Blog archive

What's wrong with cyber training? Apparently, a lot.

Navy person using keyboard

Why are trained cybersecurity professionals hard for the government to hire?

Our recent story headlined What’s wrong with cyber training? provoked quite the reaction.

Some readers agreed that there is too much focus on paper credentials and not enough on real-world know-how. Others argued that without those certifications, landing a job is next to impossible.

As commenter rb CA put it: (1) In most professions, you have book learning and you learn how to really work after you are hired. No one comes out of college (or the one-week course) ready to design the next gen CPU for Intel. They work their way up after years of effort. (2) We want them cyber ready but their 4 year degree is worthless if they don't have A+, SEC+, and/or CISSP.

Others presented new angles to the discussion. Commenter Kathleen Smith, for example, wrote: "What we don't understand is that those launching cyber attacks have a different moral compass than we do. We do not train our folks to go no-holds-barred when researching, developing an offense or going on the defense as our assailants."

Amber Corrin responds: It’s true that there are cultural factors at play here. In China, enormous pressure is put on young computer science students to be able to crack codes, hack into iron-clad network and to do it all faster than anyone else. In Russia, involvement in cyber crime, especially if it’s being provided as a service to the government, is often a matter of pride. In both places, these types of activities are heavily ingrained in the culture – and not coincidentally, both countries are frequently attributed as being responsible for cyber attacks on the U.S.

SANS Institute founder Alan Paller, quoted in the original story, suggested it is a cultural issue in the U.S., too – one that is holding us back. Recruiting, rather than training, is a key problem, one both rooted in and magnified by the lack of attention paid to the types of young minds that the U.S. needs in the cyber domain.

"We’re not celebrating that kind of brain that likes to break stuff apart and figure it out," Paller said.

Finally, @PrometricCyber tweeted FCW: Would you say the lack of well-trained cyber security professionals makes the industry a lucrative job market?

Amber Corrin responds: The answer to that is two-fold. There’s no shortage of cybersecurity jobs – the market is stronger than essentially any other, according to the numerous reports released over the last six months. By most standards, it is also quite lucrative: According to an InformationWeek survey from earlier this year, IT security staff enjoy a median yearly salary of $95,000, with management at $120,000.

And Paller said that those on the policy and decision-making side still tend to earn more than those in the trenches. As he put it, that’s because the policy-makers are the ones determining salaries.

"The people who don’t know what they’re doing are getting paid more than the people who do because they make the rules about who gets paid what," Paller said.

Posted by Amber Corrin on Jul 02, 2013 at 2:30 PM


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected