Cybersecurity Plan Means New JobsAgencies, Contractors Need Advanced Skills Now So, the Obama administration has presented its cybersecurity plan establishing the practice as a major, new national priority.
What does this mean for information security careers?
Security experts that work closely with the government offer insights on the direction the new administration has taken regarding its security policies and how these can impact security careers.
1. More Cybersecurity Jobs in Govt.
The reason cybersecurity is getting so much attention is that our nation's physical and economic survival are at risk if major IT disruptions occur. "The government, like business, cannot function without IT, therefore President Obama has promised to increase spending in cybersecurity, which strongly suggests more employment," says Kathy Roberson, Senior Human Resource Consultant with the Office of Personnel Management. This comment is aimed mostly at all federal departments, but hires are specifically going to be desired within the National Security Agency and DoD, she says. With the release of the new cybersecurity report, Roberson expects cybersecurity hires to increase by at least a 1000 per year within the federal government.
2. Increased Demand by Government Contractors
Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon all have major cyber contracts with the military and intelligence agencies and are anticipating new projects to fall their way with so much emphasis being given to protection of critical infrastructure. These companies have been moving quickly to lock up the relatively small amount of expertise available in this field "Cybersecurity is embedded in everything that we do, therefore all projects need cybersecurity expertise. Many of the programs require some type of intrusion detection, prevention, incident response and handling, or computer forensics experience," says Jeffery Adams, Director of news and information at Lockheed Martin. At General Dynamics, Nadia D. Short, vice president of strategy & business development, says "The three main positions we are looking for currently include an additional need for cyber security analysts who will perform investigations and incident response activities; reverse engineering experts who not only lead investigations but follow audit trails associated with different exploitation and attacks; and computer forensics experts who understand file systems, log histories, patching and chain of custody activities."
3. Critical and Advanced Technical Skills Needed
The new administration has shown a focus on advanced technical skills, says Alan Paller, Executive Director, SANS Institute. For example: The head of United States Strategic Command (Stratcom) recently told Congress about the critical shortage of these skills and the need to correct that shortage. In addition, the CSIS Commission on Cybersecurity for the 44th President, which is helping to drive the new administration's priorities, pointed out the critical need for advanced technical skills, listing specifically: vulnerability analysis, penetration testing, computer network attack, intrusion detection, digital forensics, reverse engineering, protocol analysis and secure network engineering. "I believe the nation is seeing the decline of the age of security compliance and the dawn of the age of hands-on security," says Paller.
4. Greater Emphasis on Data Protection and Privacy:
"Not a day goes by without hackers or criminal activities and fraud hitting the news- a clear reminder to the new administration that they need to take appropriate steps to fill these gaps," says Hord Tipton, CEO, ISC2. Tipton says he has learned through his involvement with the federal government that the new administration will most likely come up with a new set of guidelines for data protection, which will become a strict enforcer of privacy under Obama's eye. This again will open more employment opportunities in the area.
5. FISMA Reform: Senior Security Executives Needed
Congress enacted the Federal Information Security Management Act (FISMA) in 2002, establishing a framework for government agencies to bolster IT and network security. FISMA at the heart of it is just a regulation directed at adequate security measures agencies should be implementing to protect their IT assets.
However, right from the start FISMA has concentrated primarily on compliance and paperwork, with very little focus on security. Several high-profile breaches over the years since FISMA was enacted have brought federal information systems security back into the spotlight, encouraging Congress to reexamine the issue. "FISMA does not necessarily assure security and protection of IT systems, as well as the whole monitoring aspect is missing currently," says Tipton. "What happens when an agency miscalculates risk? Who is accountable"? These are few reasons why FISMA is undergoing changes and new reforms are being outlined.
The FISMA reform - whatever shape it ultimately takes -- will essentially focus on-
- Enforcing greater accountability within agencies by establishing senior leaders within information security who will be responsible for department wide agency security on the lines of a Chief information security officer (CISO).
- "More senior level positions will open as the need for accountability and monitoring is clearly something which needs to be addressed" says Tipton.
- Enhancing security monitoring, detection and response within the federal government agencies and departments.
- Developing appropriate security awareness and training programs to help departmental and agency employees understand how their role affects security and what they must do to assure IT systems and data are secure.
6. More Focus on User Education and Training:
The U.S. Department of Defense Directive 8570.1, Information Assurance Training, Certification, and Workforce Management, approved in December of 2005, requires every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or occupational specialty, to obtain a commercial certification credential that has been accredited by the American National Standards Institute (ANSI). The objective is to ensure that 100% of all DoD employees and contractors are certified and trained by 2010. For all DoD employees, including both civilian and military, the DoD funds the entire cost of certification. They also take up the cost for remediation in case employees do not pass the certification exam the first time.
The Service for Scholarship program is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. This program provides scholarships in exchange for government service in the information assurance field, that fully fund the typical costs that students pay for books, tuition, and room and board while attending an approved institution of higher learning. The scholarships are funded through grants awarded by the National Science Foundation.
"Under the new cybersecurity policy released by the government, the scope and funding for both the DoD Directive training and certification policy and scholarship for service program is enhanced," says Roberson. A lot of federal agencies and departments are hiring students from these programs to fulfill their need for trained security professionals, she says. "There is again, bigger emphasis by the administration on user education and training by reaching younger generation of students who are typically in their K- 12th year of education".
"The government is now clearly recognizing the value of on going education and training required for critical skills and hands on information security and IT positions and is moving toward certification and education in a more holistic manner," says Tipton.
Government Career Resources
Interested in one of these prospective government opportunities? Here's where you can turn for more details:
- www.usajobs.gov - This is a United States Office of Personnel Management website. USAJOBS is the Federal Government's official one-stop source for federal jobs and employment information. Currently, there are 47,303 U.S. Government job opportunities worldwide. That site has recently added a link for positions created by the stimulus package. Many of those positions will be filled through accelerated hiring procedures. To access that directly, go to http://jobsearch.usajobs.gov/a9recoveryjobs.asp.
- Prospective job candidates can access the exclusive job listing at individual federal agencies from http://dcjobsource.com/fed.html. Visiting the individual web sites of different federal agencies also helps as often each agency has its own special job positions and requirements posted on their website.
- Federal Bureau of Investigation, National Security Agency and Treasury Department, often fill unadvertised openings at job fairs. Some are listed at www.govcentral.com/careers/articles/1871 and at www.fedjobs.com/chat/jobfairs.html.
- Candidates looking for jobs with government contractors can visit www.fedbizopps.gov and www.recovery.gov to accelerate their job search initiatives.
- For current students who are seeking internships within the government two good resourceful sites are - www.makingthedifference.org and www.studentjobs.gov.