Good News is: The demand for cyber-security researchers has been increasing exponentially as Autonomous vehicles is becoming main stream. But the Bad News is: The current supply fails to keep up with the demand! The recent ‘Car Hacking Village’ sub conference at Las Vegas ( which is part of the bigger cyber-security conference DEF-CON ) witnessed a huge crowd and sharp interest from big sponsors like Fiat Chrysler, Delphi, Volkswagen etc.
Believe-it-or-Not, unlike ever before the field of cyber-security is going to take a quick hockey stick growth and is going to become very difficult to find the required workforce. Along with it an entire training industry will be created that trains candidates with the required knowledge on how to handle and test Automobile security specifically. Already bug bounty’s for Driver-less vehicle sectors are sky high with only a handful of cyber-security companies addressing the huge demand. Apart from handing over contracts to such firms, Manufactures and Autonomous software vendors are going to crowd sourced testing portals to get their job done. Experts expect Autonomous vehicle related cyber-security projects and contracts in millions to be outsourced to companies for carrying out tests and quality control related activities.
Speaking to Mr. Casey Ellis, the founder of Bugcrowd ( one other sponsor of Car Hacking Village ), we learnt that there is much more industry support and interest than any year before. As he rightly pointed, the interest raises from the fact that automobile companies understand the extreme dangers that can be caused from their products being breached but are helpless, not able to find the right candidates for the work.He added, “I like to say ‘cars are two-ton, gas-powered mobile phones,” Further he mentioned,”Hacking cars is hard. It requires specialized equipment and knowledge, not to mention the car. That’s part of the reason [manufacturers] jumped into this. It’s a good way to access talent they would otherwise be unable to hire“.
FYI: Bug Crowd is a platform for researchers to identify and find potential flaws in products they promote. They run managed bug bounty’s for enterprises where people are rewarded for any bugs they find and report. Later these security flaws and breaches are sent to manufacturers to repair and fix. Its an all-in-one platform that makes vulnerability discovery and management cost-effective and straightforward.Their customers include Fiat Chrysler, FitBit etc. Owing to the demand for automotive security, Bugcrowd is also now looking into opportunities to train professionals and quality control engineers in this field.
“The gap between the number of needed and trained researchers will only grow. As of now, the entire Autonomous industry is struggling to meet the needed security experts to work on automobiles specifically.”
On the other hand, Mr. Tod Beardsley, director of research at Rapid7 said “We need to move researchers to automobiles,The automotive industry has adopted security researchers in a big way. We just need more of them,”
Rapid7 was yet another sponsor of the Car Hacking Village sub conference. They are into providing cyber security services to their customers. They help with vulnerability management, Penetration security, Application security, SIEM and also offer managed and advisory services. Their customers include JetBlue, LG, Microsoft, Macy’s etc. One of the interesting products they had to showcase was Metasploit. Using which security researchers can do penetration testing on automotive systems. The software enables any tester to act like a real attacker and develop new exploits and attack methods in a safe a controlled manner, so the vulnerability can be spotted and fixed.
When a huge disruption or pivot happens in an influential industry, it triggers changes in all related industries – that creates many new opportunities. That is what is happening now in the Automotive industry & related industries. The cyber-security vertical is experiencing ripples as the result of the tectonic shift happening elsewhere and its for its own good. It would be interesting to wait and watch how this space folds out.