Quick Study

By Brian Robinson

Blog archive

In the future, everyone may be a cybersecurity professional

The Commission on Cybersecurity for the 44th Presidency has published its findings on the “Human Capital Crisis in Cybersecurity” and, as earlier reports suggested, it could be the spark for a wholesale change in the way the entire government IT work force is trained and certified.

Long term, if the commission’s recommendations are accepted, the professional bona fides of those who work in software development and network operations, as well as in traditional security areas such as intrusion detection and forensics, would be decided by an independent Board of Information Security Examiners. These areas are also critical to cybersecurity, the commission believes.

The commission identified a total of nine key roles in cybersecurity many of which, as with the above, don’t usually fall under the cybersecurity umbrella, including such things as systems administrator and even technical writer. “At least for the moment,” the commission said, it’s not including “executive and leadership roles or specialized functions unique to national security, intelligence or law enforcement.”

If you read through the commission’s report, however, it wouldn’t be surprising to eventually find just about any job that touches on IT, and therefore cybersecurity, included in this list.

The push for certification of cybersecurity professionals, and along with it the definition of just who fits that bill, will be controversial, given that there are many people already involved in cybersecurity that don’t have any formal qualifications. The commission tackles that by comparing the current state of cybersecurity to the practice of medicine in the 19th Century. Likewise, it said, the cybersecurity field has “lots of often self-taught practitioners only some of whom know what they are doing.”

It goes on to say:

“What has evolved in medicine over the last century is a system that recognizes that different kinds of skills and specialties are required. And, since most of us are not able to access the qualifications of a practitioner when a need arises, we now have an education system with accreditation standards and professional certifications by specialty. We can afford no less in the world of cyber.”

Those will be fighting words to some, and there’s a widespread dislike of the idea that the government could take a lead on deciding who is and who is not a cyber professional. But given the urgency that’s building around cybersecurity and the lack of people to fill essential roles, the commission’s recommendations will likely get a sympathetic hearing.

Posted on Jul 26, 2010 at 12:20 PM


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.