Uncle Sam, industry scout for cybersecurity talent

Citing what some experts are calling a “radical shortage” of skilled cybersecurity professionals, a government-industry coalition today announced the U.S. Cyber Challenge, a collection of long-term programs intended to identify future cybersecurity professionals at the high school level and earlier and to foster their educational and professional development.

Cyber Challenge will work in five areas to help begin filling the human resources pipeline for the cybersecurity professionals who will be needed in coming years by:

  • Identifying students with the right talents and interests.
  • Establishing “cyber camps” to foster those interests.
  • Sponsoring national competitions to increase awareness of the profession and its top practitioners.
  • Offering scholarship programs.
  • Providing internships and jobs.

“This is a work in progress,” said Alan Paller, research director for the SANS Institute, one of the Cyber Challenge partners. “We’re not sure how all of it is going to work yet.”

The first step of the program, the talent search, already is being put into place with a number of high school and college level competitions that have been developed in recent years. These are the:

  • CyberPatriot Defense Competition, a high school level cyber defense competition hosted by the Air Force Association.
  • DC3 Digital Forensics Competition, hosted by the Defense Department’s Cyber Crime Center.
  • NetWars Capture the Flag, a SANS Institute penetration testing competition.

The growing shortage of cybersecurity professionals hinders the ability of public and private sectors to adequately defend their portions of an increasingly vital information infrastructure. To create a pipeline of these professionals, a coalition led by the Center for Strategic and International Studies (CSIS) will bring together existing programs and build additional ones aimed at finding 10,000 young Americans with the necessary aptitude and interest and to create a career path for them. This will be followed up with a series of programs including educational cyber camps and exercises that could help give them access to academic scholarships and employment opportunities.

Coalition members include, in addition to CSIS, the Defense Department Cyber Crime Center, the Air Force Association, the SANS Institute and a number of universities and aerospace companies.

Richard C. Schaeffer Jr., the National Security Agency’s information assurance director, said the Centers of Academic Excellence program established by NSA to work with the academic community, is beginning to bear fruit, but too slowly. Schaeffer’s directorate has hired 257 of 300 computer scientists expected to be hired this year, and about half of the new graduates who have been hired have come from Academic Centers of Excellence. But demand for these professionals is growing sharply. In the Fort Meade, Md., area alone — the home of the NSA — demand is expected to jump to as high as 5,000 IT workers next year as new activities such as the DOD’s Cyber Command are stood up.

“It’s a trickle,” Schaeffer said of the flow of graduates from the Centers of Academic Excellence program. “It is a tiny number. Things are improving, but not at a pace they will have to in order to make progress on this issue.”

By identifying likely students early and providing an education and career path — and by improving the status of computer science activities — the Cyber Challenge hopes to increase the trickle.

The DC3 Digital Forensics Competition began in 2006 when the DOD digital forensics lab solicited teams to recover data from damaged media, side DC3 executive director Steven D. Shirley.

“We had 140 teams” that first year with only a “thimble-sized effort.” This year there are 580 teams and more than 1,000 individuals participating.

The CyberPatriot exercises were conceived last year by the Air Force Association’s board for aerospace education. Eight five-member teams participated in the first exercise in February, and recruiting for CP2 began in April, said S. Sanford Schlitt, vice chair of the board. There have been 270 100-man teams signed up so far for this exercise, and the first round is expected to be conducted this fall. After a semi-final online playoff round, contestants will meet in an in-person championship competition. The exercise is being developed as an online game to leverage interest in gaming.

SANS’ NetWars Capture the flag competition is quickly evolving program that lets contestants download a software and reverse engineer it to find and exploit vulnerabilities. The first round was played over eight days in June with about 80 participants, ranging in age from 14 to the mid-20s. A round 1.5 was held earlier this month, and round 2 will be announced in August.

At the collegiate level, there already are a number of competitions, including the Cyber Defense Exercise for U.S. service academies, and the National Collegiate Cyber Defense Competition, run by the University of Texas at San Antonio.

What these programs lacked separately was resources and visibility, Paller said. Bringing them together under the Cyber Challenge canopy will give them higher profiles and give participants access to a career path.

The next step, cyber camps probably run by universities for high school students, are expected to begin next summer and will be similar to athletic summer camps that give students access to high level coaching and training. Plans are being made now to train instructors and develop training programs.

Sen. Tom Carper (D-Del.) announced today that Delaware has agreed to be a state partner in the Cyber Challenge. University of Delaware and Wilmington University will host contest activities activities, and will host some of the first generation of cyber camps. The state also will work to provide internships with employers in the state provide opportunities for scholarships and access to top employers in private industry and government.

Carper cited the growing number of attacks against the U.S. cyber infrastructure in announcing Delaware’s participation. "Unfortunately, our country doesn't have enough people who really know how to defend our critical networks from these types of attacks,” he said. “I am proud that Delaware has been named as a state to help the United States continue be the most competitive and most secure nation in cyberspace today."

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Fri, Jul 15, 2011 Timbones FL

The DOD and governement service as a whole is a joke. The hiring process is antiquated and ridiculously complicated and the focus is on hiring the right numbers, not on hring the most qualified applicant. Until they reform that, they will get not the most qualified, but the leftovers. They deserve nothing better.

Sun, Nov 29, 2009

Looking at the High School level is a dream approach. The kids just take advantage of people who do not have their system locked down or are unaware of the dangers involved with IRC or IM. Most people look at an alert from thier system as an anoyance and dismiss it and these kids know this. There are plenty of mature adults with outstanding talent that are available and more than ready to meet the challenge of cybersecurity. If the government has security issues they should be looking at the current skill set of intrenched employees and their attention to detail. If a system is locked down properly it is very difficult to just hack. Someone would need physical information to break in. "Loose lips sink ships".

Mon, Oct 5, 2009

As a seasoned IT security professional I find this approach to finding promising high schoolers with an aptitude for system security to be the wrong approach. Students with strong math, verbal skills, and science interest should be offered camps at Universities or government facilities, no strings attached. Forget the time consuming games, kids are busy if you have not noticed. The average high schooler is not going to be an expert at recovering deleted files, reviewing slack space etc. You are culling out a great amount of others who may be interested in this type of work but have not had exposure to this type of gaming or skill set yet.

Wed, Sep 2, 2009

The problem is that Cyber Security is so new that the functions and responsibilities of Networking and Security personnel do not fit into the box that DoD is used to working within. If any of you have worked in DoD, then you know it is hard to change cultural attitude or tradition. It's amazing the money spent to acquire certifications and then see the amount of money DoD wants to pay you to work for them and have the certifications. I do not measure a person by certs-that just means they are book smart or test masters. But the certs with experience goes a long way. Experience is the best teacher, but with the growing threats and ever changing technology certifications are important also; as well as understanding of policies and guidelines which govern DoD networks. I don't think an experienced/certified person should start at entry level, mid-level would be a better fit-- as you can't realistically go into an organization and be at the top (unless you are already in the system), but the pay should at least be commisserate with the market. Just my 2 cents.

Fri, Aug 28, 2009

Why would you want to deal with all the politics? Plenty of security opportunities elsewhere and you get higher compensation and appreciated. I have been working with computers/networks/IT for over 40 years. I do not have any Certificates. Yet somehow, I have been gain fully employed in the area of Security deploying worldwide networks and Security for nearly every large company you can think of including all forms of Governments. My level of experience is exactly that “EXPERIENCE” I have gained a vast amount of knowledge in all domains as being the person to do it all starting as a programmer, systems manager, networking and security was always a key point. I have implemented about every kind of systems, and networking technology out there. As you can probably guess my age is over 50, but I am still out there primary as the security expert. I constantly kept up with technology because I love it and never settled for sitting in a cube doing the same thing repeatedly, I like to get down to the root of it all and even pull the cables if required (in the trenches). I have mentored many individuals that I took under my wing because I looked at their potential not just the certs or age. They all have been successful in their careers and If anything that I have done in this world I most proud of that. I suspect there is a lot of others like me out there and hey if they are not interested in us.. Fine there lost.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group