As far as JB Holston is concerned, there are only two types of businesses: those that know they’ve been hacked, and those that are oblivious.
“Those are the only two states of the world out there right now,” said Holston (pictured), dean of the Ritchie School of Engineering and Computer Science at the University of Denver.
Internet hacks and attacks have mushroomed in both scale and sophistication in recent years, with the FBI reporting that it receives some 300,000 registered complaints at its Internet Crime Complaint Center (IC3) every year, according to the center’s annual reports. Since the IC3 was founded in 2000, the center has received more than 3 million registered security complaints, despite estimates that less than 10 percent of victims report crimes to the IC3 directly and only about 15 percent of cyber-attack victims report crimes to any sort of law enforcement agency, according to the IC3’s 2014 summary. The cumulative financial losses from 2014 complaints topped $800 million, with the median loss (for complainants who reported one) clocking in at $530.
Those increasingly costly and consistent threats — a hospital network in Washington, DC, was infiltrated just last month — compelled Holston and his colleagues to create a new cybersecurity master’s degree program at DU intended to create a pipeline of skilled cyber attack crusaders.
Launched in January, the curriculum for the new master of science degree in cybersecurity was developed with the help of several local industry leaders and will center on tracking and analyzing hacks as they occur in real time. The yearlong degree program, which boasts an annual price tag of about $28,000, is largely targeted at bolstering the skills of undergraduate computer science majors, according to Jim Treinen, a security industry leader who received his PhD in large-scale data analytics at DU and helped develop the new cybersecurity coursework.
“It’s taking that computer science degree and putting a sort of security or cybersecurity spin on that and reinforcing the skills,” Treinen said.
Treinen, who is vice president of security research at Denver cybersecurity firm ProtectWise, said a lingering skills gap in the cybersecurity industry and a ballooning crop of employers hungry for additional gatekeepers made the decision to craft a program in Denver an easy one.
“There’s definitely a skills gap in security,” he said. “There are not enough skilled humans or advanced humans, and trying to find the people who have the skill set is very tough. It’s particularly hard when we have motivated hackers… a lot of times it’s an arms race.”
Holston said that there are currently between 8,000 and 12,000 unfilled security positions in Colorado. “You can’t generate people inside cybersecurity anywhere fast enough to meet the demand,” he said.
Part of that demand stems from an influx of cybersecurity outfits in the metro area, according to Holston. He pointed to a quintet of firms along the I-25 corridor — Optiv, ProtectWise, LogRhythm, Ping Identity, and Coalfire — as evidence of the region’s emerging prominence in the cybersecurity universe.
“Security is sort of hot across the globe, and Silicon Valley is the natural place for tech in general, but it’s very interesting because there is starting to be sort of this nucleus of security companies in Denver,” Treinen said. “There are quite a few security firms… popping up in Denver and Boulder and all along the Front Range that are focused on security. We’re fostering and building a very nice ecosystem.”
One area that Treinen said is a particularly tricky niche to fill is tied to forensic investigation, which involves extracting data from computers and networks and picking apart individual bytes.
“That’s a very deep, technical skill to have and it takes… a lot of skills to get in there and read and see what’s actually happening,” he said.
For those who do develop the necessary skills, however, the payoff is hefty. The median pay for an information security analyst was $88,890, or about $43 an hour, in 2014, according to the U.S. Department of Labor’s Bureau of Labor Statistics. The BLS reported that the number of available jobs in the field is expected to grow by about 18 percent by 2024 — more than double the average growth rate across all jobs.
“There’s a lot of incentive,” Treinen said. “Due to the shortage of skills, the salaries tend to be a little bit higher, and if you have the strong education background coupled with a few years of experience it’s a great career path.”
President Obama last month earmarked more than $19 billion in the 2017 federal budget for cybersecurity initiatives, which marks a more than 35 percent increase from this year’s budget, according to a White House press release.
But Treinen added that it requires a certain strain of cyber combatant to want to carve out a career in tracking cyber crooks.
“There’s a very specific skill set that you need and a sort of specific mindset as well,” he said. “You need to want to catch the bad guys and stay one step ahead of them, or at least catch up.”
Holston said that DU is currently enrolling students for its inaugural cohort in the new master’s degree program. He said the university will start by accepting about 20 students and plans to eventually grow each incoming class to about 50 students. A second, equally sized cohort could be added in the coming years.