Cyber workforce cannot be a zero sum game

Friday - 10/22/2010, 7:16am EDT

WFED's Jason Miller

Click below to hear the report

Download mp3

By Jason Miller
Executive Editor
Federal News Radio

To fill key cybersecurity positions, agencies and industry are trading employees like professional sports teams trade players.

But over time the idea of stealing each other's workforce doesn't address the short or long-term needs for a skilled cyber workforce.

"It's a good thing to have that interchange between government and industry, but in the end it's a zero sum game," said Phil Reitinger, the Homeland Security Department's the under secretary of the National Programs and Protections Directorate (NPPD). "There aren't enough to go around. We have 220 people now, but we will need a heck of a lot more people in the future, and we know others like DoD are hiring. We just don't have enough of those people yet. So we absolutely have to build that end-to-end ecosystem."

Reitinger pointed to a recent example of this interchange. DHS brought in Bobbie Stempfley to be the director of the DHS National Cyber Security Division, while Mischel Kwon left DHS to work for RSA, the security division of EMC.

"We can't just focus on our urgent cyber workforce needs, but those that are strategic and critical, and there is nothing that is more strategic and critical from both a security and a competitiveness for us as a nation than workforce development and education over the course of the years," he said during a panel discussion on the cybersecurity workforce sponsored by Deloitte Consulting in Washington Thursday.

And Reitinger should know. DHS is trying to hire 1,000 cybersecurity professionals across the department by 2012.

He said in 2009 his office as tripled the number of people working on cybersecurity in NPPD, and in 2010, it again doubled the number. In all, about 220 people work on cybersecurity in NPPD. Reitinger said that number will continue to grow.

Reitinger added that DHS has an initiative to develop their workforce efforts so they have this end-to-end process for the agency.

"There are a lot of programs we are working on," he said. "We internally at DHS are focusing clearly now. This is a priority for all of us."

Nearly every agency is facing the same dearth of qualified candidates. The Defense Department currently is feeling the pain of finding cyber workers as it expands its cyber command and each of the service's cyber offices.

The Army's new commander of its cyber command Maj. Gen. Rhett Hernandez said the workforce is his top priority.

The Navy's Fleet Cyber Command also is looking to hire more than 2,500 uniformed and civilian cyber workers, said Kevin Cooley, a command information officer in the office.

He said currently the Navy is on target to meet its 2011 goal, but in the out years, they realize the competition only will increase.

Cooley said the Navy is taking a different approach to recruiting cyber workers.

"Over the last two years, we have gone through, what I will call, an old people's revelation," he said. "If we are going to reach out and touch these people, they will not look at USAjobs or go to a recruiting office and look at a recruiting poster. That's not their world. We spend a good amount of time and energy reaching out into the places that are in their world. Those places are in the social network. We spend a lot of time in places like Facebook, and looking at the digital presence the Navy has and how easy is it for someone to go into that environment" and find out what the Navy has to offer.

Jim Lewis, a senior fellow at the Center for Strategic and International Studies and the program manager for the Commission on Cybersecurity for the 44th Presidency, said the need for a security clearance only adds to the challenges to hire these workers. To get a new security clearance, it can take 18-24 months.

The demand for cyber employees spreads into industry as well. Deloitte estimates that government and contractors need today between 10,000 and 30,000 cyber professionals in the Washington metro area alone.

Agencies and industry also face the challenge of ensuring the workers can do the job. Unlike other professions, such as doctors, lawyer or plumbers, there is no standardized training or generally accepted certification program.

Cooley said the Navy faces this problem often.

"We go after individuals that have demonstrated the propensity to be able to learn this stuff," Cooley said. "We have batteries of tests we deliver and screen out the most qualified individuals. But what's common across all of that is nearly all of these positions require fairly high levels of classification."