The talent gap has been on the minds of everyone in the cybersecurity field for the past few years, with any number of attempts to get a handle on the issue from the certification authorities and online course aggregators – CompTIA, Cybrary, CyberVista, (ISC)2, ISACA, SANS, the list goes on.
Most recognize that this is a major issue. And yet, there are still nearly 600,000 cybersecurity job openings in the United States, according to Cyber Seek. So what could be done differently?
Miami training company ThriveDXUSA – formerly HackerUSA and a subsidiary of the Israel-based company – has some ideas that show enough promise to grab the attention of investors. NightDragon announced a $75 million investment Thursday, while Prytek funneled $20 million to the business on top of the $110 million it already invested into ThriveDX over the past three years.
“The skills shortage is the single biggest crisis facing the cybersecurity industry today,” said David DeWalt, founder and managing director of NightDragon. “Without companies like ThriveDX that help us educate early and often, we don’t stand a chance against attackers today or the threats of tomorrow. We are proud to invest and help ThriveDX continue to deliver solutions that address this essential mission for companies and our national security.”
Dan Vigdor, ThriveDX’s enthusiastic co-founder and co-CEO, said the company offers certification programs in tandem with the adult education arms of major universities; with the new funding that will expand to integrate cybersecurity coursework into university undergraduate and graduate computer science, and engineering programs. ThriveDX also works closely with large corporations such as Toyota, Microsoft, Bank of America, PWC, and Intel to offer full-service cybersecurity training programs to the technology staffs and employees who want to retrain and learn more about cyber or other technology areas.
ThriveDX partners with New York University, the University of Michigan, and San Diego State, among many others, to offer a 10-month, 400-hour, immersive certification program in cybersecurity. Vigdor said that the certification program targets people looking to change careers, primarily people in the 26- to 36-year-old demographic without computer science or engineering degrees. Students can start by taking a 30-hour intro course for between $180 and $500 to see if they believe the field makes sense for them. If they do, the certification course costs between $15,000 and $18,000.
“We market a new career, a new job opportunity,” Vigdor said. “When you do the 30-hour intro course, you do labs and you get the confidence that you can actually do this. Everybody can be a cyber analyst. You don’t have to have a genius IQ or be excellent in mathematics and physics, you just have to have motivation. If you sit in our class and you train and you want a job, you’ll get a job.”
An NYU announcement from last summer touted the certification program as an opportunity for learners to gain proficiency in IT, networking, information security, and data analytics and forensics. They also will acquire the wide range of skills required to pass the industry’s most rigorous certification exams: Linux LPI Essentials, Cisco Certified CyberOps Associate, CompTIA Network+, CompTIA Security+, CompTIA CySA+, AWS Certified Cloud Practitioner, and (ISC)2 SSCP. Upon program completion, learners receive a Certificate of Completion in Cybersecurity from the NYU School of Professional Studies.
The concept of venture going to a business focused on education and training, rather than emerging technology, is not a typical one. But it's acknowledgement that technology alone will not address today's threat landscape.
Indeed, Casey Ellis, founder and CTO at Bugcrowd, said cybersecurity is a human problem — and there aren't enough humans to go around. Ellis said Bugcrowd has seen an incredible appetite for training and growth, not just among new entrants to the field, but also those looking to level-up their skills and career path.
“This is a huge investment addressing a significant problem and potential market, and I'll be very interested to see where it goes next,” Ellis said.
John Bambenek, principal threat hunter at Netenrich, said there’s a huge need to build a pipeline of students into cybersecurity, ideally without telling them they need to get a master’s degree and then spend $15,000 on training and certifications just to get their first job as a Level 1 SOC analyst.
“Academia has struggled to keep courses fresh and deliver relevant training to their students, so there’s a real market to be tackled here,” Bambenek said.
In the words of Candy Alexander, board president of ISSA International, "it's time the level of investment meets the level of need for trained cybersecurity professionals,."
That said, she also offered a word of caution: "Take into consideration the whole lifecycle of one’s cybersecurity career – from pre-professionals to include internships and apprenticeships, all the way to the CISO role and beyond to retirement. The industry doesn't need another certification."