Security for young people is something I care about. We need to make an investment whether it be time, money or support or university outreach, to get younger people (preferrably students) to see security as a viable, exciting and worthwhile career. The real question is, how?
Shortage of staff in a $2bn+ niche industry. Great incentives, can be thrillingly fun and of only medium stress (which is a pretty good stress level considering other jobs). Why aren’t comp sci students flocking to security? Why is it so hard to find skilled infosec people. I personally feel as if education is the problem. We’re slowly working towards a higher focus on security in University. But that’s slow. We have CySCA, but that’s once a year and doesn’t teach much as much as it looks for talent. I guess the write ups are a great learning resource, but do many students not already interested in security look at them?
I would like to suggest three potential solutions to this problem.
- The creation of official security societies within computer science courses across universities.
- Proper. Technical. Security. Degrees.
- Bug bounties.
If we are able to make societies where comp sci students can comfortably participate and learn – they might, just might, think of security as a full time gig.
If we can create proper technical degrees for information security (sidenote: have you seen the frieking course outline for the masters in “cyber” security? – sponsored by the NSA). This degree is pretty much been nominated as the de facto best technical security degree. We do have a few degrees in Australia that teach information security, but none I’ve seen that go in technical depth like the one I linked above. I think it’s a great start though.
If we can raise awareness for bug bounties and how low the barrier is for participation, perhaps we can get a few more students (of any age) to participate (in the slightest) in this industry. I am trying personally, but there’s still a lot of work to do.
For problems one and two, I feel that there is still a lot of work to do and we’re slowly getting there. But this post was more just a brain-dump and a way to express my thoughts and passion in why we need to work harder to get more people to think that security is a worthwhile career.
If you’re student right now, check out the following:
 Your local universities security society (if there is one)
 Technical infosec courses around Australia.
or… just contact me, and I’ll see what I can do to help you out.