https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Wireless Networks


Wanted: Cybersecurity personnel

Wanted: Cybersecurity personnel

Government agencies need to secure sensitive information that rides over their networks, but there is a severe shortage of IT professionals who can help protect that data.
  • Written by Urgent Communications Administrator
  • 1st March 2011

“There are about 1,000 security people in the U.S. who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000.” — Jim Gosler NSA Visiting Scientist and founding director of the CIA’s Clandestine Information Technology Office.

Part of an interview on National Public Radio in July 2010, Gosler’s statement has been used as a call to arms for the federal government, educational institutions and computer security industry groups to address the need for more trained cybersecurity personnel, but it’s a long-term issue that won’t be solved overnight.

“There’s definitely a giant vacuum of jobs and not enough talent to fill all the positions,” said Jeff Moss, a member of the President’s Homeland Security Advisory Council. “Everyone’s trying to hire, but there just not enough qualified people out there. … You can’t contractor it away.”

Moss, founder and director of the Black Hat and DEFCON computer-security conferences, points out that those who can hire the fastest have a significant advantage, so private firms can typically get first crack at the talent pool of computer security personnel. On the other side of the spectrum, the Department of Homeland Security has been the slowest to hire people, because of requires employees to have more security clearances than other government agencies.

“Historically, it’s been the [National Security Agency] verses other agencies,” he said. “The NSA has interacted more with the academic community, so it has more experience in hiring from the private sector. Other agencies pretty much hire out of the military.”

Compounding matters are the differences between the public and private sector. Salaries aren’t competitive, and the government doesn’t typically offer to relocate new hires.

“There’s a bunch of churn [in the government],” Moss said. “You’ll hire someone, they’ll get clearances, learn the job and get experience, work with contractors — and the contractors get paid more. If you have a family, you’ll end up working for the contractors, unless you really believe in the mission.”

Outlining solutions to increase the cybersecurity work force has involved one of Washington D.C.’s leading think tank. In November 2010, the Center for Strategic and International Studies (CSIS) released a 47-page report entitled “A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters.” The report calls for the development of more rigorous curriculum in schools; the development and adoption of “technically rigorous” professional certifications; use of existing hiring, acquisition and training systems to raise the level of technical competence among the computer security workforce; and the need to “ensure a career path” to reward and retain those with high-level skills.

However, the CSIS recommendations will take years for the federal government and the private sector to implement fully. On the front lines of cybersecurity, organizations are struggling with the dearth of cybersecurity personnel today.

“It’s hard to find qualified people,” said Jeffery Carpenter, technical manager of the CERT Coordination Center. “A lot of organizations are trying to recruit from the same limited pool at the same time. There’s a shortage of people that have the cybersecurity skills that are needed to do in-depth security work.”

CERT, one of the first responders to a national cyber attack, cannot afford to be short a couple of positions. Housed at the Software Engineering Institute at Carnegie Mellon University and funded by the federal government, the CERT Coordination Center (CERT/CC) analyzes clues from an attack, figure out what happened, how to recover from it, and outline steps to prevent it from happening again, while coordinating with national response teams at the Department of Homeland Security and its counterparts in nations around the world.

Carpenter says it takes six to 12 months to fill senior-level positions for his organization — not including the time it takes to get security clearances in some of the more sensitive positions. While some current staffers have worked their way through the ranks, there are “very few” entry-level positions and hence, few opportunities to grow from within.

“A number of people have worked their way up from entry level, but it’s not a large percentage,” Carpenter said.

Candidates for CERT positions are unique, because not only do they need to have in-depth knowledge of systems, networks and security concepts as a foundation for employment, they must be adept at problem solving and need strong communications skills to convey findings.

Carpenter has mixed feelings about demands for formal skills certifications.

“I think certification plays a role, but people shouldn’t be dependent on certification being the total picture for being qualified in the field,” he said. “Many of the different certs give some indication that the candidates have certain knowledge, but — depending on what you are actually looking for in the position — you probably need to have more in-depth discussions on what broader set of skills are necessary for the position.”

CERT doesn’t require formal certifications as a part of the interview process; instead, it conducts a full day of interviews with candidates covering a wide variety of subjects.

“There’s a variety of creative-thinking skills that certifications don’t capture very well, and it is hard to capture that in a timed and structured test,” said Carpenter. “ If you have a CISSP [certified information systems security professional certification], have some general knowledge on a wide variety of security issues, that helps as a starting point.

“We don’t eliminate people who don’t have certification. Some organizations do. There are some that say, ‘Don’t even bother applying if you don’t have a have a CISSP’ or whatever think they have to have; they use it as a baseline as to the level of knowledge a candidate has and go forward from there.”

Sharing Carpenter’s positions on certification and finding resourceful thinkers in cybersecurity is Lt. Colonel Robert Fanelli, an assistant professor at the U.S. Military Academy. Fanelli is the course director for the cybersecurity track at West Point.

“We don’t always have the best model for the appropriate training and qualifications,” Fanelli said. “That seems to be changing all the time. It’s hard to say that, if I implement a training program today, we won’t have the right people in a year.” IT and cybersecurity instead become a “lifelong learning process … it’s hard to say someone is trained and give them a seal of approval without continuing education.”

Changes in fundamental technology and ongoing, evolving threats mean cybersecurity professionals will have to keep abreast of all the latest developments, Fanelli said. And finding the right people goes beyond simple certification.

“There’s an issue to getting the right set of technical skills and the right mindset,” Fanelli stated. “You need creative problem solving. It’s usually necessary to think like an attacker, to think of all of the possible ways to penetrate a system. The obvious things certainly should be secured, but the not-so-obvious things may also need to be secured.”

Increasing the number of cybersecurity professionals in the ranks — civilian and military — is going to take time. Carpenter and Fanelli agree that generating interest in the field needs to start early.

“My belief is [the solution] really needs to be education-focused, both in secondary school and higher education,” Carpenter said. “At the high-school level, we want to entice people to come to [cybersecurity] and challenge them and get them excited about a career. In higher education, we want to draw them in and get them to learn the skills they need.”

Fanelli said there were particular benefits in the “Cyber Challenges” skills contests being run at the high school and undergraduate level.

“The advantage of doing these sorts of challenges is that it raises awareness and enthusiasm to pursue careers in computer science,” he said. “They see the ‘cool,’ and it gets them enthusiastic. There’s more deep learning about computer science … that they may not otherwise have.”

When students are ready to move into college-level studies, the federal government and higher education have prepared course curriculum to foster learning for computer-security positions. The Department of Homeland Security and the National Security Agency have established “Centers of Excellence” programs for higher education, providing a set of standards and certifying cybersecurity and information assurance tracks offered by schools. Centers of Excellence ensure that students get the quality coursework they need, so government agencies can get qualified entry-level cybersecurity employees.

In addition, the U.S. Office of Personnel Management is operating a “Scholarship For Service” (SFS) program designed to provide full scholarships and stipends to students who study information assurance or cybersecurity at an approved university. The merit-based program typically provides participants with full tuition, books, and room and board, along with stipends of up to $8,000 for undergraduates and $12,000 for graduate students.

It also includes a paid summer internship at a federal agency for students who have been in the program for more than a year and the potential for paid employment at a federal agency if it doesn’t interfere with studies. In exchange, students agree to work for the federal government for the length of their scholarship or a period of one year, whichever is longer.

One place students may enroll at is the University of Maryland University College (UMUC), certified by NSA and DHS as a Center of Academic Excellence in Information Assurance. UMUC introduced cybersecurity undergraduate and master’s degree programs in September 2010 with considerable input from third parties, including government officials, outside consultants, private companies and academia.

“We designed the program from scratch,” said Dr. Allen Carswell, Chair of UMUC’s Cybersecurity and Information Assurance Department. “Cybersecurity is multi-disciplinary, and it deals with issues related to computer security, legislation, regulation, privacy, ethics and psychology. There are a number of fields included that are not technology-based.” So far, UMUC has more than 1,300 students enrolled in its undergraduate program and 600-plus students in the master’s program.

However, all of these efforts are just starting to ramp up, and it isn’t fully clear when there will be enough people coming out of college to meet the requirement of the nation.

“I think it’s going to be a number of years before the demand is met,” Carpenter said. “Our dependence on technology is increasing, and I’m not sure if the numbers of people coming into cybersecurity are enough.”

Related Stories

  • A new problem to hack away at: NG-911 security breaches
  • Security key for next-generation PSAPs

Tags: Cybersecurity Wireless Networks

Most Recent


  • AT&T wireless growth keyed by FirstNet—now provides 24,000 agencies with 4.4 million connections
    AT&T this week reported that FirstNet ended 2022 supporting more than 24,000 public-safety agencies with “about” 4.4 million connections, including 377,000 connections that were added during the last three months of 2022—a total that represents more than half of the carrier’s post-paid wireless growth for the quarter. AT&T officials released these figures in conjunction with […]
  • AT&T FirstNet unleashes robotic dogs for emergency services
    AT&T is releasing robotic hounds from Ghost Robotics as part of the service provider’s FirstNet emergency responder service. In a blog, AT&T VP Lance Spencer explained that the robotic dogs will be connected to AT&T’s network and deployed for public safety, defense, federal and state agencies, local police and fire departments, and commercial customers. “Network-connected robotic dogs can deliver a […]
  • Federal agencies infested by cyberattackers via legit remote-management systems
    It has come to light that hackers cleverly utilized two off-the-shelf remote monitoring and management systems (RMMs) to breach multiple Federal Civilian Executive Branch (FCEB) agency networks in the US last summer. On Jan. 25, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released […]
  • How 5G is making cities safer, smarter, and more efficient
    It’s a scenario we’ve all experienced: an ambulance with a blaring siren racing against time to get a person in medical distress to a hospital through traffic. What we don’t see is 5G connectivity enabling paramedics to communicate with hospital staff via video conference and coordinate care in real-time before arriving at the emergency room. […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • The battle over connected cars drags on
  • UK officials revamp ESN plans again, target Airwave-to-LTE transition for end of 2026
  • PSCR: Dereck Orr highlights features of June 21-24 virtual event
  • FirstNet buildout on pace for March 2023 completion, AT&T official says

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T wireless growth keyed by FirstNet—now provides 24,000 agencies with 4.4 million connections dlvr.it/ShY5qH

27th January 2023
UrgentComm

Report: Remote work causing offices to empty, but walkable cities still in high demand dlvr.it/ShXM7Z

27th January 2023
UrgentComm

AT&T FirstNet unleashes robotic dogs for emergency services dlvr.it/ShW7p8

27th January 2023
UrgentComm

Federal agencies infested by cyberattackers via legit remote-management systems dlvr.it/ShVhn3

26th January 2023
UrgentComm

How 5G is making cities safer, smarter, and more efficient dlvr.it/ShVS1h

26th January 2023
UrgentComm

MCPTT interworking for critical communications dlvr.it/ShTm3P

26th January 2023
UrgentComm

Self-driving cars present terrorism risk, FBI director says dlvr.it/ShTTHx

26th January 2023
UrgentComm

UK Home Office officially will cut ESN ties with Motorola Solutions in December dlvr.it/ShNjfN

24th January 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.