Shortage of Computer Experts Hinder Cyber-Defense
A Washington Post article on June 24, 2009 reported the planned establishment of a Department of Defense (DoD) Cyber-Defense Command by October 2009 with full operational capability by October 2010. The Cyber-Defense Command’s mission will be to defend military networks, but will assist federal civilian networks.
Of concern is the potential threat to national security from increasing coordinated cyberattacks. In the article Ron Sanders, chief human capital officer for the national intelligence director’s office, acknowledged that the intelligence community has more flexibility and resources to attract computer specialists but said there is still an overall shortfall of U.S. citizens with the needed expertise who can also meet security clearance requirements. DoD claims more than 90,000 cybersecurity workers; other federal agencies are estimated to have a total of 35,000 to 45,000 personnel. The private study, Cyber IN-Security: Strengthening the Federal Cybersecurity Workforce, which details serious problems within the professional community charged with protecting the government’s computer networks against attacks, was produced by the Partnership for Public Service and Booz Allen Hamilton.
Related articles: U.S. CyberSecurity Initiative Puts Focus on IT Security Skills, Cyberspace Policy Review, Cyber Threat Posed by North Korea and China to South Korea and US Forces Korea
People don’t know how to train for the career field or which certifications will be attractive to hiring officials. We’ve played the secret squirrel card a little too long and now we wonder why we have no talent in these key areas like cybersecurity, cyberforensics, biometrics etc.
If you want to repair air conditioners, you go the HVAC schools which are well advertised, get the certifications necessary and get tackled by the hiring companies as you walk out the door. Not rocket scientry.
So where are all the thousands of jobs for these positions?
One of the big problems I see, is that not everyone wants to live in D.C.. The majority of these cyber defense jobs are centered around D.C. I believe that I am fully qualified for alot of these positions but I refuse to live in or commute to the D.C. area. What a rat race. Alot of these agencies need to start decentralizing. One WMD in D.C. would bring a majority of our government to a grinding halt.
It is interesting to see this article because this is the area that I would like to get into. I have just completed a Masters of Science in Information Technology with a focus on Information Assurance. Having said this, the study covers the 10 domains in the CISSP which will help with completing this cert. Besides this I hold a secret clearance that is good until 2011.What wonders me is where can I get more info on the positions that are coming available? It would deeply interest me to be a part of this movement.
Check out US Cyber Challenge – http://www.uscyberchallenge.org/
Also, keep an eye on who’s hiring, what’s required and where – https://www.clearancejobs.com/
Certificates will not be good enough for these positions unless you have hands on experience to back it up. I have a BSCS, BSCIS and an ASECT with an active Secret Level Security Clearance. I lack the expertise that can only be gained through real world experience. Entry level posiitions now require 1 to 3 years of experience. What happens to 0 to 1 year of experience? No experience no job! If companies and government want to fill these positions then they need to start training people instead of expecting everyone to have years of experience in many areas.
I think that the IT Security field is very interesting, with plenty of opportunity and challenges to keep people employed for many years. I should know, as I already work as an Information Assurance Manager (IAM/ISSM). There is a lot of room for improvement within government, and I would love to work at the enterprise policy and guidance level to help remedy what I see as roadblocks to success. I have the qualifications many of these positions would require, with both GSLC and CISSP certifications, a bachelors in computer science, halfway through a master in software engineering, and a current TS/SCI. Yet when I posted my resume out on the cleared sites, employers were hardly beating a path to my door.
My problem is twofold. The biggest one is what Steve mentions – DC. All IT security jobs gravitate to the DC area, which despite the great infrastructure serves as a single point of failure for a coordinated attack. In an age when I can work via VPN, remotely access/manage a machine anywhere, and can meet with a team virtually, why do I need to go to DC?
The second issue is somewhat related – pay and quality of life. It’s hard to recruit the caliber of IT security professional needed when they are in such demand outside of the government, and with far greater salary and benefits typically. If I left both my current area and civil service, I could expect a substantial increase in salary. For the right job I’d consider a move to DC, but can I really live up in the Beltway on a civil servants pay? I’m already in the system as a GS-12, so I’ll be limited to a GS-13 level or similar NSPS level for promotion. That won’t be enough to maintain my current lifestyle if I were to move my family to that area. Most of the government INFOSEC jobs I see posted are in the DC area, and within this 12/13 pay scale.
I’m obviously not the only one in this position, wondering what the future holds. In my opinion, until the federal government can entice security professionals with pay and benefits similar to their commercial counterparts, there will be a skill-level issue on the front lines and a retention problem with skilled and valuable employees in the back office.
Where did you go for your masters and what type of classes did you have to take?