As cyberattacks mount against everything from government agencies to media conglomerates and connected cars, experts are warning that there’s a growing global shortage of the qualified cybersecurity specialists needed to mount a defense. In the United States alone, more than 200,000 information security jobs are unfilled, according to a Stanford analysis of government data.
At same time, Stephen Cobb and Chey Cobb, a married pair of veteran cybersecurity experts, find themselves wondering whether enough American students have the aptitude to fill those jobs—among the highest paid in the tech industry.
They aren’t at all worried about the intelligence levels of the current U.S. student generation, but about its possible lack of other key traits—a healthy amount of wariness and an ability to envision risks. In other words, the “security mindset” that allows cyber experts to imagine what could go wrong if they pictured the worst that people could do.
Cobb, who developed his own danger radar growing up in England, has long noticed how differently kids are raised in this country, where some parents shield their children closely from the risk of even slight harms. The kids seem to be losing opportunities to detect risks and figure out how to cope with them, he says.
“Helicopter parents do a very good job of shielding kids from risk analysis,” says Cobb, a senior security researcher at the San Diego, CA offices of Slovakia-based Internet security product maker ESET.
Cobb says he’s not against protective parenting—he’s a father himself. He would hardly want to see all American kids grow up to be like Elliot Alderson, the deeply suspicious, alienated young cybersecurity engineer and subversive hacker of the Mr Robot cable TV series. But Cobb remembers learning to deal with real-world dangers as a child simply by crossing streets alone or taking a city transit bus to school. He was intrigued when he first arrived in the United States to see kids getting off a school bus, apparently trusting in the laws that require other vehicles to stop when their bus does.
“The kids were wandering across the road, not looking,” Cobb remembers.
Cobb is now studying risk perception, security, and risk management as part of an online master’s degree program in criminology at the University of Leicester. He came across a lengthy article in the Georgia State University Law Review by Kathleen Vinson, a professor at Boston’s Suffolk University Law School, who detailed the invasions of colleges and even graduate and professional schools by helicopter parents who are still trying to protect their young adult children not only from physical dangers on campus, but also from mere disappointments and the consequences of their own mistakes.
In the article, “Hovering Too Close: The Ramifications of Helicopter Parenting In Higher Education,” Vinson says overinvolved parents try to get their children’s grades changed, pressure professors to amp up the amount of praise they shower on students, and otherwise attempt to insure a college experience insulated from the world’s many challenges.
Reading that, Cobb became even more interested in the effect of parenting on the pool of potential cybersecurity analysts. “My wife and I said, ‘What does this do to your risk assessment ability?’ “
Vinson found that the influx of sheltered Millennials was turning into a headache for campus administrators—and not only because of the time it took to wrangle with the helicopter parents themselves. The arriving students lacked basic campus safety skills, as well as the judgment to handle problems such as peer pressure, roommate tiffs, troubled sexual relationships, substance abuse, and the temptation to plagiarize to get better grades.
Vinson and others say some academic institutions are bowing to the pressure from parents, and the students themselves, to preserve them from challenging experiences—and even words or ideas. The current issue of The Atlantic magazine features a story called “The Coddling of the American Mind,” in which the authors detail the growth of requirements for “trigger warnings” when college professors are about to discuss subjects such as violence that may cause students to feel emotional distress.
Meanwhile, U.S. cybersecurity organizations and universities are expanding degree programs and urging parents to encourage their young students to consider careers in information security—a profession growing faster than any other in technology, according to U.S. News & World Report rankings.
But higher education and programming skills won’t be enough to qualify students for top cybersecurity jobs, according to a report by ISACA, an industry association for information security and IT professionals.
“Cybersecurity as a discipline includes the social environment of people, enterprises and related processes. In addition to other types of risk, social risk primarily arises from people and their behavior, human factors in IT use, and the emergence of change within the overall system,” ISACA says.
How can cybersecurity companies figure out whether a job candidate well versed in tech skills such as coding is nevertheless lacking in the street-level savvy to anticipate what criminal hackers may do, and to design countermeasures? Cobb says there are some tests for cybersecurity aptitude, but they aren’t yet designed to detect the shortcomings that can result from sustained parental coddling.
Cobb hasn’t given up on recruiting American students into cybersecurity careers. In fact, he has co-led security boot camps to get children interested, he helped to set up a master’s degree program in security at Norwich University in Vermont, and works with NICE, the National Institute for Cybersecurity Education.
American students are hardly all sheltered, Cobb says. For one thing, they often work after school while in high school, which may expose them to the same kinds of eye-opening experiences that Cobb and his friends grappled with as teenagers. At 18, Cobb took a gap year job delivering milk in a low-income neighborhood, and discovered that his predecessor had boosted his income by about 30 percent by skimming money from the accounts of welfare mothers. Cobb says the experience taught him early on that “not everybody’s honest in their dealings.”
“I would argue, and some psychologists would argue, that young people need to be exposed to risk in order to develop risk assessment abilities,” Cobb says. “At what age, and at what stage of development that happens, is open to discussion.”