Qualified cyber pros in high demand but scarce supply

Government needs security professionals with certification, clearance but is having trouble finding them

Knowledge is king in the IT world, and there is no better demonstration of that trait on a resume than a professional certification. But qualification documentation is moving away from traditional areas such as network administration to accommodate new skills such as cybersecurity.

In fact, cybersecurity and other qualified IT security skills are in high demand in the federal government. A recent study by Clearancejobs.com and Dice.com found that professionals with the right IT skills and an active government security clearance earned 12 percent more than non-cleared personnel. In the Washington, D.C., area, the pay bump is 20 percent.

Related stories:

How to get hired fast: Be a cyber pro

Cyber educators to Congress: Let us handle it

But finding the right people can be difficult. The report noted that most of the qualified cybersecurity experts are in the private sector. 

However, recent events have made cybersecurity a hot-button issue in the government, said Evan Lesser, Clearance Jobs' managing director. He said it is one subject that is not on the list for government budget cuts, especially after last year’s major IT security incidents, such as the Google hacking incident. “So much happened in 2010 that it opened up the government’s eyes,” he said.

All the extra government attention has led to spike in hiring qualified personnel with clearances and certifications. “Security certifications are truly a requirement at this point,” Lesser said. Besides clearances, skill certifications are also making inroads in federal IT circles, although their utility outside of the private sector has been the subject of some debate. He said non-Defense Department federal agencies may begin requiring a range of IT certifications, especially for cybersecurity.

But the current demand for qualified personnel is outstripping the supply. Although government job postings are up, Lesser said that these cybersecurity positions often require a high-level security clearance coupled with polygraph testing to meet DOD and intelligence community directives. These hurdles greatly diminish the pool of available candidates.

“You’re not looking at thousands of people nationwide; you’re looking at hundreds who meet such strict criteria,” he said.

To help increase the cyber workforce, industry, academia and government have launched career tracks to attract young people. Lesser noted that most of the universities in the Washington, D.C., area offer cybersecurity programs to meet regional demand. University courses and degrees are also a good choice for IT professionals interested in shifting careers to cybersecurity.

Cybersecurity and cyber warfare are relatively new professions with exacting entrance requirements. However, they also represent one of the few areas in government IT that is both growing and unlikely to see funding cuts anytime soon. For the right candidates, the profession has open horizons, Lesser said.

 “How many times in IT do you see a field open up with new possibilities and practically unlimited budget money?” he said.

inside gcn

  • power grid (elxeneize/Shutterstock.com)

    Electric grid protection through low-cost sensors, machine learning

Reader Comments

Mon, Apr 25, 2011 John Denver

If professional certification is better than a degree it would explain the need for better security. This sentiment aside, the real question is what credential is worth a hoot as a marketing tool? I believe there are only a few thousand qualified people in the country, including those who are trained either by the NSA or USSS (according to Congressional testimony given by USSS in 2009). Given that the value of either one is not published anywhere on the web except by the companies that sell them, an experienced engineer like me has no way to find out what the right steps are. (Mark me down as agreeing with some of the other posted sentiments). Since we can't just break in and say "Hi" any more certification is the way to go -- but what works? Certs are ridiculously expensive unless paid for by someone else.

Wed, Apr 20, 2011 Martha Alexandria, VA

This is all smoke and screen. Three people I know have graduate degrees, security clearances, and high experience in Cybersecurity and retired military with military schooling.We applied at least four times with DHS, got interviews and no response even though they said they would. Even when I heard the administrator mention she was looking for us and please send resumes. We did. Guess what. Still no response. The government process is just not good and they don't really care. Now we are gainfully employed with many job offers to work for private industry. Government's loss. Sad but true. Don't buy into this article.

Thu, Apr 14, 2011

Who here has applied for government infosec positions? I wasted a significant amount of time in 2007 completing applications including those godawful KSAs. I had been encouraged by the steady drumbeat of articles stating the government couldn't find infosec people. I even contacted the DHS National Cyber Security Division as they posted an email address for applicants for direct hire (avoiding the usual application nightmare). I was already in DC and has the resume, credentials, and experience. What happened? Nothing happened. I never received a single communication from the government. In the meantime, the private sector gives me annual pay raises, a thing now impossible for federal workers, and there's plenty of work supporting the government as a contractor. My conclusion: The government is not remotely serious about hiring cyber security personnel.

Thu, Apr 14, 2011 Dallas

What is absolutely absurd is that the Air Force is downsizing its cyber officer pool at the same time as they are finding out that they need thousands more. The Air Force also does not require its officers to have any of the credentials or cyber security education needed to protect critical IT infrastructure or the infrastructure impacted by critical IT systems. I have several industry certifications but the Air Force only requires and recognizes them for their enlisted troops; however, I get calls all the time to work as a consultant to protect DOD and earn almost double the pay.

Thu, Apr 14, 2011

As a cleared government contractor who set up profiles in USAJOBS while on a previous contract which was ending, I have found that the salaries offered for individuals with my experience, certifications and clearance level do not come close to what I can earn serving the government as a contractor. To earn a comparable salary I would have to be a very high step GS-15 or an SES position (which requires training only offered to civil servants). Traditionally, civil service offered job security, good benefits packages and better than average retirement packages. In the current political climate the job security is gone. The benefits packages for new civil servants have been altered and may be further curtailed and the retirement packages may also fall under the axe. I have also seen civil servants working longer hours and even weekends for no greater pay while my hours are limited to a reasonable amount without having a contracting officer go through hoops to approve additional hours. (It should be noted that many contractors also put in additional hours through comp. time or other arrangements with the company they work for). The practical issues make working as a civil servant in cybersecurity unattractive to qualified candidates.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group