7 Reasons Federal Cybersecurity Hires Will Grow - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
09:06 AM
W. Hord Tipton
W. Hord Tipton
Connect Directly

7 Reasons Federal Cybersecurity Hires Will Grow

Government officials have recognized the importance of investing in human capital, not just technology, to confront cybersecurity crises.

Call me an optimist, but I predict the US government will make significant progress in 2014 in marshaling a human capital strategy -- not just a technical response -- to today's cybersecurity crisis. Part of that optimism is predicated on the belief that there is opportunity in crisis. It's also based on the sense that the executives with the power to create change have a deeper awareness of the crisis that cyberthreats pose and are more willing to address it than before.

Consequently, I believe in 2014, the government's human capital challenge, of having the cybersecurity talent it needs, will begin to evolve -- from crisis to collaboration, from being "stuck" to at the very least getting "out of the gate."

Why do I believe this?

1. Awareness of the need has been established.
Security breaches of various kinds have significantly affected companies' bottom line, reputation, and public trust. For better or worse, the C suite is now keenly aware of the need for security and is placing a higher value on qualified information security professionals. The troubling issues with the Affordable Care Act website has underscored the horrific impacts both to cost and and the security and privacy of waiving the requirements for acceptable system development. I believe this will build further awareness of the value of certification and accreditation (authorization) for all federal systems and the need for professionals skilled in implementing this critical process.

[3D printing in space? Read NASA Explores 3D Printing: 5 Cool Projects.]

2. Security budgets have been relatively protected.
Despite budgetary setbacks, information security resources as a whole are being given greater consideration than other IT programs, according to a recent study. Interestingly, Office of Management and Budget reports show that up to 90% of federal IT security spending is on personnel costs.

3. The cry for greater guidance has been heard.
Both government and industry have expressed the need for greater guidance in developing security policies, specifically in training workers. Those responsible for staffing agency security programs are looking to pioneering programs, such as the Defense Department's directive (8570.1), which mandate certification training and provide guidance on how to effectively validate, build, and train their agency's information security workforce. In 2014, I believe we will see more legislatively driven policies and guidance to support security workforce development.

Army network training. Photo courtesy of Army CIO/G6.
Army network training. Photo courtesy of Army CIO/G6.

4. Demand for certification is on the rise.
According to observation and research, both the number of jobs requiring information security certification and the number of practitioners seeking certification are increasing.

5. Mechanisms are in place -- and evolving -- to foster collaboration with academia to meet growing workforce demands.
Initiatives such as the NICE Framework, the Scholarship for Service Program, and the National Centers of Academic Excellence have advanced the government's relationship with academia. Behind the scenes, we are seeing a change in universities as they become more business-oriented and geared toward specialty programs. This is helping to build a sorely needed cybersecurity career path.

6. Security policies and personnel are being integrated into the government's IT acquisition process.
Thanks in large part to cloud adoption and the FedRAMP program, personnel assessment requirements are being developed on the front-end of IT acquisition, a process greatly in need of reform from a security perspective.

7. Culturally out-of-the box talent is gaining respect.
Even Pentagon officials acknowledge that some of the most complex cyber maneuvers are coming from teenagers sipping Red Bull, wearing flip-flops in their parents' basement. Although this image of cutting-edge cyber talent hardly fits the traditional government employee profile, I believe government is gearing up to tap into a more culturally out-of-the box talent pool capable of providing insight and skill beyond what is considered the norm.

So, what if I am wrong? Well, if I am wrong, the government is in big trouble.

But the outlook appears to be  brightening. Despite budget setbacks, the government's investment in cybersecurity personnel is only going to escalate in 2014. Based on the most recent budget reports (and notwithstanding budget revisions): the Air Force is slated to add 1,000 new personnel between 2014 and 2016 as part of its cybersecurity units; the Army continues to develop its new cyber command center at Fort Meade to eventually house 1,500, from which it will lead a worldwide cyber corps of 21,000 personnel; and DHS will be entering Phase 2 of the largest existing US government cybersecurity contract ($6 billion).

With an investment of this magnitude, lack of progress is not an option. If the government doesn't keep up its momentum, the unfortunate truth is that it will end up losing all or most of its good people.

The federal government shutdown last October represented the first phase of a personnel exodus during which it lost some of its finest talent. If the government does not take immediate measures to take care of its people, the exodus will continue, particularly in cybersecurity.

Our studies indicate that US government information security salaries fell behind in 2013 after remaining ahead of the private sector in prior years. The demand for skilled professionals is high in the private sector as well as in the public sector, but private-sector pay is now higher. If the government does not continue to strengthen its workforce with the momentum it has created and build on what it has already established, we will find ourselves right back in crisis mode come 2015.

 Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, is currently the executive director for (ISC)2, the not-for-profit global leader in information security education and certification. Tipton previously served as chief information officer for the U.S. Department of the Interior ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Lorna Garey
Lorna Garey,
User Rank: Author
2/12/2014 | 5:18:45 PM
Re: Buy Or Rent?
This is a golden opportunity for grow-your-own within the armed services. Why can't the Air Force, for example, recruit technically proficient kids who may not be able to afford a four-year college (or who maybe don't want to go that route) and train them in cybersecurity? Maybe the active term would need to be six to eight years as opposed to four, at which point a retention bonus may help retain these people.
User Rank: Author
2/12/2014 | 10:14:28 AM
Buy Or Rent?
Hord, even if government infosec budgets have been protected, they're not rising, form what I understand. Meantime, the demand for security professionals is rising just as fast in the private sector, pushing up salaries. Can government agencies afford to hire that talent? Or will it come via contract/consulting work?
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll