Where are the cyber pros?

The federal government's need for a robust cyber workforce is a long-standing concern, but meeting the need remains a challenge.

workers

The government's need for a well-trained cyber workforce isn't going away, but where are the people? (Stock image)

For more than a year, leaders at virtually every federal agency have been saying it: "We need a cyber workforce." The qualifications of that workforce vary across organizations – some may need security clearances, specific credentials or specialized training – but for all the talk, what is being done?

A number of factors contribute to the ambiguity surrounding this highly touted, evolving and critical part of the government. Rapidly changing technologies and threats mean that requirements are constantly shifting; funding uncertainties abound; and formal training is in early stages of widespread availability. Moreover, the specialty itself is not well-defined.

The current budget climate, however, might be the biggest hurdle of all, particularly when it comes to getting workers installed in government positions and into fighting form. That is a tall order amid widespread program cuts and the potential for mandated furloughs, according to Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency.

"We're getting great people in our staff and in our service components that are building the teams we need," Alexander said at a House Armed Services subcommittee hearing March 13. "The issues that come up with sequester – having to furlough those people that we're bringing in sends the wrong message. Further, the continuing resolution compounds our [challenges] in conducting training missions once we bring those teams in."

And the need for cyber professionals extends far beyond the Pentagon. Across government, agencies are struggling to fill offices with the right kind of employees, particularly those who may need to stretch beyond their core skills.

"Every organization can always use more [cyber professionals]; I don’t think any of us can have enough," said Darren Ash, Nuclear Regulatory Commission CIO. "But we also have to have the right mix of technical skills and the soft skills, working collaboratively with partner organizations."

Whereas in the past the technical people may have worked separately from the employees who do the talking, those divisions do not hold up when it comes to cybersecurity, according to Ash and other officials and experts speaking at an AFFIRM event in Washington on March 14.

"In today's world, when funds are short, I have no choice as a chief information security officer but to use all of the resources within the Commerce Department so I can bring them together in a collaborative way...and capitalize on all that expertise for the good of the department as a whole," said Rod Turk, Commerce Department CISO. "That ability to work with other people is a skill. And highly technical people and highly collaborative people are two different skill sets. You need a diverse group of people who can pull all of that together and drive a solution."

So where to start? Certifications, training programs, internships and even the increasing number of bachelor's degree in cybersecurity areas all have potential, the experts said. According to Ernest McDuffie, lead for national initiatives for cybersecurity education at the National Institute of Standards and Technology, community colleges are emerging as the "pointy edge of the spear" where cyber learning is cost-effective and widely accessible. Still, it is not so simple.

"Part of the frustration is the scale of the issue," said Michael Kaiser, executive director of the National Cyber Security Alliance. "If we just needed 5,000 cybersecurity professionals, we'd only need a handful of really great institutions generating those people. But we need an entire culture, and we need a global population. That changes the way we govern, the way we work together and the way we share information – and we're still in the infancy of that."

And while cyber professionals are in high demand, simply having a diploma in the right area will not necessarily suffice when it comes to landing a job in federal cybersecurity, panelists noted. "I don’t want to leave anyone with the impression that having a degree is the end-all, be-all, because if you have an established network operations center and security operations center...understanding the functional workings of the operations if tremendously important," Turk said. "Even though you have a baseline of knowledge, you have to bring them into the environment... and truly understand that environment."

Despite the progress made so far – and the speakers, as well as Alexander and DOD CIO Teri Takai at the March 13 hearing, all agreed progress has been made – the future of the cybersecurity workforce remains unclear.

"The numbers are mushy to get at exactly what people we need in what area at what places," said McDuffie. "This is really a global issue...the internet and cyberspace doesn't really respect anybody's national boundaries. This is something that's happening across the globe."

It is also a matter of culture change in education, technology and security – and where they intersect, Kaiser added.

"This is about shifting our culture in the way we educate people to defend our country," he said. "That's a challenge."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.