Risk
4/9/2013
09:24 AM
50%
50%

Federal Cyber Workforce Is Getting Older

Aging cybersecurity cadres need more training, influx of younger professionals, government report says.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
A report from the federal CIO Council and the National Initiative for Cybersecurity Education finds that federal employees with cybersecurity responsibilities are getting older and warns that there may not be enough of them in the pipeline to meet future requirements.

The report, titled the IT Workforce Assessment for Cybersecurity, is based on self-assessments of 22,956 employees from 52 federal departments and agencies, including the departments of Defense and Homeland Security. Participants completed the survey voluntarily in the fourth quarter of 2012 and January 2013.

The CIO Council, in a blog post, described the report as the first of its kind. The data collected will be "crucial to informing strategic workforce planning and cybersecurity training programs at federal agencies," the CIO Council said.

[ Will using cloud computing reduce personnel needs? Read Military Plans Multi-Exabyte Storage Cloud. ]

The report aims to establish a baseline of current capabilities in the federal cybersecurity workforce, identify areas where training is needed and provide a picture of the workforce pipeline. Along with it, the feds included an online diagnostic tool to help agencies with cybersecurity workforce planning.

The typical survey participant is between 51 and 55 years old with more than 10 years of public sector experience, and 21% will be eligible for retirement during the next three years. As evidence that the feds need to recruit younger workers with cybersecurity skills, 79% of survey respondents are older than 40, while only 5% are 30 or younger.

The data "indicates potential risk to the current and future pipeline of cybersecurity professionals," according to the report. "An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions."

Participants were asked to assess their proficiency in areas such as customer service and technical support, systems development and network services. Only 6% of survey participants graded themselves as having expert or advanced proficiency in cyber operations.

Respondents reported spending a substantial amount of time on customer service and technical support, where they rated themselves as having the highest average proficiency. Digital forensics is the area where the fewest participants, 57%, assessed themselves as meeting or exceeding optimal proficiency.

Survey respondents identified information assurance compliance, vulnerability assessment and management, and knowledge management as the top three areas where they need additional training.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/15/2013 | 2:30:37 AM
re: Federal Cyber Workforce Is Getting Older
With the proposed uptick in importance of cybersecurity in this administration, and the coming retirement of those who are already in positions where cybersecurity is a primary role, one has to wonder what the Federal Government is going to do... I'm not sure that it would be appropriate for the alphabet soup agencies to start solving their workforce shortage issues by hiring H-1Bs - that could lead to a lot of issues down the road.

The future remains bright (or so it seems) for cybersecurity professionals who want to work for the government though.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9209
Published: 2015-03-30
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.