• United States




The Paradox of STEM Training

Oct 16, 20144 mins
IT Jobs

Recent statistics seem to point to an overabundance of STEM graduates, and yet there is negative unemployment in some tech careers. Why the discrepancy between supply and demand?

In the technology industry, we’re faced with something of a paradox: On the one hand, statistics show that colleges and universities are pumping out STEM graduates at a prodigious rate. (Perhaps too prodigiously!) But on the other, we have negative unemployment rates in some STEM career paths. Where is the disconnect? In some cases the problem may be the academic environment itself.

I was recently talking with a colleague who was asked to lead a class on what programming is like in a professional environment. His method was very simple, and obvious to folks who have worked in a development department: The students were given a product requirement document and asked to create a product based on its specifications. The students were not enthusiastic and excited; they were irritated. They felt it was a poor exercise because it was unlike what they had come to expect in a class setting.

This reminded me of an academic conference I had attended many years ago, where students and teachers discussed their analysis of different malware. As I listened, I was agape with horror as the students described a two-month process of unpacking a sample. This was not some custom-made or complex packer; it was a very common one that could have been unpacked within seconds with freely available tools. I spoke with them after their presentation, and they were simply unaware of common tools that malware researchers use every day. Learning to work efficiently is every bit as much a part of becoming a malware analyst as developing technical chops.

The students in both of these stories were getting a technical education, but not one that prepared them to function effectively in a real-world environment. They were not getting a realistic introduction to what their potential career path would be like. I recall one interview with a candidate at a former employer who told me how much he enjoyed digging in and chasing down problems, sometimes getting lost in a task for days. With hundreds of thousands of new malware samples coming in every day, even with automation handling much of that, it’s a rare treat to spend more than a few minutes on any one piece of malware. After hearing his ideal work situation, I couldn’t help but think how disappointed he would be in the fast-paced malware detection and response group he was applying for.


But this problem does have a solution. There are a couple of possibilities that could be helpful, both for prospective employers seeking employees or employees seeking to explore the possibilities in the field of information security.

The first is internships and mentoring, both of which give students a foot in the door and a peek into the working world of information security. Even if the internship is not in the exact type of work the student eventually wishes to do for a career, exposure to different corporate cultures and styles of work can be very informative.

Both possibilities have the potential to point the student to an area of specialization, or the experience could elucidate what types of courses would be most helpful to get him or her to where they want to be. And when it comes time to find employment, knowing people in your field already can be a huge asset.

There are countless local, national and international information security conferences throughout the year which can be great places to find both internships and people with whom you can connect for mentorship. Most major cities now have a BSides conference if you wish to start locally. Likewise, there are security Meetup groups in many cities where you can meet other people who share this interest.

Vocational training could also be helpful in addition to or instead of a degree program. Some employers may place great value on the persistence and general learning that earning a college degree demonstrates, so you should keep this in mind before opting to go for training over the traditional academic route. Other employers may also value the passion shown by people taking personal time to find training or education on their own. If you choose to go a non-traditional route, be prepared to demonstrate your work ethic and experience in some other way than a solid academic transcript.

The paradox of a negative employment rate in some STEM careers and the overabundance of STEM graduates is a classic case of quantity over quality. A flood of applicants with mismatched skills and expectations won’t solve the shortage. It is important for industry and academia to communicate realistic requirements to students so that they can be adequately prepared for employment, whatever route they take to getting the necessary skills.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.