Vehicle Cybersecurity Positions are Difficult to Fill

Vehicle Cybersecurity Professionals-Still a Difficult Position to Fill
Charles Parker, II
>_

In the metro-Detroit area, the primary industry and revenue force is the auto industry. This is clearly due to the number and concentration of the vehicle manufacturer headquarters, assembly plants, and admin offices. As these vehicles are designed and engineered, they require cybersecurity testing. This ensures as much as possible the vehicles are safe and secure for being successfully attacks. Cybersecurity for the presently connected vehicles and future autonomous vehicles is paramount. Without this in place and the vehicles being active, directly tested, any vehicle on the road would not be safe itself or from other vehicles which could be hijacked.

To accomplish this vast task, the vehicle manufacturers require qualified people to complete the testing. This does not appear to be a significant issue. There are jobs to fill in a technology area creating a demand for years, and there should be people to fill the open positions. Unfortunately, this is not remotely the case. This is occurring presently in the field for many reasons. The primary reason for this is the available persons with this skill are limited. The persons with the skill and experience to test the cybersecurity of embedded, equipment is rather narrow. Of this narrow field, the applicants need to be vetted not only for their technological prowess but also for their ethics, as there are bad apples present who would not morally do the right thing 100% of the time. Based on this need/demand is far outpacing the demand. This is further exacerbated due to this need being across several industries, not only auto manufacturers.

As an option, the manufacturer may reach out to third parties to complete a portion of the testing. The manufacturer may also incorporate a bug bounty program into their process. Programs like this would pay the cybersecurity persons when they would find a bug in their product. By using a program as such there are a great number of persons reviewing the product and are paid for their time if a bug is found. GM and FCA’s Bug Bounty programs are well known.

There are a limited number of universities and colleges attempting to train persons for this vast need. There are also contests in which high school and college students may apply to be in to learn the basics. This will assist with increasing the pipeline for the cybersecurity talent.