In cyber crime circles, this is called “social engineering,” and criminals use the tactics to circumvent companies’ Internet security software by tricking employees to download harmful software or cough up passwords. Osborn doesn’t look the part of a hacker, with his short blond hair, baby face, and glasses. Yet he’s persuasive—after a few calls, he finds an employee who agrees to download malicious software that will open a door into the computer network and let Osborn break in.
In real life, Osborn isn’t a cybercriminal; he’s a student participating in a cyberdefense competition at California State Polytechnic University in Pomona, Calif., that drew about 65 students from Western colleges. The campus is situated on a former ranch east of Los Angeles. Horses and sheep still graze in the pastures.
Boeing (BA) and the Black Hat computer security conference sponsored the regional competition, held Mar. 26 to 28. Cisco Sytems (CSCO) and Intel (INTC) donated computer equipment. The goal is to help companies recruit students who can assist in bolstering their defenses against cyberattacks.
Last year Boeing hired seven students who competed in this event, and the company hopes to fill a few slots with talent discovered this year, too. “It’s about [developing] the next generation of cyberwarriors to protect the nation,” says Alan Greenberg, technical director of cyber and information solutions at Boeing.
Boeing employs about 2,000 cybersecurity workers, up from roughly 100 in 2004. This year, the company may hire 15 to 30 cybersecurity workers, Greenberg says.
NOT ENOUGH APPLICANTS
Demand for cybersecurity professionals is growing quickly. Government and industry executives say they need more cybersecurity employees but struggle to find qualified applicants. Just 40% of government hiring managers say they’re satisfied with the quality of applicants for federal cybersecurity jobs, and only 30% are satisfied with the number, according to a July 2009 report by Booz Allen Hamilton.
While the government’s scholarship program can fill about 120 entry-level cybersecurity jobs, the feds need about 1,000 recent grads to fill those spots, according to the report.
Together, the U.S. public and private sectors will need about 60,000 cybersecurity workers in the next three years, says Greenberg. “There will be a shortage.”
The number of cyberattacks from organized hackers against the computer networks of U.S. companies continues to escalate. “Two recent examples have highlighted why companies need to work together: the Conficker worm and the Google attack,” says Melissa Hathaway, a former cyber security adviser in the Bush and Obama administrations.
TROUBLE IN CHINA
In one particularly high-profile case, the computer systems of Google (GOOG) and more than 30 other companies, including Adobe Systems (ADBE), were breached by hackers based in China.The incident ultimately led Google to redirect its Chinese users to company servers in Hong Kong.