Quick Study

By Brian Robinson

Blog archive

In the future, everyone may be a cybersecurity professional

The Commission on Cybersecurity for the 44th Presidency has published its findings on the “Human Capital Crisis in Cybersecurity” and, as earlier reports suggested, it could be the spark for a wholesale change in the way the entire government IT work force is trained and certified.

Long term, if the commission’s recommendations are accepted, the professional bona fides of those who work in software development and network operations, as well as in traditional security areas such as intrusion detection and forensics, would be decided by an independent Board of Information Security Examiners. These areas are also critical to cybersecurity, the commission believes.

The commission identified a total of nine key roles in cybersecurity many of which, as with the above, don’t usually fall under the cybersecurity umbrella, including such things as systems administrator and even technical writer. “At least for the moment,” the commission said, it’s not including “executive and leadership roles or specialized functions unique to national security, intelligence or law enforcement.”

If you read through the commission’s report, however, it wouldn’t be surprising to eventually find just about any job that touches on IT, and therefore cybersecurity, included in this list.

The push for certification of cybersecurity professionals, and along with it the definition of just who fits that bill, will be controversial, given that there are many people already involved in cybersecurity that don’t have any formal qualifications. The commission tackles that by comparing the current state of cybersecurity to the practice of medicine in the 19th Century. Likewise, it said, the cybersecurity field has “lots of often self-taught practitioners only some of whom know what they are doing.”

It goes on to say:

“What has evolved in medicine over the last century is a system that recognizes that different kinds of skills and specialties are required. And, since most of us are not able to access the qualifications of a practitioner when a need arises, we now have an education system with accreditation standards and professional certifications by specialty. We can afford no less in the world of cyber.”

Those will be fighting words to some, and there’s a widespread dislike of the idea that the government could take a lead on deciding who is and who is not a cyber professional. But given the urgency that’s building around cybersecurity and the lack of people to fill essential roles, the commission’s recommendations will likely get a sympathetic hearing.

Posted on Jul 26, 2010 at 12:20 PM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.