Got cyber skills? Uncle Sam wants you

A program looks for the next generation of cybersecurity top guns

A group of private and government organizations has launched a program to build the next generation of U.S. cyber defense leaders.

The U.S. Cyber Challenge is looking for 10,000 young Americans with the skills to be cybersecurity practitioners, researchers, guardians, and cyberwarriors. The program will provide participants with competition, training, recognition and a chance to win scholarships. It is led by the Center for Strategic and International Studies and includes the Defense Department’s Cyber Crime Center, the Air Force Association and the SANS Institute

Experts say there is an urgent need to expand the federal cybersecurity workforce. The Partnership for Public Service and Booz Allen Hamilton recently released a report that said the government will be unable to combat cyber threats without “a more coordinated, sustained effort to increase cybersecurity expertise in the federal workforce.” The study said the “pipeline of potential new talent is inadequate.”

“This is the biggest issue for the cyber community, this is the biggest national issue,” Alan Paller, director of research at the SANS Institute, said July 22. “But it’s played wrong a lot of the time, it’s played as if we need more bodies – it’s not that we need more bodies, we need bodies with particular skills.”

The U.S. Cyber Challenge program includes three ongoing competitions:

  • The CyberPatriot Defense Competition, a national high school cyber defense competition run by the Air Force Association.
  • The DC3 Digital Forensics Competition, a DOD competition that focuses on cyber investigation and forensics.
  • NetWars Capture the Flag Competition, a SANS Institute challenge to test the mastery of vulnerabilities.

Paller said although the Air Force Association competition is limited to high school students, the other two competitions don’t have age restrictions. However, he said the camps are limited to students in the latter part of high school and in college.

Paller said the competitions are a way for people to prove that they have talent. However, he said the U.S. Cyber Challenge is a “nurturing program” and is unique because it continues after the competition portion.

“If you think about sports, grade school and high school give kids the chance to show that they might be good at basketball or soccer or football -– we don’t have anything like that in cyber except bad things,” Paller said. “The only way you can show you're good in cyber right now is to do something that really can get you in trouble, if you’re a kid.”

Young people who do well in the competitions will then be invited for to cyber camps at colleges where they will get further instruction and face additional competition. Then, the young people who are successful at the camps will participate in live competitions around the country.

Those who excel in the program can then receive different types of scholarships, Paller said. He added that the young people who participate in the program make a commitment not to use it for “evil.”

“The whole idea is to make it so cool that the kids who might have thought about doing it for evil will say  ‘Hey…I’m going to do it for good,’ and at least try it and maybe we get them hooked,” Paller said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Tue, Jul 28, 2009 Robin L. Ore

Great information about the clearance review process which is also blocked by problems with finances and hearsay from competitors. There is also the enforced process of not hiring citizens and civilians who contain most of the up to date knowledge and experience of the communications industry. One blaring omission is the focus on digital networks as being the required skill set instead of optics where the faster speeds and therefore the disinformation warfare is. The brain to brain combat that these young recruits will be required to perform as they "mature" means that they will be fighting evil in that optically controlled environment. It takes people skills and gender equality, not computer hackers and shooting contests. If the digital portion is not automated there is no defense from human sabateurs and this requires overhauling of digital equipment of networks which are soon to be all optical. I agree with Jeffrey A. Williams that expertise is needed based on experience and ability and I would argue that all types of experience is needed. This is unlikely to happen around the big business bottleneck of eavesdropped upon free labor pools of competitors and stolen (unpaid for) expertise, knowledge and ideas from entrepreneurs they clandestinely listen to under other pretenses. They, not the government control the networks and these children and young adults will be fighting against their control over the population without a network and without optical expertise, using foreign made embedded equipment they are forced to use. May God Be With Them. As soon as they sign up they will be implanted and their lives as they knew them are over. I hope they know this in advance, unlike the military veterans who were experimented upon and then used to experiment on the public.

Mon, Jul 27, 2009 Jeffrey A. Williams Frisco Texas

Seems a good idea, but one has to wondergiven the poor security USG web sites, DN's and networks already have that they could be competant in training anyone regarding such especially any leaders in this area. As a security professional of nearly 30 years and once worked for the USG, I can speak to this with relitive experiance and expretise. Regards, Jeffrey A. Williams CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827

Mon, Jul 27, 2009 Rick New Orleans

And again older, mature, IT professionals are left out of the loop. Is it simply an assumption that only younger people have the talent to be an Information Security professional? What about training older workers to do the same thing or does the Government believe only young people have the smarts to do the job?

Sun, Jul 26, 2009 N. Spiers

I disagree that the lack of a skilled workforce is the root cause of the inability of agency CIOs and CISOs to fill their cyber positions. The primary reason that they cannot seem to get skilled cyber professionals is because of the bureaucratic and cumbersome process that is required in order for an individual to get an interview for a Federal position. Currrent screening and hiring procedures require a long and cumbersome process and yields only a very limited recommended "short list" of candidates to interview (chosen by HR, and not by the hiring manager). The list commonly includes candidates who were short-listed because they are already a Federal employee, or have veteran's preference, or have minority preference--not because they are the "best and the brightest" who have applied. The hiring process takes so long (six months to a year is not uncommon) or begets such incompetent candidates that many of the job postings are withdrawn or canceled. If an individual is experienced, cleared, competent, knowledgeable, has all of the requisite certifications, etc.--albeit not already a Federal employee or veteran--they usually never make it to the "short list," or have already found a job elsewhere because the process takes so long. Many times, uncleared individuals are never even considered, regardless of training or competence. The backlog at OPM for clearances is so monumental that it can (and does) take years to adjudicate clearance applications, and the requirement for clearances for these positions is standard. One way that this could be alleviated is built into the cyber security standards recommend by the National Institute of Standards and Technology (NIST), which requires a risk designation to be placed on all positions. Most agency CIOs and CISOs have not implemented this requirement because the hiring process is governed by existing procedures that are out of their control. If cyber positions are indicated as having a high-risk designation based on the fact that these positions are first-line defenders of Federal information and computing resources, a process could be put in place to "fast track" qualified applicants and allow them to be considered regardless of their prior Federal service or minority status. It won't fix the many problems inherent in the current system, but will yield a much greater level of control for the hiring manager to bring skilled individuals into these critical positions. The application of risk designations and "fast-tracking" is a Band-Aid(r), but one that may show that there truly is a skilled workforce "out there," with many individuals who want to work to protect our nation's assets--given the chance. Relying on the current process, however, will ensure that building truly innovative cyber security programs within the Federal government with skilled, competent cyber practitioners will continue to be frustrating and elusive.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above