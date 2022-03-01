When Jack Koziol launched his one-man cybersecurity training company Infosec in 2004, cybersecurity was the purview of a specialized few who sat in back rooms with other tech experts.
Now, as cyber crimes make headlines, shutting down oil pipelines and holding businesses for ransom, the fact that his company was just purchased by global education technology giant Cengage Group for $190.8 million is one more sign of just how much has changed in the two decades since. The hefty price tag is a testament to the unprecedented online threats companies and governments are facing, and the massive shortage of professionals trained to fight them.
“In the past, cybersecurity was really something that just geeks and nerds did in the back room of the data center. Now, CEOs are talking about it. Boards of directors are talking about it,” said Koziol, who is now a senior vice president at Cengage and the general manager of Infosec.
Koziol got his start in cybersecurity as a teen growing up in the 90s, when he and his friends would hack each others’ bulletin board system applications for fun. After graduating from the University of Wisconsin-Madison, he got a job in the security department at BMO Harris Bank and wrote a book on cybersecurity on the side. That book, “The Shellcoder’s Handbook: Discovering and Exploiting Security Holes,” spent weeks on Amazon’s Top Ten list. Soon Koziol was flooded with requests from companies looking to learn the art of digital defense.
“There's just a big gap between what the bad guys know in terms of cybersecurity and what the good guys know to defend themselves,” Koziol said.
In 2004, he quit his job and launched Infosec. Companies hire Infosec for two types of training: general security awareness training for a broad set of employees on things like how to spot phishing attempts, and specialized training for the cybersecurity employees tasked with creating and maintaining their companies’ defenses. To date, Infosec has trained more than 150,000 cybersecurity professionals and more than 5 million general employees through a combination of in-person and online classes in 36 languages. In 2013, Koziol moved back to Madison, which would become Infosec's headquarters.
Last summer, he began seeking investors in order to scale up the business. Though he wasn’t planning to sell, Cengage made an offer, and Koziol decided that it made sense for Infosec to become part of the 100-year-old higher education company, which has partnerships with hundreds of community colleges and universities.
“Infosec is a perfect addition to the Cengage Group portfolio,” said Michael E. Hansen, CEO of Cengage Group. “As demand for workforce skills training explodes, together we’ll be better positioned to deliver quality online learning for cybersecurity and other growing fields wherever students need — through academic institutions, employers or direct to consumer. With our ability to scale training across channels, we will help millions of learners gain the skills needed to move up in their careers and help close the cybersecurity skills gap.”
Growing awareness, growing shortage
Koziol thinks that the nearly $200-million price tag on the deal with Cengage speaks to a growing risk of cyberattacks — and a growing awareness of that risk. He points to Russian interference in the 2016 elections, which showed the U.S. that cybersecurity is a key part of national security. Now, as Russia launches new offensives, Russia could again use cyberattacks as a “method of war,” Koziol said.
And while governments and businesses can use software to reduce their risks, Koziol says software alone won’t cut it. That’s especially true now that more people are working from home, spreading out the cyber “border” that companies must protect.
“There's no more corporate firewall that protects everybody,” Koziol said.
Instead, he said, every person must be trained to recognize and avoid threats, whether to protect their company or their own identity. “There's no better way to prevent phishing than to just teach people about it and empower them to make the right decisions.”
Meanwhile, there’s a massive shortage of cybersecurity professionals to mitigate the risks. According to Cyberseek, an industry analysis conducted by the National Initiative for Cyber Education and company partners, there are nearly 600,000 unfilled cybersecurity jobs in the U.S. Globally, there are about 3.5 million jobs unfilled, according to industry researcher Cybersecurity Ventures.
“It's a real big problem. You have nobody guarding the house with all these open positions,” Koziol said. He believes that filling those positions will require transforming an industry currently dominated by white men by training a more diverse set of people who don’t necessarily have a background in computer science.
Under the acquisition deal, announced in January and completed today, Infosec courses will become part of ed2go, Cengage’s online certification course platform designed to help workers and job-seekers build their skills.
“The cybersecurity industry is at a critical inflection point where the skilled labor shortage could have far-reaching and lasting effects on business and personal safety. At the same time, it provides an opportunity for un- or under-employed workers who can upskill or reskill for career advancement,” said Michael E. Hansen, CEO of Cengage Group, in a January press release.
The company estimates that the market for online, employer-paid cybersecurity training is currently worth $1 billion a year and could grow to $10 billion a year by 2027. “With our scale and resources, more cybersecurity professionals will have access to an affordable and faster option to develop the skills they need,” Hansen said.
Infosec will retain its employees, and Koziol will continue to lead the team through the transition before eventually launching a new, still-to-be-determined business.
“This kind of investment shows that really smart people believe in this industry and believe in this company that we built here,” Koziol said. “It’s somewhat unfortunate that (cybersecurity) is such a hard problem to solve. But I think if you're in the cybersecurity industry … there's a bright future, now and into the far future.”