Companies like IBM and Palo Alto Networks scramble to hire hundreds of thousands of corporate hackers to defend networks and data

ByKelsey Gee, The Wall Street Journal, May 9, 2019

As companies struggle to fill hundreds of thousands of open cybersecurity jobs around the U.S. they are casting a wider net to find and develop experts, pursuing workers without traditional four-year degrees or formal experience to help them protect computer networks and customer data.

Facing a shortage of skilled workers to defend against digital attackers, employers like International Business Machines Corp. andPalo Alto Networks Inc. PANW -5.12% are pouring millions of dollars into new partnerships with universities, training programs and cybersecurity competitions. The companies hope to attract talent with the right combination of attitude and know-how capable of testing and protecting troves of data stored on cloud systems and internet-connected devices.

Charles Henderson is head of IBM ’s IBM -0.09% offensive-security-services team—dubbed X-Force Red—charged with breaking into corporate customers’ latest smart watches and appliances, looking to spot potential vulnerabilities before the “bad guys” do, he says. Mr. Henderson estimates that his team of corporate hackers contains more music majors than graduates with cybersecurity degrees, given the dearth of collegiate programs that focus on the quickly evolving field.

IBM, which has 8,000 cybersecurity staffers, uses videogame-like simulations of computer networks containing valuable hidden data to recruit new hires. Mr. Henderson said he often looks for people who are passionate about strategy videogames like “Dune,” as they may be more inclined to spend hours in front of a computer looking to solve a puzzle.

“It’s really difficult to determine just by someone’s academic track record if they could be great at the kind of problem-solving we do, but it’s relatively easy in a simulation game,” he said. “If I’m hiring for an entry-level position on my team, what are they supposed to tell me? That they broke into some network and robbed a bank last week?”

There are roughly 300,000 open positions in cybersecurity, according to CyberSeek, a career website focused on the industry. Schools like the Rochester Institute of Technology and SUNY Polytechnic Institute have recently launched degree programs to try to meet those labor needs.

Despite the strong demand for cyber talent, it can be difficult to determine how to break into the industry.

Before Ashley Richardson found her current post in the San Francisco area, she was fielding customer complaints while working contract jobs in different call centers, and trying to figure out how to pair her interests with her goals. She loved tinkering with computers and exploring the internet as a child, and she dreamed of landing a position where she could help keep people safe.

Ms. Richardson made a spreadsheet to keep track of the skills that employers were seeking for information-security roles on job boards like Indeed. “If I saw the same skills or experience requirements twice in a row, I wrote it down,” she said, adding that she turned to YouTube and online forums to patch gaps in her understanding of computer systems.

Ms. Richardson, now 30 years old, landed a job as a security training engineer at Palo Alto Networks last year after attending a cybersecurity class the company offered for military veterans like her.

Catherine Norcom, a hardware hacker at IBM, learned about the Austin, Texas-based job at a cybersecurity conference in 2018. At the time, she was in the U.S. Air Force building prototypes of new tech tools for aircraft pilots. IBM solicited the best attempts by conference-goers to test out their strongest password against a program the company’s hacker team had designed to crack sophisticated word and phrase combinations.

“I thought, I’ve got awesome passwords,” she said. Ms. Norcom, 35, typed in one of her favorites and the machine cracked it in 43 seconds.

Even though she lost that first time, she peppered the person manning IBM’s booth with questions about the powerful yet simple-looking homemade computer’s assembly, impressing a group of security employees who were gathered around.

One told Ms. Norcom she would be a great addition at IBM, prompting her to ask: “Am I being interviewed? And why aren’t you guys wearing suits?”

She says he laughed and told her: “We’re the hackers. They don’t make us dress up.”