Workforce is the key to tight security on a tight budget

SAN FRANCISCO—Developing and maintaining a professional workforce is the key to maintaining cybersecurity, especially when budget dollars are scarce, a panel of government chief information security officers said.

 “If 80 percent of my budget is labor, I am not going to be able to deal with a 10 percent budget cut with just technology,” said Matthew McCormick, CISO of the Defense Intelligence Agency.

A panel discussion on Feb. 28 at the RSA Conference on providing cybersecurity on a government budget quickly focused on the workforce. While budgets are shrinking or at best static, agencies are competing to acquire experienced workers. and struggling to keep them.

Hord Tipton, executive director of ISC2 and former Interior Department CISO, cited Labor Department statistics showing a zero percent unemployment rate in cybersecurity.

“You can’t afford to lose the people you are depending on today,” said Patrick Howard, outgoing CISO at the Nuclear Regulatory Commission.

The NRC prides itself on having a good work environment, but it is not immune to budget challenges. “We haven’t had a budget increase in three years,” said Howard, who will begin working at the National Science Foundation in March. The NRC is working with unions on a workforce restructuring that could include lowering the government worker grade structure to allow hiring more workers for the same cost. That is not expected to happen before 2016.

Restructuring, both networks and jobs, is essential to better use of a limited workforce, the CISOs said.

Brent Conran, former House of Representatives CISO and now CSO at McAfee, said while at the House he consolidated 800 Active Directory domains and built an internal cloud to consolidate file servers and domain controllers. This simplified management and made more people available for other work.

State governments also are being squeezed. Nevada CISO Christopher Ipsen said his office began suffering budget cuts five years ago. He has relied on organizational changes and new security requirements to help simplify and streamline his work. Some of the changes included legislation requiring encryption of data on mobile devices, improved incident reporting for state agencies, penetration testing and continuous monitoring. These changes let him better use his limited staff and required the support of top management.

Getting management buy-in for needed change is essential to doing more with less, the panelists said.

“Take every opportunity you have to communicate the challenges you are facing,” Ipsen said.


About the Author

William Jackson is a Maryland-based freelance writer.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group