Slashdot Mirror
DHS Wants To Hire 1,000 Cybersecurity Experts
Cyrus writes "DHS Secretary Janet Napolitano plans to hire 1,000 security experts over the next three years. 'Department officials could not say precisely how many cyberexperts now work at DHS and its various component agencies such as the Secret Service and Immigration and Customs Enforcement. Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization."'" Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!," except he uses all caps and bold.
Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
No matter. These guys will be the "cybersecurity" equivalent of the TSA goons at the airport, probably with a management culture even worse than those poor slobs have to live with.
When information is power, privacy is freedom.
Will you idiots please stop prefixing stuff with "cyber"? I know you're trying to make yourselves sound all cool and tech-savvy, but all you're really doing is sounding like someone from a bad 80s sci-fi movie.
"Cyberorganization"? What the hell does that even mean? You use computers and computer networks? Computers and computer networks are your primary focus? Big goddamn deal! You don't see Microsoft or IBM or Cisco calling themselves "cybercorporations", do you?
Look at me, I spend a lot of my time on the Internet! I'm a cyberperson!
Yep. Penn State University offers a degree in Security and Risk Analysis with a specification in Cyber-security. http://ist.psu.edu/prospectivestudents/undergraduate/sra/
Warning: Corny karma killing post above.
DHS's cyber security operation is headed by Phil Reitinger, who's from Microsoft. So DHS won't be allowed to do anything that would seriously impact Microsoft's business models. Which means nothing significant will happen. Here's his list of priorities. You'll see the problem.
The first guy in that job, Amit Yoran, came out and said the big problem was weak security in Microsoft operating systems. He was ignored, then quit in disgust. The next guy was Cisco's lobbyist, who was not only useless, the job was downgraded during his tenure.
I'm not expecting much from that crowd.
I have a fairly long track record in the security industry, and I'm really puzzled by Cringely's assertion. It's hard to tell if he is trying to make a point out of a semantic squabble, or if he genuinely believes that the information security community has fewer than 1,000 competent experts.
If the former, yeah, the term "cybersecurity expert" is unfortunate - but it's clear it's just PR speak for "information security professional". Cringely then attempts to define that first, largely meaningless term, and then polls his anonymous friends (who themselves probably do not fall within that definition) to come up with wild guessess.
If the latter, yes, we definitely have more than 1,000 security experts. There is something around 500 emitent, internationally recognized folks publishing books, research, and otherwise contributing to the "cutting edge" of the industry. Then there's another 500-1,000 top-tier, notable security VPs, CEOs, etc, working for Fortune 500 companies (they may not all be technically savvy, but they *are* the industry). Then, there is probably something close to 200,000 security professionals working for companies around the world - we have something like 50,000 registered CISSPs alone (which is a certification largely inaccessible to hobbyists, and pursued by a minority of infosec workers), something around 50,000 subscribers to BUGTRAQ and other security mailing lists, etc.
Does this mean that DHS would be able to hire 1,000 competent experts? Unlikely, as the government historically did a pretty poor job of competing with commercial corporations (in terms of compensation and work culture), and many agencies may lack the hiring rigor and expertise to make the right calls. Given the size of the networked infrastructure in the US, this number is high, but does not sound outlandish by itself, though (many large corporations have 20-100 security people on their payroll).
I would have to agree. Having obtained my CCIE Security this year (no I wasn't the one that passed the new 3.0 blueprint), and having a CISSP for a few years, I can say from my experience that there are likely well over 1000 experts in the country. Heck, we have quite a few experts in the company I work for now, and no it's not Cisco. In fact, Cisco calls us in to fix problems they can't from time to time. I doubt that any of them would want to work directly for the government though; I certainly would not. Consulting work for the government, sure, but not a government employee. His point seems to be that he doesn't know that many security experts, so they must not be out there. From his article, it appears that he knows a few subject matter experts, but he points out himself that they are not all-around experts. To quote "I was an expert in AV, IDS, and other areas. But I was not the all knowing security guru." That's two listed technologies and one all-encompassing "other" category. And apparently this expert "was," no longer "is." Now, I'm not calling them out, and I'm not going to compare resumes in a public forum. I'm just saying, when his own experts say they were an expert, maybe he's not talking to the right experts...
No, they aren't. The Information Assurance and other Information Technology positions in the Federal Government are usually grade GS-13. A GS-13 Step 1 in the Metro DC Area makes $70,615, Step 10 makes $91,801. This is competitive with most commercial salaries. Factor in the generous benefits (retirement, commute cost compensation, flextime, etc.) and the Civil Service positions are lucrative.
In the land of the blind, the one-eyed man is usually crucified.