US Not Training Enough Cybersecurity Experts

graychase writes "Homeland Security's cybersecurity director, Richard Marshall, warns that universities aren't turning out enough cybersecurity experts and urges greater scholarship funding. 'Look at all the great football and basketball programs. They're all on scholarships. They're not playing for fun — they're playing for money.'"

Training?

[WrongSizeGlass]

Shouldn't they be recruiting them from the trenches or simply luring script kiddies into the evil clutches of our federal government with promises of "no bedtimes", "free games, pizza & soda" and "no one here will make fun of you because everyone here will be like you"?

Easy solution

[Skyshadow]

We'll just recruit our cybersecurity from the obvious source: China.

I, er, hear they may have some relevant experience.

No problem

[oldspewey]

I'm sure the US can just hire some of those well-trained and eager Chinese cybersecurity experts who seem friendly and anxious to come across on H1 visa.

They're not seeing a primary source.

[rindeee]

Working in the industry and hiring new Cyber talent on a weekly basis, I'd say that the author's aren't looking in the right place. We find the best, most talented folks are coming out of the military. These ladies and gentlemen are very disciplined, highly trained and have real (very real) experience not only within the ranks of military cyber operations, but most also have a good deal of experience in the intelligence community. They all have a great deal of experience (and preference) with open source tools, but understand the proper application and integration of COTS products as well. Anyway, my two cents.

Re:They're not seeing a primary source.

That might be the case, but it's equally as hard to find a cyber security job. I graduated from a Center of Excellence with a Master's in Computer Security and Information Assurance. Due to the scholarship I've been working with DoD and I've gained my clearance through them. I've sent job applications to NSA, DHS, ARL, NRL, DARPA, etc. and have not heard one response aside from DHS saying I wasn't the most qualified candidate. I even have my 8570 certifications now for IAT 2. Everything is so C&A focused it's a bear to find any real cyber security work - I've certainly been trying to move toward it. Maybe I'm doing it wrong, but from my experience the job positions just aren't there, regardless of need.

Re:They're not seeing a primary source.

[centuren]

The whole statement seems to show a wildly inaccurate perspective on how education and industry go together:

"Homeland Security's cybersecurity director, Richard Marshall, warns that universities aren't turning out enough cybersecurity experts and urges greater scholarship funding.

Universities do not turn out experts, period. If one needs more national security experts, the place to look isn't for upcoming graduates from Harvard's "Department of National Security", because no such thing exists. Hopefully, 4-year degrees in cybersecurity don't/won't exist, either. Universities educate students, giving them knowledge and skills to put them in a situation where they can be trained into these rolls. I went to an engineering school, and the CIA had a booth at the job fair every year, and 3 or 4 of my friends interned with the NSA, at least one of whom accepted a job there after he finished his graduate degree(s).

Richard Marshall's statement seems absurd; if they need more cybersecurity experts then they should recruit and train more people. With today's unemployment rate, it's not like there aren't people with the education out there looking for jobs. If you want more experts, hire people and train them. Scholarships might put more inexperienced graduates into the hiring pool, but does nothing to produce more cybersecurity experts. People in Marshall's position need to start realizing that companies and agencies alike invest in developing employees when it comes to jobs as specific as cybersecurity. Just throwing more certification graduates into the world isn't likely to improve anything.

All it takes...

[garyisabusyguy]

...is state subsidized computer "crime" education.

Israel has had state sponsored training for decades and looky looky they have plenty of forensic experts...

In the US we threaten anybody that touches these tools with prison and let the mpaa sue Professors that attempt to study anything remotely like security.

Yeah, it's about the money

[HockeyPuck]

Starting salary at IBM is about $50k.
Additional Compensation:
---Employee Stock Purchase Plan.
---401k
---Options (maybe)
    Pre-requisites: Atleast 4 years of college, optional advanced degrees. Experience with security and engineering solutions.

Starting Salary of Lebron James: ~$4m per year.
Additional Compensation:
---$90m Nike Contract
      Pre-requisites: Ability to dribble and score with a basketball better than any other kid in high school.

Which would you choose?

Re:Yeah, it's about the money

[Skyshadow]

Lebron James is one of the best basketball players ever to live, not just some run-of-the-mill pickup player.

Let's make a slightly more appropriate comparison: Samuel Palmisano, CEO of IBM, made $1.8 million last year, plus a bonus of $4.75 million and $13.5 million in stock options. So really, the top performers in tech don't really do so poorly either, especially considering that their career is probably a bit longer than Lebron's.

Re:Yeah, it's about the money

[chill]

Compare apples to apples. Here is an oldie, but a goodie:

Michael Jordan having 'retired,' with $40 million in
endorsements, makes $178,100 a day, working or not.

If he sleeps 7 hours a night, he makes $52,000 every
night while visions of sugarplums dance in his head.

If he goes to see a movie, it'll cost him $7.00, but
he'll make $18,550 while he's there.

If he decides to have a 5-minute egg, he'll make
$618 while boiling it.

He makes $7,415/hour more than minimum wage.

If he wanted to save up for a new Acura NSX
($90,000) it would take him a whole 12 hours.

If someone were to hand him his salary and
endorsement money, they would have to do it
at the rate of $2.00 every second.

He'll probably pay around $200 for a nice round
of golf, but will be reimbursed $33,390 for
that round.

He'll make about $19.60 while watching the 100- meter dash in the
Olympics, and about $15,600 during the Boston Marathon .

This year, he'll make more than twice as much
as all U.S. past Presidents for all of their
terms combined.

Amazing isn't it?

However...
If Jordan saves 100% of his income for the next
500 years, he'll still have less than Bill Gates has
at this very moment.

Game over. Nerd wins .....

* * *

Now compare your average mid-level technical employee vs the jock who majored in sports and see what is what.

Universities aren't taking it seriously either

[Admodieus]

At my current university, there are two undergraduate networking courses and one undergraduate security course. There's one network course in the graduate curriculum, but that's meant as a recap of the two undergrad ones if you didn't get your undergrad here. I would love to load up on network and security classes, but there's simply none being offered.

It's hard to learn

when the government and industry decide to move away from making systems and software increasingly more secure and instead focus on draconian laws with punitive sentences that start at a decade for benign acts regardless of intent or whether you informed the target of their weakness and how to correct it.

Security through sentencing.

I'm pretty sure...

[Blue6]

Most of these stories are puff pieces done for or due to the FUD big consulting companies like CSC, Lockheed, Northup put out to the Bureaucrats in order to keep billing rates high. I have over 10 years of networking experience and a MS in Info Sec from a DHS sponsored school. I have applied multiple times to various positions and have never received a response back.