Risk
4/9/2013
09:24 AM
Connect Directly
RSS
E-Mail
50%
50%

Federal Cyber Workforce Is Getting Older

Aging cybersecurity cadres need more training, influx of younger professionals, government report says.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
A report from the federal CIO Council and the National Initiative for Cybersecurity Education finds that federal employees with cybersecurity responsibilities are getting older and warns that there may not be enough of them in the pipeline to meet future requirements.

The report, titled the IT Workforce Assessment for Cybersecurity, is based on self-assessments of 22,956 employees from 52 federal departments and agencies, including the departments of Defense and Homeland Security. Participants completed the survey voluntarily in the fourth quarter of 2012 and January 2013.

The CIO Council, in a blog post, described the report as the first of its kind. The data collected will be "crucial to informing strategic workforce planning and cybersecurity training programs at federal agencies," the CIO Council said.

[ Will using cloud computing reduce personnel needs? Read Military Plans Multi-Exabyte Storage Cloud. ]

The report aims to establish a baseline of current capabilities in the federal cybersecurity workforce, identify areas where training is needed and provide a picture of the workforce pipeline. Along with it, the feds included an online diagnostic tool to help agencies with cybersecurity workforce planning.

The typical survey participant is between 51 and 55 years old with more than 10 years of public sector experience, and 21% will be eligible for retirement during the next three years. As evidence that the feds need to recruit younger workers with cybersecurity skills, 79% of survey respondents are older than 40, while only 5% are 30 or younger.

The data "indicates potential risk to the current and future pipeline of cybersecurity professionals," according to the report. "An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions."

Participants were asked to assess their proficiency in areas such as customer service and technical support, systems development and network services. Only 6% of survey participants graded themselves as having expert or advanced proficiency in cyber operations.

Respondents reported spending a substantial amount of time on customer service and technical support, where they rated themselves as having the highest average proficiency. Digital forensics is the area where the fewest participants, 57%, assessed themselves as meeting or exceeding optimal proficiency.

Survey respondents identified information assurance compliance, vulnerability assessment and management, and knowledge management as the top three areas where they need additional training.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/15/2013 | 2:30:37 AM
re: Federal Cyber Workforce Is Getting Older
With the proposed uptick in importance of cybersecurity in this administration, and the coming retirement of those who are already in positions where cybersecurity is a primary role, one has to wonder what the Federal Government is going to do... I'm not sure that it would be appropriate for the alphabet soup agencies to start solving their workforce shortage issues by hiring H-1Bs - that could lead to a lot of issues down the road.

The future remains bright (or so it seems) for cybersecurity professionals who want to work for the government though.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.