Risk
4/9/2013
09:24 AM
Connect Directly
RSS
E-Mail
50%
50%

Federal Cyber Workforce Is Getting Older

Aging cybersecurity cadres need more training, influx of younger professionals, government report says.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
A report from the federal CIO Council and the National Initiative for Cybersecurity Education finds that federal employees with cybersecurity responsibilities are getting older and warns that there may not be enough of them in the pipeline to meet future requirements.

The report, titled the IT Workforce Assessment for Cybersecurity, is based on self-assessments of 22,956 employees from 52 federal departments and agencies, including the departments of Defense and Homeland Security. Participants completed the survey voluntarily in the fourth quarter of 2012 and January 2013.

The CIO Council, in a blog post, described the report as the first of its kind. The data collected will be "crucial to informing strategic workforce planning and cybersecurity training programs at federal agencies," the CIO Council said.

[ Will using cloud computing reduce personnel needs? Read Military Plans Multi-Exabyte Storage Cloud. ]

The report aims to establish a baseline of current capabilities in the federal cybersecurity workforce, identify areas where training is needed and provide a picture of the workforce pipeline. Along with it, the feds included an online diagnostic tool to help agencies with cybersecurity workforce planning.

The typical survey participant is between 51 and 55 years old with more than 10 years of public sector experience, and 21% will be eligible for retirement during the next three years. As evidence that the feds need to recruit younger workers with cybersecurity skills, 79% of survey respondents are older than 40, while only 5% are 30 or younger.

The data "indicates potential risk to the current and future pipeline of cybersecurity professionals," according to the report. "An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions."

Participants were asked to assess their proficiency in areas such as customer service and technical support, systems development and network services. Only 6% of survey participants graded themselves as having expert or advanced proficiency in cyber operations.

Respondents reported spending a substantial amount of time on customer service and technical support, where they rated themselves as having the highest average proficiency. Digital forensics is the area where the fewest participants, 57%, assessed themselves as meeting or exceeding optimal proficiency.

Survey respondents identified information assurance compliance, vulnerability assessment and management, and knowledge management as the top three areas where they need additional training.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/15/2013 | 2:30:37 AM
re: Federal Cyber Workforce Is Getting Older
With the proposed uptick in importance of cybersecurity in this administration, and the coming retirement of those who are already in positions where cybersecurity is a primary role, one has to wonder what the Federal Government is going to do... I'm not sure that it would be appropriate for the alphabet soup agencies to start solving their workforce shortage issues by hiring H-1Bs - that could lead to a lot of issues down the road.

The future remains bright (or so it seems) for cybersecurity professionals who want to work for the government though.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.