Blog archive

What's wrong with cyber training? Apparently, a lot.

Navy person using keyboard

Why are trained cybersecurity professionals hard for the government to hire?

Our recent story headlined What’s wrong with cyber training? provoked quite the reaction.

Some readers agreed that there is too much focus on paper credentials and not enough on real-world know-how. Others argued that without those certifications, landing a job is next to impossible.

As commenter rb CA put it: (1) In most professions, you have book learning and you learn how to really work after you are hired. No one comes out of college (or the one-week course) ready to design the next gen CPU for Intel. They work their way up after years of effort. (2) We want them cyber ready but their 4 year degree is worthless if they don't have A+, SEC+, and/or CISSP.

Others presented new angles to the discussion. Commenter Kathleen Smith, for example, wrote: "What we don't understand is that those launching cyber attacks have a different moral compass than we do. We do not train our folks to go no-holds-barred when researching, developing an offense or going on the defense as our assailants."

Amber Corrin responds: It’s true that there are cultural factors at play here. In China, enormous pressure is put on young computer science students to be able to crack codes, hack into iron-clad network and to do it all faster than anyone else. In Russia, involvement in cyber crime, especially if it’s being provided as a service to the government, is often a matter of pride. In both places, these types of activities are heavily ingrained in the culture – and not coincidentally, both countries are frequently attributed as being responsible for cyber attacks on the U.S.

SANS Institute founder Alan Paller, quoted in the original story, suggested it is a cultural issue in the U.S., too – one that is holding us back. Recruiting, rather than training, is a key problem, one both rooted in and magnified by the lack of attention paid to the types of young minds that the U.S. needs in the cyber domain.

"We’re not celebrating that kind of brain that likes to break stuff apart and figure it out," Paller said.

Finally, @PrometricCyber tweeted FCW: Would you say the lack of well-trained cyber security professionals makes the industry a lucrative job market?

Amber Corrin responds: The answer to that is two-fold. There’s no shortage of cybersecurity jobs – the market is stronger than essentially any other, according to the numerous reports released over the last six months. By most standards, it is also quite lucrative: According to an InformationWeek survey from earlier this year, IT security staff enjoy a median yearly salary of $95,000, with management at $120,000.

And Paller said that those on the policy and decision-making side still tend to earn more than those in the trenches. As he put it, that’s because the policy-makers are the ones determining salaries.

"The people who don’t know what they’re doing are getting paid more than the people who do because they make the rules about who gets paid what," Paller said.

Posted by Amber Corrin on Jul 02, 2013 at 2:30 PM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.