Recruiting a Cybersecurity Workforce

5 Government Cybersecurity Challenges in 2010: Part 2
Recruiting a Cybersecurity Workforce
As Congress returns to Washington for the second session of the 111th Congress, this week will present the top five cybersecurity challenges - one each weekday - the federal government will face in 2010.
Tuesday: Recruiting a Cybersecurity Workforce
Wednesday: FISMA Reform or Not
Thursday: Securing the Cloud
Friday: NIST's Growing Influence

* * *

The job offers for what could be among the first of 1,000 new cybersecurity professionals to be hired by the Department of Homeland Security will go out in January, part of a concerted effort by the federal government to secure federal digital assets.

"My top goal (for 2010), and nothing else even comes close, is to continue to add to the great core of human capital I've already got," said Philip Reitinger, DHS deputy undersecretary of the National Protection and Programs Directorate and director of the National Cybersecurity Center. "There are no silver-bullet solutions here; we need people, we need process, we need technology. But of those, people are by far the most important."

But for Homeland Security or other federal entities such as the National Security Agency, the challenge to find qualified IT security experts will be tough. Simply, demand outpaces supply. How serious a problem does this present the government?

Government agencies not only compete against each other for the limited number of infosec experts, but the private sector as well, which can offer higher salaries.

"There aren't enough people to satisfy all the needs in the country, and that is a significant problem for us," said Dickie George, NSA's Information Assurance Directorate technical director.

Reitinger said the government needs to develop innovative, collaborative approaches, not only among federal agencies, but between the government and the private sector to meet the human resources challenges to safeguard government systems.

To help alleviate that problem, though no one predicts it will be resolved this coming year, is legislation winding through Congress, the Cybersecurity Enhancement Act, that would provide scholarship to students who agree to work as cybersecurity specialists for the government after graduation. Students would promise to work an equal number of years for the government in which they receive the grant. "This is a good incentive, especially at a time when it's becoming more and more expensive to go to college," said Rep. Daniel Lipinski, the bill's sponsor. "It's just a good way of steering people to an area where we need to do better with producing people who have those skills."

The Cybersecurity Enhancement Act also would fund faculty professional development and cybersecurity curricula development programs at U.S. colleges and university. That's significant because of a shortage of qualified professors to teach cybersecurity. "A major capacity building bottleneck that affects all levels of educational and research needs is the production of PhDs in this area," said Seymour Goodman, professor of international affairs and computing at the Georgia Institute of Technology, telling Congress the few PhDs working as cybersecurity educators and researchers are either newly minted or converts form other fields. "Building the doctoral ranks takes time."

That legislation also would require the president to assess the government's cybersecurity workforce, including an agency-by-agency skills assessment. That dovetails with an Office of Personnel Management initiative to define cybersecurity jobs in government, something that doesn't exist and seen as an obstacle in recruiting infosec experts.

"Because cybersecurity work is performed in many different positions and places throughout the federal government, it is not easy to identify them by looking solely at job titles or organization charts," said John Berry, director of the Office of Personnel Management.

It's a process the OPM will try to help remedy in the coming year. Late in 2009, OPM deemed as a high priority the development of competency models that would lead to IT security occupational classifications. Berry had asked departmental and agency chief human capital officers to provide his office documents that describe IT security positions, vacancy announcements, crediting plans, training plans, performance management plans and any studies or competency models of cybersecurity work in their departments or agencies, as well as information about agency recruitment efforts, challenges and outcomes.

Additional Reading

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.