Corn sounds like a strange topic for my letter to you this month, doesn't it? Well actually I want to talk about corn subsidies.
In the United States we want to make sure that corn farmers continue to grow corn, so the government gives farmers cash to do just that. It keeps the fields full of corn that we need to feed livestock and people, and to produce ethanol.
We've been doing it for years, and we continue to do it because we want to make sure that there will be corn there at harvest time. It's about planning ahead and creating subtle pressure on the market—in this case farmers—to help us meet demand that we know will be there. Simple concept, right?
In any profession, you need to be asking questions about the future, whether that future is near- or long-term. For farmers, the question might be, "Do I plant corn or alfalfa?" Subsidies help make that decision easier for them.
Growing the next generation of IT security professionals isn't all that different from growing corn. Globally, the security industry is struggling to keep up with the demand for skilled, trained IT security professionals. Here in the United States, a number of universities have launched degree and certificate programs designed to do just that. The problem: There are too few of them and they can't possibly hope to turn out enough security professionals in the next few years to meet the growing demand.
[See CSOonline's free security job board]
This is a concern that CSOs across America have told me about frequently and with increasing fervor. But I fear that these complaints are just wasted breath until our educational institutions start to focus much more on teaching IT security, not just IT (sans the security), as a profession. To make that happen, we need to implement the equivalent of corn subsidies for security. I'm not talking about throwing government money at the problem—I mean it metaphorically.
All of you should exert pressure on the market by reaching out to your alma maters and the colleges and universities near where you live and work and cajole them, pressure them and plead with them to take this problem to heart and help solve it. You also have to let kids know that IT security is a very attractive career with great prospects and good compensation.
It's easy for us to complain about the shortage of good IT security people. It's harder to solve that problem. Where do we start?