Risk
4/9/2013
09:24 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Federal Cyber Workforce Is Getting Older

Aging cybersecurity cadres need more training, influx of younger professionals, government report says.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
A report from the federal CIO Council and the National Initiative for Cybersecurity Education finds that federal employees with cybersecurity responsibilities are getting older and warns that there may not be enough of them in the pipeline to meet future requirements.

The report, titled the IT Workforce Assessment for Cybersecurity, is based on self-assessments of 22,956 employees from 52 federal departments and agencies, including the departments of Defense and Homeland Security. Participants completed the survey voluntarily in the fourth quarter of 2012 and January 2013.

The CIO Council, in a blog post, described the report as the first of its kind. The data collected will be "crucial to informing strategic workforce planning and cybersecurity training programs at federal agencies," the CIO Council said.

[ Will using cloud computing reduce personnel needs? Read Military Plans Multi-Exabyte Storage Cloud. ]

The report aims to establish a baseline of current capabilities in the federal cybersecurity workforce, identify areas where training is needed and provide a picture of the workforce pipeline. Along with it, the feds included an online diagnostic tool to help agencies with cybersecurity workforce planning.

The typical survey participant is between 51 and 55 years old with more than 10 years of public sector experience, and 21% will be eligible for retirement during the next three years. As evidence that the feds need to recruit younger workers with cybersecurity skills, 79% of survey respondents are older than 40, while only 5% are 30 or younger.

The data "indicates potential risk to the current and future pipeline of cybersecurity professionals," according to the report. "An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions."

Participants were asked to assess their proficiency in areas such as customer service and technical support, systems development and network services. Only 6% of survey participants graded themselves as having expert or advanced proficiency in cyber operations.

Respondents reported spending a substantial amount of time on customer service and technical support, where they rated themselves as having the highest average proficiency. Digital forensics is the area where the fewest participants, 57%, assessed themselves as meeting or exceeding optimal proficiency.

Survey respondents identified information assurance compliance, vulnerability assessment and management, and knowledge management as the top three areas where they need additional training.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/15/2013 | 2:30:37 AM
re: Federal Cyber Workforce Is Getting Older
With the proposed uptick in importance of cybersecurity in this administration, and the coming retirement of those who are already in positions where cybersecurity is a primary role, one has to wonder what the Federal Government is going to do... I'm not sure that it would be appropriate for the alphabet soup agencies to start solving their workforce shortage issues by hiring H-1Bs - that could lead to a lot of issues down the road.

The future remains bright (or so it seems) for cybersecurity professionals who want to work for the government though.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web