The cybersecurity industry is experiencing significant growth as one of the fastest-expanding fields on a regional, national, and international level. 

Associate professor and Director of Eastern Washington University's Cybersecurity Institute, Stu Steiner, says the expanding market is attributed to rising threats to critical infrastructure and an increased reliance on digital systems across multiple industry sectors.

The cybersecurity market is worth hundreds of billions of dollars globally, as organizations of all sizes invest in the protection of sensitive data and maintaining consumer trust.

While the number of people working in the cybersecurity industry is increasing, it's not keeping up with an even faster rise in cyberthreats and the volume of skilled workers needed to address them. 

"The gap has narrowed somewhat and that is because the workforce has grown," Steiner says. "At the same time, however, job openings have continued to rise as well."

Steiner cites information from CyberSeek, a website that tracks cybersecurity jobs and related data, which shows a global cybersecurity workforce of 5 million, including 1.34 million in the United States. Despite the large workforce, the U.S. currently has over 500,000 job openings in the industry, underscoring a significant gap between supply and demand.

Regionally, Washington state has over 13,000 open positions in the field, followed by Oregon with over 4,000, and Idaho with about 3,000, as of April 17, CyberSeek data shows. Industry-related openings in the cities of Spokane and Spokane Valley are sitting just under 300, while the Coeur d'Alene area has 66 available positions.

At EWU, enrollment in cybersecurity programs has surged and student participation has doubled for three consecutive enrollment cycles, says Steiner.

"We started with 12 students in the first course," he says. "Then we doubled and had 28, then almost 60, and now we are at 112 students enrolled in the program."

Steiner compares cybersecurity to the field of nursing, in that many graduates are hired to fill roles vacated through attrition. 

In addition to the rising number of threats and expected industry retirements, the variety of cybercrime is also increasing and evolving with new technologies and artificial intelligence-based assistance. 

An example of vulnerabilities in critical infrastructure involves the Colonial Pipeline ransomeware attack in May 2021, explains Steiner. The attack on the oil pipeline system disrupted fuel distribution along the East Coast, contributing to regional spikes in gas prices at the time. Infrastructure was not secure nor prepared for an attack, Steiner says, adding that the system relied on a single passcode that had no multifactor authentication.

More recently, Steiner says an attack on a water treatment plant in Minot, North Dakota, forced personnel to unplug the system's main server and operate manually for 16 hours until the ransomware could be resolved. 

Potential targets of cybercrime also include the finance, defense, technology, health care, in addition to public utility sectors, he notes.

"These incidents highlight why we need more industry professionals," Steiner says. "Especially to protect public utilities and essential services."

For employers, many companies are adopting stronger security strategies and protocols as the rapid evolution of technology, particularly AI, is reshaping both threats and defenses.

"AI has nearly consumed the industry," Steiner says. "People on both sides can use it."

Steiner notes that automated cybercrimes are increasing, but many higher education institutions are teaching the incoming workforce how to fight AI with the same technology. One of the keys in this process is showing students how to use AI models to filter through incoming data streams and detect anything suspicious, Steiner says.

Some of these students also are forming strong teams that compete in cybersecurity competitions in the area and across the U.S and provide some real-world experience. 

Winning the National Centers of Academic Excellence in Cybersecurity Cyber Games regional tournament for the fifth straight year earned an EWU cybersecurity team a trip to compete in the NCAE Cyber Games National Invitational in Tampa, Florida, according to a university press release.  EWU finished ninth out of 12 teams in the national competition, Steiner says.

In March, EWU announced that its cybersecurity program was named as a National Center of Academic Excellence in Cyber Operations by the National Security Agency. EWU is only the 22nd university nationwide to be given this designation.

“The (National Center of Academic Excellence in Cyber Operations) designation is rare, difficult to earn, and serves as a national signal that an institution is equipped to produce graduates capable of working on some of the most sensitive and technically demanding cybersecurity challenges,” Steiner says in a press release.

The long-term goal is for the program to eventually achieve full certifications from the NSA by 2033, he says.

To meet that demand, Steiner says the university is developing a cohort-based model where students will spend two years at EWU's Cheney campus before transitioning into two years of intense hands-on coursework in the field.

"We want to put students at the forefront of this industry," Steiner says. "There's no shortage of need, and the work they will be doing has real world impact every single day."