The Myth of the Tech Talent Shortage and The Cost to Your Business
The salary of 3 entry-level cyber professionals is a lot less than the 30$m ransomware attackers are asking for.
This post is getting attention again: Hi. I like to think I’ve gotten less angry than when this was posted (I still think it’s true, the times have changed with COVID-19, and I could have worded this more constructively). I’m pivoting to different areas of tech; Check the services and projects tag.
It’s still BS that there aren’t more part time positions in tech. For an industry that prizes itself on being “Open to all”, there is room for improvement.
Updated November 29th, 2020
Newark, New Jersey
What do they have in common?
They have been the victim of serious cyber-attacks on their infrastructure. Said attacks cost the affected city governments and companies more than 30$million dollars.
A big part of the trouble is user education. Educating people is not the easiest job, especially regarding technology. Cybersecurity professionals don’t make it easy — By their own admission.
Why are cities a growing target?
Because hackers know that cities often have stretched funds, and that the governments are populated with people who think IT and Cybersecurity are not necessary.
They know cities and the people who run them aren’t learning quickly enough to stand a chance against them, and that even the poorest cities can have a fund a single life.
I wonder if the people who attack cities tried to get legal Cyber jobs, but were turned away at every aspect?
Baltimore, in particular, is doing pretty poorly; Using outdated practices by its own IT people. This is a tough job, yes, and it’s easy to get lax when you’re dealing with users who want things ‘easy’ and not secure. Mistakes will happen, and nothing is infallible.
This is about protecting a city’s government and public infrastructure. Standards should be in place, and there is only so much one can do if they do not have the support they need.
While the methods of how they used backups aren’t clearly stated, I can guess -
- Backups once a year instead of once a month.
- Said backups being kept on-site instead of somewhere else directly attached to their production network.
- Probably stored on several physical mediums on the premises.
There were also ‘important’ people keeping files on their computers that were also compromised during an attack.
As of November 28, 2020 Baltimore has been hit again — This time, closing schools for 2 days.
The ‘cyber’ or ‘tech’ shortage? It’s a lie. So, the question is;
When will cities be willing to pay Cybersecurity and IT professionals and those who wish to learn?
The salary of 3 competent cyber professionals is a lot less than the 30$m ransomware attackers are asking for.
“But no one has the experience!”
Systems can never be 100% secure, even if you remove them entirely from the internet — and in 2020, that’s something you can’t afford to do.
There is no shortage of IT and Cybersecurity talent; Just a shortage of people who realize they need it until it is too late. You don’t value your data, or the trust of the people whose data you have.
The 2019 ransomware attack on Baltimore? It’ll cost at least 18.2$million dollars.
Maybe that’s worth hiring a Cybersecurity professional or 3 - Even with relocation involved.
And if you’re going to keep it in house, audit your machines yourself, look for machines that may have open ports an attacker can sneak into, backup your data, and good luck when the next attack rolls around.
Originally published at https://www.runtcpip.com on October 18, 2019.