Workforce

Desperately seeking cybersecurity pros

cyber education

Leaders from across the federal government are trying to improve training and education in an effort to expand the cybersecurity workforce. (Photo: Steve Cole Images)

The calls for a beefed-up workforce that specializes in cybersecurity are not new. In this highly critical arena, the demand for talent is sky-high and insatiable. But with a nationwide shortage of students of science, technology, engineering and math (STEM), where will tomorrow’s workforce – which is needed already – be found?

Leaders from across the federal government are following up on their calls for digital-era employees with a renewed sense of urgency, and with a range of initiatives designed to educate, train and incentivize work in the cyber field. They also are emphasizing that it is not just computer science majors and technological whizzes they seek.

“There’s a wide range of functions and skills that are required for us, whether you’re in industry, other elements of government, military – all across the board, there are a wide range of skills and functions we need,” said Army Maj. Gen. John Davis, senior military adviser for cyber to the under secretary of defense at the Defense Department. “Every person who touches a keyboard is in some way associated with the cyber domain, because there are disciplines and standards associated with protecting against the threats.”

Davis, who spoke Oct. 26 at the Center for Strategic and International Studies in Washington, noted that DOD, like the rest of the federal government, is feeling the shortage.  That gap between supply and demand has deep roots, he said, and the problem begins with defining the need itself.

“We don’t have all the capacity and the right sets of skills that we need to do all that’s required,” Davis said.  “In the department we are still struggling to fully define and empower the cyber workforce. It’s a big challenge, just to define the techniques.”

“The definition that we’re working on now includes a wide range of functions and skill sets,” he continued. “Analytics, forensics, training, testing and evaluation, engineering, operational planning, leadership roles, legal, law enforcement – there’s a very wide range that all go into the mix we’re calling the cyber workforce.”

The scarcity is reflected throughout the education system, from primary schools to universities. There are fewer graduates in STEM areas, and women are particularly underrepresented – a big problem for a field that already lacks diversity.

“The outlook is grim because we are not producing, from an education perspective, the people with the right skills sets to just have the entry-level skills needed in order to make progress in cybersecurity,” said Cynthia Dion-Schwarz, deputy assistant director for computer and information science and engineering at the National Science Foundation. “It’s a pipeline issue…it’s not a desire or capability issue.”

Panelists said it is also difficult, beyond the educational and initial employment phases, to establish ways up the professional ladder.

“I didn’t wake up and say, ‘I’m going to run all the information technology for the United States government, and what’s that career path?’” said Karen Evans, the former administrator of OMB’s Office of Electronic Government and Information Technology who is now national director of the U.S. Cyber Challenge. Evans noted that a search for cybersecurity jobs on USA Jobs yields only two or three listings.

Dion-Schwarz echoed that idea, pointing out the difficulty in navigating the cyber career path.

“For many of the leadership opportunities, it’s not like you open up the Washington Post and the jobs listing is ‘We’re looking for a new CIO,’” Dion-Schwarz said. “So [networking] opportunities and teaching women through mentorship throughout their career...are of immense importance of making sure they’re aware of the opportunities that are out there.”

Networking and mentorships are just part of the budding movement for prepare and propel the cyber workforce.

Davis noted a cross-government program for international outreach, led by the State Department, that promotes engagement in search of common solutions and cyber framework. Evans highlighted “nerd camps” that promote STEM learning

Later in the day, Homeland Security Secretary Janet Napolitano also underscored efforts underway at DHS and elsewhere, including the National Initiative for Cybersecurity Education and support for supporting Centers of Academic Excellence across the country, of which there are already 145 programs, she said.

She also touched on DHS’ just-announced “Secretary’s Honors Program,” designed to recruit, retain and develop entry-level talent for DHS. Furthermore, Napolitano said the agency is beginning to implement recommendations from DHS’ Homeland Security Advisory Council Task Force on CyberSkills in order to further build up the cyber workforce.

“We know that in the U.S. we simply need to grow and have more students who have competencies in the… STEM coursework,” Napolitano said. “It is something we need to think of not just as a DHS issue, but as a United States writ large issue.”

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Fri, Nov 2, 2012

This is such a Krock!! I read blogs everyday from IT Security individuals frustrated with not being able to find employment!! One of the problems is that government and the private sector are searching for the "perfect" individual for the "perfect" position. What they should be searching for are individuals with core IT security skills with the capability and core skillset to learn specific components of Cyber Security needed to fill available positions!! CYBER TRAINING; APTITUDE AND WILLINGNESS TO LEARN; AND PREVIOUS IT EXPERIENCE is the key for these individuals to succeed in the Cyber Security Space. In addition, we have to prioritize our budgets for Cyber Security training for all of the Cyber Security hires. Finally we have to pay them like we are making an investment in their careers!! Training, compensating appropriately, creating a career path will mean nothing if we don't provide good working conditions and a feeling of support for this group of individuals to have a protected career if they are performing and keeping their side of the bargain!! After all, we said that "we are desperately seeking Cyber Security Pros!!"

Thu, Nov 1, 2012 Jeannine B

I love articles such as this one. Yes, I think we need more cyber security professionals out there. However, I think there is a fundamental issue not addressed in this article or many others for that matter. Bottom line: even if you attract cyber security professionals through incentive programs and better pay you still have an issue that must be addressed before they can truly be successful in their field. Fix the way IT professionals communicate. Yes, it is very important to focus on the technology side of the equation; however, if the people side is neglected it doesn't matter what security-oriented implementations are introduced. At the end of the day, IT professionals (cyber security professionals included) will continue to be at the mercy of the employees within the organization. As any IT professional knows, people are the heart of any security system. As the National Security Institute tries so hard to convey, employee's behavior is the most common entryway for security breaches. Hence, until IT professionals communicate better, technology users will not embrace any of the security oriented implementations put in place. Sincerely, technology users may INTEND to comply, but at the end of the day, will they? Both scholarly and practitioner research indicates NO. I wonder, how about looking for students with great interpersonal skills who have the potential to acquire the necessary computer skills to get the job done. Signed, one female IT professional with a change management background.

Mon, Oct 29, 2012

I've been reading about this shortage in STEM since I started my engineering job 35 years ago in 1978. Companies pay them, they will come. Look at engineering in colleges. A kid needs darn near a 4.0 GPA to get into an decent public engineering program. Wwy? Because all our kids have figured out they can make a living in engineering so they are flooding the schools. Separately, churning out STEM degrees is not hard and the education system can ceratinly handle it with current funding. As a culture, maybe referring to efforts like "nerd camps" is counterproductive. Maybe it makes a difference to some middle school student who is beginning to wake up to what they want to do with their life. Why choose a field where everywhere STEM professions are seen as weird, nerdy, geeky, etc. Whereas the drug littered culture of Hollywood attracts kids like no other. Don't need to change the education system. Need to change our culture. The cybersecurity professionals are out ther in ample supply. If you're having trouble attracting them, pay more. Simple. Don't have the money? Oh well. Keep whining about cybersecurity, because without money to attract the talent, that's all it is, whining.

Mon, Oct 29, 2012 RayW

We have a public school system that says no one person should be treated any different than any other person, no matter what they desire or can do. A system of teaching to the least common denominator and feeding drugs to sedate those who are bored and get restless because they have heard the same boring subject 20 times because one person can not understand it.

Then you graduate and see a pay system that starts out below the industry starting point, never catches up, gives no incentive to work hard (NSPS was a lousy implementation, but it got people to work), and you are bad mouthed by your bosses and are told that if you work for the Gov you must be a lazy incompetent (good role models in the White house and the Capitol Building saying that too).

So you have people not being pushed to be the best because it is 'bad', poor role models in 'upper management', poor (as seen looking at media comments) working conditions. So is it any wonder there are no experts flocking to government jobs to counter the flood of computer invasions coming from our most favored partners like China who are pushing to get people in those positions?

My simplistic perspective from a time when the kids who wanted to learn were allowed to, those who did not got remedial training, and the trouble makers got to see the principal.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above