Shrinking the Shortage of CYbersecurity Professionals

With nearly half a million vacant cybersecurity jobs across the country, Barbara Endicott-Popovsky is seizing every opportunity to train workers and fill the demand for talent.

When Barbara Endicott-Popovsky, the former lead instructor for the UW Certificate in Cybersecurity Risk Management, began her IT career, “cyberthreat” wasn’t even part of the lexicon.

“When I first started studying cybersecurity,” Endicott-Popovsky recalled, “the threat spectrum wasn't much more than kids who were exercising curiosity under the noses of adults who had no clue what they were doing. It was mischief stuff, like hacking into grading systems and changing their grades.” 

But Endicott-Popovsky realized that companies weren’t paying enough attention to the vulnerabilities that emerging technologies and new networks created. “I had an overactive imagination, I guess, and I could see what was possible.” 

Her concerns were prescient, given the much more nefarious nature of today’s hacks and breaches. Take the May 2021 attack on the Colonial Pipeline that shut down a major source of fuel for the East Coast for six days and the months long 2020 SolarWinds attack that penetrated hundreds of organizations, including multiple parts of the U.S. federal government. Endicott-Popovsky warns that we’ll see even more of these attacks in the coming years. 

“What keeps me awake at night now is the exposure of our critical infrastructure. And that there are almost half a million cybersecurity jobs going unfilled. We just don’t have the people with the expertise to fill those positions.”

An Influential Voice in the Field

Endicott-Popovsky previously served as the executive director of the UW Center for Information Assurance & Cybersecurity, where she was responsible for developing cybersecurity curriculum and programs to train a new generation of information security professionals. She also teaches cybersecurity in several UW degree programs. 

Given her extensive expertise, government officials frequently turn to her to spearhead leading-edge cybersecurity work at the state and national level. In spring 2021, Washington Governor Jay Inslee appointed Endicott-Popovsky to a new cybersecurity policy team sponsored by the National Governors Association. She’s working with partners from Indiana, Kansas, Missouri and Montana to create action plans for strengthening state cybersecurity and building relationships with peers across the country to learn about the challenges they face.

She’s also a co-investigator of a new two-year, $2 million grant awarded by the National Security Agency to address cybersecurity issues across the smart grid in the Pacific Northwest, Hawaii and Colorado. Endicott-Popovsky is leading a group of stakeholders as they work to understand local government vulnerabilities and strengthen resilience in cybersecurity governance, workforce development and critical infrastructure security, among other areas. 

We consciously prepare people for careers. We're taking students and preparing them to be effective professionals on the other side.

 — Barbara Endicott-Popovsky

An ENORMOUS demand for talent

With so many open cybersecurity jobs, Endicott-Popovsky is on the front lines educating the professionals that the workforce urgently needs. She led efforts to create the UW Certificate in Cybersecurity Risk Management, a three-course certificate that takes eight months to complete and provides students a credential they need to advance in the field.

“We consciously prepare people for careers,” Endicott-Popovsky said. “We’re taking students and preparing them to be effective professionals on the other side.”

The certificate begins with competency tests, which students use to develop a career plan and find their niche in the cybersecurity field. Immersive learning techniques and simulations that mimic real-world threats give students hands-on experience that helps them hone their critical-thinking skills. 

While the program’s 100% online format offers students the flexibility to complete assignments at their own pace, they also have many opportunities to participate in discussions with each other, faculty and guest lecturers.

“We’re very conscious of building a person’s network and exposing them to mentors who can help them,” said Endicott-Popovsky. “Because you need a network in cybersecurity.” 

She also touts the deep expertise of the program’s instructors and guest lecturers, who hail from tech, the military and municipal government. “They’re highly experienced, knowledgeable and well-known icons in cybersecurity.” 

Endicott-Popovsky offers one more compelling enticement: “The salaries are incredible!” 

According to the Bureau of Labor Statistics, the average annual salary for an information security analyst is $112,000 nationally. In the Seattle region, it’s $135,140, according to Lightcast

And given the deficit of talent, job growth for cybersecurity professionals is expected to remain strong — at 32%, much faster than average — through 2032. 

“The field is so undersaturated,” said Endicott-Popovsky. “People shouldn't be concerned about getting a job on the other side.”