The great cybersecurity star search

Needed: 10,000 young Americans with potential

Threats to the country’s most important computer systems don’t merely represent technical problems; they also highlight an urgent workforce challenge, according to computer security experts.

U.S. Cyber Challenge at a glance

The initial phase of the U.S. Cyber Challenge includes three ongoing competitions meant to identify the most talented people for careers as cyber professionals:

  • The CyberPatriot Defense Competition, a national high school competition run by the Air Force Association.
  • The DC3 Digital Forensics Competition, run by the Defense Department’s Cyber Crime Center and focused on cyber investigation and forensics.
  • NetWars Capture the Flag Competition, a SANS Institute challenge to test participants’ mastery of security vulnerabilities.

The Obama administration, lawmakers from both major political parties and large defense contractors have identified cybersecurity as a top priority. But even as officials press ahead on policy changes and companies race to build lucrative new technologies, many believe the dearth of highly trained cyber technicians is the most pressing problem.

Experts say thousands of additional professionals will soon be needed as analysts and systems administrators and in other related roles. However, although a tidal wave of new talent is needed, some observers say the current pipeline of candidates looks more like a trickle.

The Partnership for Public Service and Booz Allen Hamilton recently released a report stating that the government will be unable to combat cyber threats without “a more coordinated, sustained effort to increase cybersecurity expertise in the federal workforce.” The study’s authors also wrote that the “pipeline of potential new talent is inadequate.”

Meanwhile, in May, President Barack Obama released the results of his administration’s 60-day policy review that compared the current cybersecurity situation to the space race of half a century ago.

“The United States is in a global race that depends on mathematics and science skills,” the report states. The authors recommended more math and science education from kindergarten through 12th grade and increased funding for key education and research and development programs.

Richard Schaeffer, director of information assurance at the National Security Agency, said last week that there was a need for insight from a group of people who have yet to be identified. He added that it is important for companies and the government to cooperate to tackle the problem.

“We’ve got to work this together,” Schaeffer said.

He made the comments during a speech at an event on Capitol Hill in which government and industry officials unveiled a new national cybersecurity education program. The goal is to identify 10,000 young Americans with the skills to be cybersecurity practitioners, researchers, guardians and cyber warriors.

The program — called the U.S. Cyber Challenge — is led by the Center for Strategic and International Studies. Participants include the Defense Department’s Cyber Crime Center, the Air Force Association and the SANS Institute. Universities and aerospace companies are providing support.

Alan Paller, director of research at the SANS Institute and a leader of the initiative, said the program was a massive national search and development program similar to efforts to encourage young athletes.

“If you think about sports, grade school and high school give kids the chance to show that they might be good at basketball or soccer or football,” Paller said in an interview July 22. “We don’t have anything like that in [the cybersecurity field] except bad things.”

There’s evidence that other countries, such as China, are taking their search for cyber talent very seriously, he added.

The need to prepare young people to enter the computer security ranks in the United States is even more urgent given indications that the federal cyber workforce is growing older. That was the conclusion of the CIO Council’s most recent Information Technology Workforce Capability Assessment, which was released in 2008 but based on 2006 data.

The U.S. Cyber Challenge has five components: a talent search conducted through three ongoing national competitions, educational cyber camps for young people, live competitions, scholarships, and eventually internships and jobs.

“Rather than just teaching, it’s got to be fun,” said S. Sanford Schlitt, vice chairman of the board of directors at the Air Force Association. AFA is running an ongoing competition for high school students interested in the cybersecurity field.

Officials say the goal of all the U.S. Cyber Challenge is to identify talented individuals to participate in cyber camps at colleges nationwide. There’s also a program to train would-be camp counselors and plans for an FBI agent to visit each of the camps to discuss cyber crime and reinforce the need to use cyber skills in ways that comply with the law.

Rep. Yvette Clarke (D-N.Y.) and Sen. Thomas Carper (D-Del.), leaders of House and Senate subcommittees that focus on cybersecurity, said in statements released last week that they supported the cyber challenge and were pleased that their constituents would be involved. Meanwhile, Sen. Joseph Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, issued a statement congratulating a high school student from his state who had won one of the initial competitions.

In the meantime, government officials continue to define their needs and develop cybersecurity career paths.

Karen Evans, former administrator of e-government and information technology at the Office of Management and Budget and now a partner at KE+T Partners, said the government needs skilled analysts and systems administrators. She also said it’s important to match the focus of government-sponsored training opportunities with the needs of agencies and stressed that people are the greatest asset.

Experts say expanding and reshaping the workforce to meet agencies’ future cybersecurity needs won’t happen overnight, but existing programs could be expanded and historical parallels could guide the effort.

CSIS’ Commission on Cybersecurity for the 44th Presidency said the simplest way to increase the number of skilled cyber workers in the government would be to expand the National Science Foundation’s Scholarship for Service Program. In addition, the government must develop a career path for cyber specialists.

After the Soviet’s launched Sputnik, the commissioners wrote, “we were able to respond quickly with educational programs to meet a new kind of security challenge. We believe that the same rapid response is required now for the challenge facing the United States in cyberspace.”

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Tue, Aug 11, 2009 DC Metro Area

My reply to the GS-12 from Boston wanting to get into the cybersecurity field is to do like anyone else - APPLY for the jobs. The government doesn't know about what you want to do until you APPLY for the jobs. There are jobs available just APPLY OFTEN!

Mon, Aug 10, 2009 Boston, MA

This is all fine, but how does a current federal employee "break" into the world of cyber security when the government is recruiting "young college kids". I have plenty of time in the government and I am currently earning a degree in cyber security. Problem is I can not get into the field and I am already in the government. I am a GS-12 and I want to get a job in this area but it seems the government doesn't care about it's current employees.

Wed, Aug 5, 2009

The cyber challenge is a good place to start but what about a program to bring people in from the private sector who may be interested in transitioning to the government.

Fri, Jul 31, 2009

I personally find it amusing/sad that Karen would be quoted in this article. She and her little friends are primarily responsible for the sorry state of our existing cyber infrastructure and the lack of smart technical people interested in Federal cyber. Perhaps if she had spent a little more time encouraging useful work, and a little less time on pointless compliance exercises and tyrannical consolidation projects, we wouldn't be in this spot today.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above