can identify people at the intern level, where we work with them as an intern and know we want to hire them. We’ll then look at how we begin that process while they’re still in school.”
Manfra mentioned multiple internship opportunities, but added students should try to intern before their senior years. She said one possibility includes the CyberCorps Scholarship for Service program.
According to the National Initiative for Cybersecurity Careers and Studies, the program “provides scholarships to students for cybersecurity-related degree programs at select two- and four-year college and universities” in return for government service upon graduation. Florida State University, Florida International University and the University of Florida are the only listed participating universities in the state on the program’s website.
Other options include the federal Pathways Internship Program through the U.S. Office of Personnel Management and the Department of Homeland Security’s Cyber Student Volunteer Initiative.
Additionally, Eman El-Sheikh, director of the UWF Center for Cybersecurity, said moving forward, the center will try to forge more partnerships with government and military contractors in the region for students to open more local internship opportunities in cybersecurity.
“Many of the jobs in this region require contract work that requires clearances,” El-Sheikh said. “So we want to partner with government entities that create that pathway and facilitate more readily available clearances.”
But Manfra also recommended military service as an option for young adults still unsure about entering traditional postsecondary education. It could be a means for an individual interested in government cybersecurity work to find an entry point into the field.
“As a veteran, I can say it is very important and worthwhile for people to serve in the military,” she said. “It can be an entry point for individuals who otherwise maybe wouldn’t consider a career in security.”
2. Where are the cyberattacks originating from?
In assessing the current state of cyber threats to the country, Manfra divided the attacks into three primary categories: nation-state actors, traditional criminals who now leverage virtual settings to conduct activities and hacktivist groups.
Regarding nation-state actors, Manfra pointed to Russia and China as examples, countries who have increasingly leaned on cyberspace to achieve their domestic and foreign policy goals. The Department of Homeland Security in September notified 21 states that Russian government cyber actors attempted to influence their election systems in the buildup to last November’s general election, when President Donald Trump was voted into office.
“We’ve been very public about last year about Russia’s attempts to cause confusion and disruptions in our elections process,” Manfra said. “But there’s been no evidence that they were able to manipulate any votes.”
She further explained that traditional criminals have also taken advantage of digital space to carry out their operations, such as convicted darknet mastermind Ross Ulbricht, convicted in 2015 of drug conspiracy and other charges for operating Silk Road, a drug-trafficking site akin to an underworld version of eBay.
“That’s a perfect example,” she said.
Finally, Manfra cited Anonymous among the more prominent group of hackers who infiltrate systems and deface websites as part of their criminal activism. In 2016, Anonymous launched a campaign to add rainbow flags and gay pride slogans to Islamic State Twitter accounts in response to the Pulse shooting in Orlando. In August, the group announced it would target neo-Nazi and white supremacy websites after the riots in Charlottesville, Virginia.
“Their targets are usually aligned to a cause that they’re espousing,” Manfra said.
3. Communication and collaboration is key to growing cybersecurity in the Pensacola region.
With FloridaWest Economic Development Alliance releasing its cybersecurity strategic plan for the Pensacola region on Oct. 13, Manfra said a significant step in aligning local efforts to boost cyber talent and jobs in the region has already been taken.
“Now, it’s about getting everybody focused on specific actions that they need to take,” she said.
From the perspective of the private sector and government, Manfra said both should identify the assets most critical to their operations and determine how to prevent attacks from occurring to these components. In the event an attack is successful, she added both must also ensure effective response and recovery plans are already in place.
“Then of course, it’s a partnership beyond that,” she said. “You can’t do it alone. You’ve got to be sharing information within your industry and region on the capabilities for protecting assets. We need to be good about getting information out to people.”
Similarly, Manfra said the region’s postsecondary education institutions must also identify how to protect their networks and student information. But she said they must also ascertain how to bolster curricula and push students into more challenging science and engineering tracks to help build the cyber workforce.
“They must figure out how they are connecting with the government and industry to navigate that job scene,” she said.