Opinion: Government Must Attract More Cyber-Security Talent
Mark Weatherford writes on Government Technology:
As if running a government cyber-security program wasn't already challenging, a recently released report by Booz Allen Hamilton and the Partnership for Public Service titled Cyber In-Security [.pdf] reminds us that one of the critical, nontechnical problems lurking on the horizon is the shrinking number of qualified cyber-security experts interested in working for the government.More here.
The report is a result of a survey of CIOs, chief information security officers and HR officials from the federal government. It found, among other things, that "the pipeline of potential new talent is inadequate." The report further states that "there are concerns that America is not developing enough IT experts, creating labor shortages in both the public and private sector." We've been hearing for a few years now about the IT work force "retirement bubble," but this is the first report I'm aware of that focuses specifically on the cyber-security work force.
While risk management is a fundamental component of any good cyber-security program, the overall goal of risk management isn't simply to protect an organization's IT assets, but to protect the institution's ability to carry out its mission. If we accept the definition of risk management as "the process of identifying, assessing and reducing risk to an acceptable level and implementing the right mechanisms to maintain that level of risk," our cyber-security work force issue means, "Houston, we have a problem."