DHS aims to hire 600 cybersecurity pros -- if it can find them

The Obama administration is hoping to make good on its promise to create new jobs -- in this case, 600 of them in cybersecurity.

Department of Homeland Security (DHS) Secretary Janet Napolitano, acting on the recommendation of the Homeland Security Advisory Council's Task Force on Cyberskills, said at a Washington Post cybersecurity forum that DHS wants to hire at least 600 cyber experts, analysts, IT specialists and people who are familiar with coding.

As a number of cyber experts have noted, however, while this may be a new initiative, it is not a new goal. James Lewis, senior fellow and program director at the Center for Strategic and International Studies, said on a different panel at the same forum that similar hiring efforts have been under way for several years, with limited success.

Federal News Radio's Jason Miller reported that the Government Accountability Office (GAO) "found in November 2011 that nearly every agency experienced difficulty in defining and hiring cyber workers."

There are several reasons for the difficulty, experts say, but none of them have to do with a lack of supply. They say there are talented candidates out there, but DHS has not learned how to attract them. One problem is that DHS still hasn't been able to define the skills needed and job descriptions clearly.

U.S. Army Maj. Gen. John Davis, senior military adviser for cyber to the undersecretary of defense, said recently at the Center for Strategic and International Studies (CSIS) in Washington, "We don't have all the capacity and the right sets of skills that we need to do all that's required. In the department we are still struggling to fully define and empower the cyber workforce."

Beyond that, experts say DHS is likely to continue to have problems recruiting the best and the brightest in cybersecurity until it learns that many do not fit into the standard bureaucratic hiring profile.

[See also: DHS eyes kindergarten for next generation of cybersecurity pros]

In response to a call from Napolitano several weeks ago to begin training the next generation of cyber pros in kindergarten, several experts said there is no need to wait 14 years for those kindergarteners to get out of school. But the talent available now would be unlikely to make it past standard government screening.

As the security consultant Winn Schwartau put it recently at the Hacker Halted conference in Miami, human resources departments "frown on conditions such as attention deficit disorder and autism, or obsessive-compulsive personalities, which are typical of computer geeks willing to focus on an issue through the night."

Government also lacks the so-called "cool factor." Paul Rosenzweig, founder of Red Branch Law & Consulting and a former DHS assistant secretary for policy, said at the time, "It is much more interesting and cool to build new stuff in Silicon Valley than it is to toil doing cybersecurity for DHS."

Bill Pennington, chief strategy officer at WhiteHat Security said that while defending the free world from cyber threats may be pretty cool job description, "sadly I am sure there are a thousand regulations that make the government put out descriptions like Security Analyst Level 1."

Pennington added that standard education requirements might be blocking some of the best talent out there. "What they are teaching at some universities is at least two to three years behind the curve. Why would I go to college and spend $100,000 to $200,000 to learn three-year-old technology?" he asked.

So far, DHS is only getting part of that message. One of the recommendations of the Task Force on Cyberskills is to, "make the hiring process smooth and supportive and make mission critical cybersecurity jobs for the federal civilian workforce enticing in every dimension: in mission and service, skills, growth potential, and 'total value proposition.'"

Mark Weatherford, undersecretary of cybersecurity for DHS, said in September that a lack of a college degree shouldn't be a deal-breaker for a job candidate.

Still, the task force believes in the conventional education approach. Another recommendation calls for "[establishing] a two-year, community-college-based program that identifies and trains large numbers of talented men and women to prepare them for mission-critical jobs in cybersecurity."

Not necessary, says Pennington. "Apprenticeship is a concept that fits this area well," he said. "Once you hire based on attitude the aptitude can come quickly with the proper environment and hands-on training."

He said the WhiteHat hiring process involves giving candidates a week to answer questions about cybersecurity. "It is surprising how many people this process weeds out,"Ã'Â he said.Ã'Â "Those who pass then come in for interviews, mostly around team chemistry. Our retention rate is about 95% over the past four years."

Read more about security career/staffing in CSOonline's Security Career/Staffing section.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritySecurity Leadership | Security CareerDHSsecuritystaffingwashington postSecurity LeadershipGovernment Accountability OfficeCenter for Strategic and International StudiesDepartment of Homeland Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place