Slashdot Mirror
Cyberwarrior Shortage Threatens US Security
An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.
The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about
If telephones are outlawed, then only outlaws will have telephones.
The US treats anyone with the least bit of curiosity or know-how with suspicion.
Maybe it's because we call anyone with even the smallest amount of computer knowledge a witch^H hacker, and burn them at the stake^H^H^H^H^H^H put them in jail (or detention, for the juveniles) while banning them from using computers?
It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with computer systems, you won't get a generation of hackers.
"We don't have sufficiently bright people moving into this field"
Yet we have sufficiently bright people who can create a system that rapes the stock market.
It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."
Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.
Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
I wonder whether this gentleman has thought about the idea that his "national security objectives" cannot be achieved by computer science at all. In other words, those objectives are misplaced...simply put.
Could I be right?
I'm not allowed to tag stories, but the moron who managed to misspell "cyberwarfare" as "cyberwarefare" is free and clear, huh? Nice job, Slashdot.
I can't seem to tag stories either and I have no idea why. I can add a tag and it appears to work, but I have never once refreshed the Slashdot main page and seen any tag I have applied. That is, they seem to just go straight to /dev/null. Tags I try to apply do seem to show up on my user page, however.
It is a miracle that curiosity survives formal education. - Einstein
all y'all have to do is setup a few sub sub basements with a few racks and fridges and then move anybody that can
hack the doors into the group (of course filter for the obvious "problems").
a few hints
1 most good hackers will have some sort of criminal record
2 hackers may or may not like a normal uniform and the hair thing may be an issue
3 when you have a group setup DO NOT VISIT DO NOT ASK "HOW" (plausible deneyability is a good thing)
4 psych evals may be another issue
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Yes. I know what they should do. Bring back photon and use it as a recruitment tool http://en.wikipedia.org/wiki/Photon_(TV_series)
Who in their right mind would join up with a organization which wants to call you a Cyber Warrior?
I mean, i get it from the perspective of appropriating money that should be used for better causes and justifying your 6 figure salary and all. But this whole thing is laughable.
Right Here
A big part of the problem is that those jobs are very unappealing. First the applicants have to get a security clearance, which weeds out all non-citizens and a good deal of other applicants, then they are forced to work in secure facilities that feel like caves or underground bunkers, and on top of that they aren't allowed to discuss what they do in anything but the most general terms. Taking a job doing cyber ops for the government is volunteering to put a giant gap in your resume that you can't discuss.
The federal government has a habit of imposing soul-crushing bureaucracies on its workers.
Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.
I'd believe in stuff like
1. Shortages of people who patch their systems
2. Shortages of companies who are willing to pay security specialists a decent wage
3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
4. Shortages of armed services who'd take overweight computer professionals over 30
5. The tooth fairy
6. Unicorns
But a shortage of cyberwarriors? That seems a bit far fetched.
...is legal and cultural. The US penalizes innovation and experimentation more than anyone. The US government is responsible for the DMCA and massive efforts to punish people for hacking their own hardware and software, ludicrous prison terms, and so forth. On top of that you have a move away from generic, "hackable" computers to walled garden, Apple style technologies. That kind of culture doesn't really nurture a generation of future hackers. We don't encourage youth people to explore technology, we want them to play by the rules and keep their noses clean. With hacking hardware and software so stubbornly discouraged, it's no wonder that not very many people have the desired skill set.
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
As an educator, specifically a computer science educator in higher education, I have to say that this is a shortage that the US has created. Let's see, if we outsource all IT jobs, and then allow various industry groups to sue the snot out of people based on their IP address; let's tell all potential students that jobs in this area can be done overseas, and that there is no reason to go into this area; let's pay low, low wages, and accept low-quality work from people who rose through the ranks due to politics rather than ability; let's reward people for paper certificates that they obtained through cram sessions and cheat sheets; let's do everything within our power to make this an unattractive field of study. And now, when bright, curious, intelligent people are needed in this field, let's wonder why they're not there.
Cynicism - the last refuge of those people who want to simply say, "Well, duh!"
In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries.
Based on my own experience, I would argue that there is a severe shortage of computer security specialists and engineers with the skills and knowledge and desire to do battle against would-be adversaries. Whether it's a personal financial concern or a personal ethical concern, there are lots of great reasons for skilled and knowledgeable experts to seek employment elsewhere.
Slashdot? Oh, I just read it for the articles.
Where are the recruiting posters, TV spots, and in-game adverts? I know the Marines and Army are looking. Where the heck does one sign up for cyber-warrior boot camp? What's the web site, email address or 1-800 number? Even the article leaves out that information. What a missed opportunity.
Hint: hire a marketing team first.
the growth in cynicism and rebellion has not been without cause
More than 850,000 people in the US hold Top Secret clearance. There are a lot of "sufficiently bright" technologists at NSA, CIA, DOD, etc and their contractors. Perhaps the issue is more one of priority than spending?
Obi-Wan: "I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were sudden
Go look for the idiot that started the Hacker's Crackdown in th 90's. The result of this attitude was to either push some kids to the edge where the russian mob recruited them in on form or another, or plain make them corpodrones, albeit very good at typing crap into a cisco console, but perfectly worthless in the underlining of the net.
Bravo, idiots, might I remind you that here in the net, we forsaw and told you about this. And now you come complainin....
NO SIG
For me, in both FF and IE, the tag interface is simply static, I can't even try to add a tag. If I log out and clear my cookies (on either browser) the interface starts working again, and I can even post a tag if I carefully use the interface to add a tag and *then* log in as it prompts me to do so... and it will become a tag that appears on the main page.
I have to think this is some sort of poorly implemented tag-ban, as I used to be able to (and did) tag stories up until a few months ago.
I work for a local government agency and have over 20 years experience in IT, with almost 10 in security. Due to a "small world" situation, my name came across the desk of someone at the FBI. I was informally asked what level of interest I would have working for them. I asked the guy several questions and came away with the following: Take a substantial pay cut, move my family over 400 miles away from most of our relatives, forfeit the retirement at my current employer, go through the FBI academy (no desire to go through another boot camp at my age). About the only upshot to the whole thing would be some good training. I'm sure there are jobs with other federal agencies, but I imagine that except for the academy, all of the other negatives apply. The thing that got me about this is that my skills are nowhere in the ballpark of what I imagine should be the skillset for this type of job. Maybe they're targeting people that they feel can be groomed into the position, but it seems to me that if they're going to take the issue seriously, they would be going for some top dogs and offering some real incentives to those people.
necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors
Who is the enemy? If you think its a nebulous "them", then you're wrong, its us.
"security" where I work is primarily focused on giving as many employees parking tickets as possible, monitoring our every move (although car breakins are of course not monitored), protecting the company from downsized employees, and generally being bullies.
I can assure you that "leet cyberwarriors" are not going to be used against enemy nation of the week, but against Americans. Against people with the mistaken idea they live in a free country. Against anyone standing in the way of the big corporations that pay for our elections. Against anyone whom does not understand they exist to serve the govt, not the other way around.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
There are plenty of people who know how is just that the knowledge leads to suspicion by law enforcement and practice of said skills are illegal.
It's the same thing if this guy said, "There aren't enough people who know how to murder and our spy agencies are having a hard time finding assassins! "
RIP America
July 4, 1776 - September 11, 2001
In fact getting into the military is very difficult right now precisely because there is no shortage of people trying to enlist. So to tell people to enlist or talk to a recruiter is not that simple. Also most hackers probably wear glasses or have other issues which will completely rule them out from the military service. So unless the military somehow makes exceptions, the vast majority of hackers just aren't going to get accepted into the army nevermind the airforce.
USA jobs? That's useless as well. Unless they are lucky enough to come from a military family and be born with top secret clearance, they aren't going to have top secret clearance and without that they wont be hired for the vast majority of jobs at USAjobs. On top of that, veterans have preference at USAjobs so even if the job does not require clearance if someone is a veteran they'll be chosen for the job instead. On top of all of this there is no shortage of people trying to get jjobs on USA jobs. So there is a very slim possibility of getting a job from USA jobs and probably not worth the time of applying unless you want to take a gamble.
This story is the biggest bunch of BS.
I listened to this story on NPR. Instead of actually relying on hard data, the reporter simply found someone who estimated there are only 1,000 qualified "cyber" professionals in the US. The source presented no hard data, just a gut feel that there aren't enough people. This figure is about as well-sourced as the claim (often repeated) that the underground malware economy is bigger than the market for illegal drugs.
Meanwhile, instead of calling outside the beltway, NPR also called up Alan Paller, the head of the SANS Institute, who parroted the same line. How Paller can say that there are less than 1,000 qualified security professionals with a straight face is beyond me. SANS claims to have trained over 150,000 people. Does that mean that 99% of their "graduates" are therefore unqualified?
The worst part about this is that NPR did not even bother to disclose Paller's blatant conflict of interest. Contrary to popular belief, SANS is NOT a non-profit. It's in business to make a buck. I can't think of a better way to plump up the attendance rolls than to manufacture scare stories about "shortages" of professionals.
I've got no real issues with Paller other than the fact that he's just another garden-variety huckster. I've got a bigger problem with NPR, who was just plain sloppy.
That's pretty funny, you used the words, 'work' and 'government job' in the same sentence.
Years ago, a friend of mine got a civie job at a heavily secured military base. The pay was good, (better than mine) and he had full benefits. He had to pass a background check, drug check and a lie detector just to get the required security clearance. He bragged to me, "Man this is some intense (stuff) I'm getting into" and I'll admit I was a bit envious.
Once he got there he found out what the job entailed:
At 0800 he went to the motor pool and requisitioned a hand cart, which he pushed to the supply depot. There, he signed for 3 boxes of white, 5000 page, continuous form, tractor-feed printer paper, which he carted to secured building 'A'.
At the door, his clearance was checked, the boxes inspected to ensure they actually contained paper, and then he was escorted to a heaviliy secured, windowless room by two Marines; one wearing a sidearm, the other brandishing an M-16. (I should mention that none of the marines had any rank insignia.)
The guards at the door let them in and he proceeded to replace the paper in the three printers in the room. After each change, he was required to press the button to print a single test page (ABCDEF...12345... etc.) and pass it to the sidearm-wearing Marine.
The Marine would inspect the page, apparently checking that the margins hadn't been messed with and then the page was shredded on the spot.
He did this for each printer and when finished, he was escorted back to the entrance, where he was signed out of the building.
At this point, he was supposed to take the three (unused, mind you) boxes of paper he had just replaced to the secure document destruction building, dump them down a chute, and go pick up three new boxes of paper to be taken to building 'B', where the same proccess was followed. And then do the same for buildings 'C' and 'D'.
That was his entire morning shift and his afternoon shift was exactly the same. Changing printer paper, five days a week.
He soon figured out that none of these printers ever printed anything except the test pages. He marked the edge of the top page with his thumbnail when he installed the paper and the next time he went in to replace it, there was the mark, right where he had left it.
No one at the supply depot was cleared to know what he was doing so they had no idea how many boxes of paper he was supposed to be getting each day, only that if he asked for paper, they were to give it to him.
So he started taking the 'used' boxes of paper from building 'A' and installing them in building 'B', 'B' to 'C', 'C' to 'D' and then he'd stop over at the commisary for coffee and a snack and watch TV. As well as chat with other civie contractors, flirt with the gals behind the counter, shoot some pool or play video games (all free) and then have lunch.
At 1300, (he wasn't allowed to start earlier) he'd take his cart of 'used' paper from building 'D' to building 'A' to start the whole process over again.
After he finished with the second paper change at 'D' he'd take the three practically unused boxes to the shredder building, return the cart to the motor pool and go home, at least 2 hours early every day!
He did this for nearly eight years and ended up buying a Corvette with all the money he made. But his IT skills were nearly useless by the time he left there and he had to go back to school to get back up to speed before he could get another job.
Your military tax dollars at work.
Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047
You know, as a U.S. citizen with a data systems security background, university degrees, CISSP, etc., I would happily apply for work with the U.S. government.
However, every position I've discovered requires an existing security clearance, something you cannot just go out and get, at any price.
There is a shortage. I do security code reviews and we have a challenging time finding good people. The prepress report talks about a lot more than dusty old government jobs.
Take off every 'sig' !!
I have been in IT for 30 years. I started in the USAF, and went on to work for defense contractors. Have held several clearances, including top secret. Have degrees in math and comp sci. I am presently long term unemployed.
It seems to me that these "desperate shortage" articles come out routinely. No matter how many major IT layoffs, or how many CS grads can not find a job, or how depressed wages are for IT pros.
Why are these articles never specific? Exactly what skills do they need that they find so hard to fill? Exactly what credentials are they looking for: BSCS, PhD, CISSP, CCIE, or what?
Why do these articles seem to reek of corporate/government propaganda?
Good IT guys don't want to go through the nonsense associated with these positions. They can get jobs with private industry that don't have the headaches. I live in the Washington area and there are plenty of IT jobs here. You just have to have a TS/SCI or plan to get one. I'm much happier not having the FBI asking my neighbors questions and crap like that.
They typical run these propaganda campaigns about every six months.
http://www.fiercegovernmentit.com/story/u-s-faces-shortage-cybersecurity-workers/2009-12-23
Screaming and crying about desperate shortages is just a routine part of business. It keeps the poor saps studying for a career they will probably never get. It keeps the markets nice and glutted.
IMO: what really gives this away as propaganda, is the lack of specificity. They will never tell you exactly what credentials are supposedly in such short supply.
Everyone is focusing on government crackdown on hackers...but no one is focusing on standard reasons -- like how does government pay compare to what the person might earn in the private sector?
Ok, now ask -- how much has the government done to cultivate love for country in the past quarter century?
How about patriotism? No...paying people to snitch on their neighbors is not considered something that builds loyalty to country.
Ok...now put the pay item into perspective....
What are the pay and job prospects for software types, in general in the US -- compared to say, 15 years ago?
Add all that up...ignore the curiosity=jail trip...
standard job market indicators would tend to say this type of job isn't going to be a big attractor these days...
Now add the curiosity=jail nonsense and get tough on US-citizens/war on US citizens rhetoric that is so popular with the conservatives that have been in power for most of the past 30 years (the Reagan generation, 1980 and beyond).
The dominant paradigm is to keep voters and consumers stupid. Education is *bad* -- since percentage wise, the more educated people are, the more likely they are to have liberal or progressive views. Not a bright prospect for American future -- at least not for the majority -- for those who run the big Corps, the landscape looks brighter and brighter...
I doubt I'll live long enough to see the worst of it, or a turnaround...