Cybersecurity credential could make hiring even harder
Few things agitate the workforce more than having the government get involved in deciding who qualifies as a professional in a particular field. Passions are likely to be stirred once again now that the Commission on Cybersecurity for the 44th Presidency is set to recommend to the Obama administration that federal information technology security workers be formally certified for their cybersecurity skills.
The commission is also expected to propose that the certification requirement be extended beyond federal employees and contractors to encompass regulated entities, such as critical infrastructure organizations, reports Kelly Jackson Higgins at DarkReading.
As Higgins points out, the demand for cybersecurity professionals will explode in the near future. The Homeland Security Department wants to hire 1,000 of them, but there simply aren't enough qualified candidates to go around. Requiring formal certification could make it even harder to fill positions — a point that some commission members recognize. Higgins quotes Tom Kellermann, a member of the commission and vice president at Core Security Technologies, as saying that adding certification to the mix could create a monster when it comes to recruiting cybersecurity professionals.
Commission members and former government officials say the commission will recommend that the administration establish a certification body with the same kind of oversight that the National Board of Medical Examiners provides in health care, according to NextGov’s Jill Aitoro. Furthermore, the commission will advise the administration to define a core set of skills that cybersecurity workers must have.
However, Aitoro also quotes an unnamed Air Force official as saying it’s not the government’s job to push certification requirements, which he said he believes will make it harder to recruit talented workers. “Government doesn’t train doctors and lawyers — they hire them,” he said.
In an opinion piece in Federal Computer Week, Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, said most organizations understand that "simply getting their employees certified will not solve their security challenges." At the federal level, a certification mandate “would be little more than a box-checking activity for agencies,” he added.
The commission’s report, which is due to be published late this month or in early July, will revive a debate that first surfaced last year when Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-Maine) proposed that the Commerce Department establish a licensing and certification program for cybersecurity professionals.
However, another bill under consideration seeks to expand DHS' authority to secure the country's computer systems. If passed, it could wind up giving DHS the power to decide what the new cybersecurity certification will entail.
Brian Robinson is a freelance writer based in Portland, Ore.