Risk
4/9/2013
09:24 AM
Connect Directly
RSS
E-Mail
50%
50%

Federal Cyber Workforce Is Getting Older

Aging cybersecurity cadres need more training, influx of younger professionals, government report says.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
A report from the federal CIO Council and the National Initiative for Cybersecurity Education finds that federal employees with cybersecurity responsibilities are getting older and warns that there may not be enough of them in the pipeline to meet future requirements.

The report, titled the IT Workforce Assessment for Cybersecurity, is based on self-assessments of 22,956 employees from 52 federal departments and agencies, including the departments of Defense and Homeland Security. Participants completed the survey voluntarily in the fourth quarter of 2012 and January 2013.

The CIO Council, in a blog post, described the report as the first of its kind. The data collected will be "crucial to informing strategic workforce planning and cybersecurity training programs at federal agencies," the CIO Council said.

[ Will using cloud computing reduce personnel needs? Read Military Plans Multi-Exabyte Storage Cloud. ]

The report aims to establish a baseline of current capabilities in the federal cybersecurity workforce, identify areas where training is needed and provide a picture of the workforce pipeline. Along with it, the feds included an online diagnostic tool to help agencies with cybersecurity workforce planning.

The typical survey participant is between 51 and 55 years old with more than 10 years of public sector experience, and 21% will be eligible for retirement during the next three years. As evidence that the feds need to recruit younger workers with cybersecurity skills, 79% of survey respondents are older than 40, while only 5% are 30 or younger.

The data "indicates potential risk to the current and future pipeline of cybersecurity professionals," according to the report. "An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions."

Participants were asked to assess their proficiency in areas such as customer service and technical support, systems development and network services. Only 6% of survey participants graded themselves as having expert or advanced proficiency in cyber operations.

Respondents reported spending a substantial amount of time on customer service and technical support, where they rated themselves as having the highest average proficiency. Digital forensics is the area where the fewest participants, 57%, assessed themselves as meeting or exceeding optimal proficiency.

Survey respondents identified information assurance compliance, vulnerability assessment and management, and knowledge management as the top three areas where they need additional training.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/15/2013 | 2:30:37 AM
re: Federal Cyber Workforce Is Getting Older
With the proposed uptick in importance of cybersecurity in this administration, and the coming retirement of those who are already in positions where cybersecurity is a primary role, one has to wonder what the Federal Government is going to do... I'm not sure that it would be appropriate for the alphabet soup agencies to start solving their workforce shortage issues by hiring H-1Bs - that could lead to a lot of issues down the road.

The future remains bright (or so it seems) for cybersecurity professionals who want to work for the government though.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-4350
Published: 2014-09-19
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

CVE-2014-4376
Published: 2014-09-19
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.

CVE-2014-4390
Published: 2014-09-19
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

Best of the Web
Dark Reading Radio