In 2015, hackers compromised Anthem Inc. and Ashley Madison. In 2016, Mirai botnet malware and politically motivated cyberattacks dominated the headlines. In 2017, it was ransomware and the Equifax breach.
This string of high-profile cyberattacks – and the likelihood of future attacks in new and unexpected forms – has fueled enormous growth in the cybersecurity industry in recent years. Spending on cybersecurity products and services, which was at approximately $3.5 billion in 2004, is expected to exceed $1 trillion over the five years from 2017 to 2021, according to Cybersecurity Ventures.
Cybersecurity companies are popping up across Colorado, but they’re all contending with a common problem: a chronic shortage of qualified workers. In 2017, there were 18,308 employed workers in the state’s cybersecurity industry and 9,478 job openings, according to Cyberseek, a workforce and career resource jointly developed by CompTia and Burning Glass Technologies.
Relative to the broader economy, that 1.9 employed worker per opening ratio was very low. According to Cyberseek, there were 2.6 employed workers per job opening in the cybersecurity industry nationally and 5.6 employed workers per job opening in the broader economy.
Leslie Jones, chief human resources officer at Coalfire, a Denver-based cybersecurity risk management and compliance services company, says she’s observed that many of Coalfire’s customers have struggled to find qualified workers.
“From our view, this is because cybercrime has risen steadily, and we have seen the regulatory environment become more demanding as well, increasing the demand for strong, qualified professionals," Jones said.
Meeting a need in the market
Back in early 2014, Bret Fund was an assistant professor of management and entrepreneurship at University of Colorado at Boulder. Through his involvement in the local startup community, he observed the nascent cybersecurity field’s growing labor crisis.
“I had a number of friends in the field, and they would always tell me how much trouble they had hiring people,” Fund said. "I saw the need and had an understanding of the immersive education, so I set out to help solve that problem."
Fund left CU later that same year to found SecureSet, a cybersecurity-centric bootcamp based on the model popularized by coding schools like Galvanize and The Turing School of Software & Design. SecureSet’s 20-week curriculum emphasizes immersive, practical experiences.
Fund shared an example of how that works, referencing the malware behind a string of denial-of-service attacks in 2016.
“Back in 2016, when the source code for Mirai botnet was posted online, we pulled it down and now we use it as an example in lab," Fund said. “Our students examine the code, how it works, and how to mitigate that threat.”
Since the first class of SecureSet students matriculated in 2016, 130 people have gone through the program, and at least 90 percent of SecureSet graduates found full-time jobs in the industry within six months, according to Fund.
“There is the occasional student who will come, take the education, and decide not to jump in immediately. That’s the exception, not the rule,” Fund said.
Each successful SecureSet graduate becomes a de facto ambassador for the program, extending the company’s network and influence, and helping fuel its growth. Two new SecureSet campuses opened in 2017, one in Colorado Springs and the other in Tampa, Florida.
Fund said SecureSet is going to expand even more in 2018; plans are in place to open campuses in new cities and to expand the existing campuses.
“By the end of this year, we’ll be able to serve 75-100 per campus per cohort. So between 150 and 200 students per year per campus,” he said.
Gerald Holtzlander dove straight into the industry after graduating in spring 2017. Before entering the SecureSet program, he was delivering pizzas for a little more than minimum wage. Within six weeks of graduating, Holtzlander landed a high-paying job working on web application firewalls at Akamai Technologies.
“It really opened the door for me.” Holtzlander said. “I got exactly what I was looking for.”
Akamai Technologies just hired its fourth SecureSet graduate, according to Holtzlander. “Looks like we might have one more here by April.”
Staying relevant in a fast-moving industry
Beyond SecureSet’s focus on practical learning, the company has also committed to staying on top of current trends.
According to a recent Reuters report, cybersecurity startups have struggled disproportionately despite the surge in cyberattacks because of the difficulty of staying relevant in a fast-moving marketplace.
Fund and his team built SecureSet’s curriculum with eyes on this problem.
“The base curriculum is static,” he said. “That’s because networking fundamentals don’t really change. They haven’t changed in the last 10 to 20 years.”
Current trends are left to the more dynamic advanced modules.
“Students have to reach a certain threshold of knowledge before they can jump in there, but that’s how we keep it current and fresh,” Fund said.
The curriculum for those advanced modules undergoes a review every six months, according to Fund. SecureSet’s review board meets after each class graduates to discuss trends in the industry and agree on any tweaks, changes or updates.
Andrew Ranes graduated from SecureSet’s first class in 2016. He’s now doing cybersecurity work for a satellite internet company in Southern California.
“What I really liked about SecureSet was that I don’t think they left a lot of the space out. We got exposure to almost everything you need,” Ranes said.
“When someone talks about something now, I’m not completely ignorant.”