The infosec brain drain

It's time for the federal government to sound a security alert — of a different

sort.

During the past six weeks, two of the government's most influential

security experts have announced plans to take jobs in the private sector:

Richard Guida, chairman of the Federal Public Key Infrastructure Steering

Committee and a 28-year government veteran, and Tom Burke, an associate

commissioner for information security at the General Services Administration's

Federal Technology Service and a 23-year veteran.

The government is losing a vast store of institutional knowledge, as

well as two experienced leaders in a field where leadership is sorely needed.

Those departures also remind us that the information technology worker

shortage that afflicts all of government will be felt in information security

offices as well. And a brain drain in security, at even a fraction of the

rate in other IT fields, could exact a heavy toll.

Federal agencies were already dependent on the Internet for sharing

information and making transactions when the dot-com industry exploded.

The Net economy has agencies envisioning even more dramatic ways to deliver

services.

But the digital government vision will unravel if agencies do not put

adequate safeguards in place. It's more than configuring firewalls; agencies

need people who have the imagination that allows them to match technology

to new applications and emerging threats.

Part of the solution is for agencies to thoroughly document their security

policies and procedures so that institutional knowledge does not go out

the door with departing employees. But that is not enough. Information security,

like all technology disciplines, depends on the creativity and vision of

individuals. If those people leave for the private sector, that is where

agencies must turn.

Outsourcing security services, or involving industry in policy-making,

is a frightening thought for many people. Government, in general, hesitates

to make outsiders privy to information about its vulnerabilities or failings.

That mindset has to change. If cyberthreats continue to grow, and security

experts continue to leave, the government will find itself woefully unprepared.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.