Does Dearth of Infosec Pros Pose Risk?

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

GEORGE: Yes, definitely. One of the things that drove people into IT a few years ago was the dot-com boom. That is where the jobs were and people to some extent are interested in what they are going to be doing for the rest of their lives. When gaming was hot, and it still is hot but the jobs aren't there like they were a few years ago, that was something that drove people into computer science. In today's world, there is so much emphasis on cyber. It is going to attract students to that area and that is going to make a difference for us. The number of computer science majors is way down, particularly in this country, of U.S. citizens, it is down. We need to build it back up and we need to work hard with the universities to not only get the right people interested but we have to start at a young enough age that they understand that there is a future there for them and that they can do something in science that is meaningful and challenging. It is a great opportunity to work with students when they are freshman, when they are sophomores in college, when they are in high school, to make them understand that they have a bright future and they can make a difference. Today's students really do want to make a difference.

CHABROW: You referred earlier to the challenge of finding qualified people for the NSA. Obviously, this is the same kind of challenge that industry faces as well as other government agencies. How serious a problem is that?

GEORGE: For us, it is a huge problem. We need to hire the best and brightest and we go out to the universities, we see those students there, but we also see a lot of other government agencies and a lot of private industries that are all after the same skills. There aren't enough people to satisfy all the needs in the country and that is a significant problem for us.

When we are looking at succession planning, who are going to be the real leaders in the future? We need to get those kids when they are young, when we can build their understanding of the system, when we can use them for a long time to really be our leaders in the future. And we are competing for exactly the same skills and it is really hard; it is a challenge.

CHABROW: Are the IT systems of the military, the intelligence community and civilian agencies at risk because we can't find enough people to fill the jobs in IT security?

GEORGE: I would say that we could always be better than we are and we would be more secure if we had enough highly skilled people to satisfy the needs. I wouldn't say that we are insecure because of that, but it makes the challenge harder for us. We have a group of people that take this very, very seriously and are working very, very hard on it. We are always looking for a few more smart people that can come in and have a few more creative ideas to make us more secure. And security is not a zero-sum game, either. You are not either secure or insecure, it is how secure are you, what is the threat, how hard is it to take advantage of that threat. It is a complicated issue. It is not to say that if I had three more people I would be secure. What kind of security can we create for the nation?

CHABROW: Anything else you would like to add?

GEORGE: Well, I always have a story I like to throw in. If you think about security today, we have technology that is capable of doing it, what we need is a user base that understands the threat. I talk about when I was in school and about once a month an alarm would go off and we would all dive under our desks because somebody might be dropping a bomb on the school and they were trying to protect us. You know it wasn't too far from World War II. My parents lived through that and so there was really an understanding of that threat and an understanding of the damage that could occur if someone dropped a bomb on the school. So we would all dive under the desks and when I went home, half the kids in my school had bomb shelters in their basements because they understood the threat.

In today's cyber world, cyber is so much more complicated than a bomb that it is really hard for people to really understand the threat and understand how to defend themselves against that threat. That education is what we have got to achieve as a nation so that we can all work together to make ourselves a much harder target.