Here's a list of companies that have something in common — something bad. Target, JP Morgan, Dairy Queen, eBay, Sony. They're all companies that have been hacked.
Given all the security breaches lately, it's no surprise there is huge demand for cybersecurity employees. Companies say they cannot find workers to fill the jobs. An after-school program in Silicon Valley is trying get more people interested in the career, and it's starting young.
James Estrella is sitting in a classroom full of fourth graders learning how to code. He points to the laptop to show me an error he made. It's a bug he said, and that's bad. A bug can break the whole program, or worse he says, it could let someone hack into it. “It's weird,” Estrella said, “Only one tiny little mistake and then it affects everything.”
The after school course was developed by nearby San Jose State University in partnership with a local Catholic Charities program called Community Organizing Resources to Advance Learning (CORAL). It was designed to encourage an interest in cybersecurity that might someday turn into a job.
In the class, students are typing up code and fixing errors they made. Along the way they are getting introduced to the basic concepts of cybersecurity. The instructor, David Macias, says the kids have quickly realized how much of the world around them is hackable.
“There was a lot of like 'I can make games, I can make this, I can make that.' And then they took a step back and said 'Wait a minute, someone can hack me. Someone can hack my phone. Someone can hack my car.' And they just started going off with stories — 'Oh, someone hacked this, someone hacked that.'”
The road to an actual career in cybersecurity is long and complex. Employers require special certifications which take years of experience to obtain. Even those with a college degree in computer science and a focus in cybersecurity can struggle to transition into a job.
Matt Sigelman is the CEO of the job analytics firm Burning Glass Technologies. He says the demand for cybersecurity employees is surging. His firm put out a report showing that the number of cybersecurity job openings has nearly doubled in the last six years.
“Today you are seeing is that main street industry — large businesses, small businesses are sweating this stuff," Sigelman said. "And they should be.”
While demand is surging, Sigelman said there is not a good pipeline to develop cybersecurity professionals.
“We need to think about alternative ways of finding this talent,” he said.
Many kids aren't learning about cybersecurity until college, said Virginia Lehmkuhl-Dakhwe. She developed these cybersecurity courses, which run from third grade through high school. At first, she said, the courses raised a lot of eyebrows.
“Believe me cybersecurity was not anything anybody was thinking about,” she said.
But for her it is a no-brainer. It is interesting, educational, and there are jobs. “The realization is that this is a lucrative and interesting pathway and lets expose our kids to this early," Lehmkuhl-Dakhwe said.
Some kids may discover they have what it takes to go into cybersecurity — that they love breaking things apart, seeing how they work, obsessing over code. Those people are rare said Thomas Austin, a professor of computer science at San Jose State.
“Maybe the mindset is the hardest thing to train, maybe we can't train it. I don't know,” Austin said.
You can tell which kids are already hooked on cybersecurity, he said.
“There's definitely kids who are up on all the latest security exploits,” Austin said. “I occasionally have an embarrassing moment where they're more up on something than I am, and I'm like oh, okay I have some reading to do.”
Maybe James Estrella will grow up to be one of those kids. Back at the classroom, he proudly shows me the computer code he typed up. Here's how he answers that dumb thing adults ask kids. “Is this something you think you might want to do?”
“Yeah,” he said. “I want to be an engineer in the future.”
Estrella said he already knows more about computers than his parents. To have good security you need to get rid of bugs in your code, he said. Oh, and to make strong passwords. Otherwise, he pointed out, you could get hacked.