DHS urged to hire 600 cyber ninjas

Friday - 10/5/2012, 5:44am EDT

Steve Meyers, member, Task Force on Cyberskills, Homeland Security Advisory Council

Download mp3

The Homeland Security Department is in need of a few cyber ninjas.

DHS requires help in defining and developing about 600 superbly skilled and proficient employees. And the ninjas, or experts, will help set the curriculum for current and future cyber workers.

We are starting with the people that really do have the tradecraft. We are using them in order to identify what are the mission critical functions, tasks and what kind of scenarios do they need to be trained to," said Steve Myers, who is a member of the Homeland Security Advisory Council's Task Force on Cyberskills and spent his entire career in the defense and national security area. "What would the necessary proficiency be to be able to perform?"

The need to hire 600 cyber experts and develop a training standards were among the main recommendations from the Homeland Security Advisory Council Task Force on Cyberskills.

Recommendations greeted optimistically

The task force released its recommendations earlier this week to Secretary Janet Napolitano.

She immediately endorsed them and said DHS would start implementing them.

"We briefed Secretary Napolitano Tuesday morning and it was a quite gratifying meeting," Myers said. "She was very engaged, asked a lot of questions, had read the report before the meeting and was committed to its implementation."

Napolitano directed the committee to create the task force in July to figure out how to meet the increasing demand for skilled cyber workers. The task force conducted interviews with government, private sector and academic experts to come up with 11 recommendations in five areas.

"The problem that the task force was asked to address was really two problems: one of capability and one of scalability," Myers said. "It was very obvious to Secretary Napolitano and the leaders in DHS that we are just not getting the job done. It's always easier to be on offense than defense, and we are losing badly."

DHS, like most agencies, needs more cyber experts than there are available. One way to attract and retain the right people is by defining what they will do for DHS.

The Government Accountability Office found in November 2011 that nearly every agency experienced difficulty in defining and hiring cyber workers.

The DHS task force says the agency must develop and maintain an authoritative list of mission-critical cyber tasks. It offered 10 job titles as a starting point, including system and network penetration tester, threat and counter intelligence analysts and security engineers.

"We need to have an adequate number of people to address the increasing scale of the threat we are dealing with," Myers said. "We recommended scenario based training as the most practical way of bringing people up to speed and simulation based testing to verify their performance capability."

An approach modeled after pilots

He said the approach the task force is calling for is very similar to the one the Federal Aviation Administration uses for pilots.

Myers said these would include setting certification, testing and proficiency standards.

"The first thing we have to do, if I can borrow again from my aviation analogy, is we have to actually find out who the flight crew is," he said. "If you have job titles that characterize everyone as aviation professionals, it can get difficult to separate out the baggage handlers from the pilots. Everyone is needed to make the system work, but we need in cybersecurity we need the people who can really do the job, under highly stressful conditions and in an ever changing environment."

Even after defining the cyber skill sets and jobs, the task force recognized the pipeline of workers isn't meeting the government or industry's needs.

Additionally, DHS is at a disadvantage because of limitations on pay and bonuses and the slowness of how the government moves.

"What's going on right now between industry and government is fratricide, where they are competing with each other for what is a very small talent pool. That is not a good thing," Myers said. "We need to dramatically improve the size of that pool. It's imperative we give the educational institutions that will be training people better direction on what standards they need to train to and what kind of people are best suited to do this kind of work."

A shortage of workers

The task force recommended a few ways to increase the talent pool. First, DHS should help create a two-year community-college cyber program. Second, the government should raise the requirements to be a cybersecurity Center of Academic of Excellence. And third, the government should train and hire veterans into critical cyber positions.