For anyone who thinks there are no more great IT job opportunities--you know, the ones offering long-term potential, lucrative pay packages, and a relentless stream of customers clawing at your door and waving blank checks in your face--it's time to plunge into cybersecurity. Got a son or daughter in college majoring in Philosophy of Environmental Protest with a minor in Ballroom Dancing? Immediately pull all funding--and cancel all credit cards--until the little dreamer starts taking eight courses per semester in Advanced Cybersecurity. Come to think of it, pair that up with an aggressive minor in Deviant Psychology and the kid will exit college to a bidding war that would make Shaq jealous.
I wish this were all a joke. But just take a look at the cascading chaos in the cybersecurity world today--and this is but a brief sample from last week:
Let's take a look at some of the forces behind the chaos, and since Microsoft has been featured so prominently in these security-oriented news items lately, let's start with it. Ballmer says that hackers are continuing to get smarter and that this on-the-job training is thereby negating at least some of the progress Microsoft is making in trying to bulletproof its products. "I think we've learned a lot more about security basically than anyone else in the world," he said. "That's kind of the good news and bad news, being the position we've been in with our kind of market share." OK, we can see his point--but does it help anyone other than the college kid looking for a growth profession?
Then there was the system breach at Berkeley, which had an interesting timeline: the break-in occurred on Aug. 1 but went completely undetected for about four weeks. When it was finally discovered at the end of August, state officials--despite the staggering number of potential Californians whose personal information was exposed and could have been accessed or stolen and sold--waited three weeks before notifying law-enforcement authorities. And even after all that, a state official from the California State Health and Human Services Agency tried to pooh-pooh the whole thing, as our Tom Claburn [[email protected]] reported: Emphasizing that there was no evidence that the hacked info had been looked at or sold, the agency's assistant secretary said, "Really, this is a precautionary measure." Well, sweet joy--THAT's gotta make those 1.4 million Californians feel better!
And then there's the new product from Google. It had barely made its online debut last week before reports began to circulate about the huge security problem the new product could present if it wasn't used for exactly and precisely the application the company intended. I'm sorry, but human nature being what it is, is that a viable approach?
In response, as we reported last week, Google tried to emphasize the product is aimed at a very specific application, but the company ended up dispensing more of the treacly not-to-worry medicine we've all been dosed with lately: Google director of consumer Web products Marissa Mayer said managers of shared computers "should think twice about installing the software until Google develops advanced features like password protection and multiuser support." Yes, I see her point; from a straight logic perspective, it makes sense. But in reality, in today's hacker-infested environment, is it smart to tell people to "think twice" before installing a product with a gaping security hole? Shouldn't the advice not be "think twice before installing it" and instead be "don't think even ONCE about installing it" on anything but a standalone PC?
And I have to add this perspective about the industry's security whipping boy: Can you imagine the indignance explosion that would be triggered if Microsoft said something like what Google said? Or like this: "We can only make Desktop Search as secure as your computer," [Google's] Mayer says. "If you lose control of your computer, yes, it's possible people could use Desktop Search and search for various items. However, there are also a lot of other things they could do to your computer while they're sitting in front of it." Oh. OK. For a minute there I thought other people looking through my computer was a problem.
Nietzsche, who would no doubt have worshipped hackers, said that out of chaos comes order . I don't know about that, but I do know that unless software companies and their customers begin to think very differently about security, then out of today's cybersecurity chaos will come massive job opportunities for computer-security majors. And that's one growth market we ought to try to avoid.