Cybersecurity Plan Means New Jobs

Agencies, Contractors Need Advanced Skills Now So, the Obama administration has presented its cybersecurity plan establishing the practice as a major, new national priority.

What does this mean for information security careers?

Security experts that work closely with the government offer insights on the direction the new administration has taken regarding its security policies and how these can impact security careers.

1. More Cybersecurity Jobs in Govt.

The reason cybersecurity is getting so much attention is that our nation's physical and economic survival are at risk if major IT disruptions occur. "The government, like business, cannot function without IT, therefore President Obama has promised to increase spending in cybersecurity, which strongly suggests more employment," says Kathy Roberson, Senior Human Resource Consultant with the Office of Personnel Management. This comment is aimed mostly at all federal departments, but hires are specifically going to be desired within the National Security Agency and DoD, she says. With the release of the new cybersecurity report, Roberson expects cybersecurity hires to increase by at least a 1000 per year within the federal government.

2. Increased Demand by Government Contractors

Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon all have major cyber contracts with the military and intelligence agencies and are anticipating new projects to fall their way with so much emphasis being given to protection of critical infrastructure. These companies have been moving quickly to lock up the relatively small amount of expertise available in this field "Cybersecurity is embedded in everything that we do, therefore all projects need cybersecurity expertise. Many of the programs require some type of intrusion detection, prevention, incident response and handling, or computer forensics experience," says Jeffery Adams, Director of news and information at Lockheed Martin. At General Dynamics, Nadia D. Short, vice president of strategy & business development, says "The three main positions we are looking for currently include an additional need for cyber security analysts who will perform investigations and incident response activities; reverse engineering experts who not only lead investigations but follow audit trails associated with different exploitation and attacks; and computer forensics experts who understand file systems, log histories, patching and chain of custody activities."

3. Critical and Advanced Technical Skills Needed

The new administration has shown a focus on advanced technical skills, says Alan Paller, Executive Director, SANS Institute. For example: The head of United States Strategic Command (Stratcom) recently told Congress about the critical shortage of these skills and the need to correct that shortage. In addition, the CSIS Commission on Cybersecurity for the 44th President, which is helping to drive the new administration's priorities, pointed out the critical need for advanced technical skills, listing specifically: vulnerability analysis, penetration testing, computer network attack, intrusion detection, digital forensics, reverse engineering, protocol analysis and secure network engineering. "I believe the nation is seeing the decline of the age of security compliance and the dawn of the age of hands-on security," says Paller.

4. Greater Emphasis on Data Protection and Privacy:

"Not a day goes by without hackers or criminal activities and fraud hitting the news- a clear reminder to the new administration that they need to take appropriate steps to fill these gaps," says Hord Tipton, CEO, ISC2. Tipton says he has learned through his involvement with the federal government that the new administration will most likely come up with a new set of guidelines for data protection, which will become a strict enforcer of privacy under Obama's eye. This again will open more employment opportunities in the area.

5. FISMA Reform: Senior Security Executives Needed

Congress enacted the Federal Information Security Management Act (FISMA) in 2002, establishing a framework for government agencies to bolster IT and network security. FISMA at the heart of it is just a regulation directed at adequate security measures agencies should be implementing to protect their IT assets.

However, right from the start FISMA has concentrated primarily on compliance and paperwork, with very little focus on security. Several high-profile breaches over the years since FISMA was enacted have brought federal information systems security back into the spotlight, encouraging Congress to reexamine the issue. "FISMA does not necessarily assure security and protection of IT systems, as well as the whole monitoring aspect is missing currently," says Tipton. "What happens when an agency miscalculates risk? Who is accountable"? These are few reasons why FISMA is undergoing changes and new reforms are being outlined.

The FISMA reform - whatever shape it ultimately takes -- will essentially focus on-

  • Enforcing greater accountability within agencies by establishing senior leaders within information security who will be responsible for department wide agency security on the lines of a Chief information security officer (CISO).
  • "More senior level positions will open as the need for accountability and monitoring is clearly something which needs to be addressed" says Tipton.
  • Enhancing security monitoring, detection and response within the federal government agencies and departments.
  • Developing appropriate security awareness and training programs to help departmental and agency employees understand how their role affects security and what they must do to assure IT systems and data are secure.

6. More Focus on User Education and Training:

The U.S. Department of Defense Directive 8570.1, Information Assurance Training, Certification, and Workforce Management, approved in December of 2005, requires every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or occupational specialty, to obtain a commercial certification credential that has been accredited by the American National Standards Institute (ANSI). The objective is to ensure that 100% of all DoD employees and contractors are certified and trained by 2010. For all DoD employees, including both civilian and military, the DoD funds the entire cost of certification. They also take up the cost for remediation in case employees do not pass the certification exam the first time.

The Service for Scholarship program is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. This program provides scholarships in exchange for government service in the information assurance field, that fully fund the typical costs that students pay for books, tuition, and room and board while attending an approved institution of higher learning. The scholarships are funded through grants awarded by the National Science Foundation.

"Under the new cybersecurity policy released by the government, the scope and funding for both the DoD Directive training and certification policy and scholarship for service program is enhanced," says Roberson. A lot of federal agencies and departments are hiring students from these programs to fulfill their need for trained security professionals, she says. "There is again, bigger emphasis by the administration on user education and training by reaching younger generation of students who are typically in their K- 12th year of education".

"The government is now clearly recognizing the value of on going education and training required for critical skills and hands on information security and IT positions and is moving toward certification and education in a more holistic manner," says Tipton.

Government Career Resources

Interested in one of these prospective government opportunities? Here's where you can turn for more details:

  • www.usajobs.gov - This is a United States Office of Personnel Management website. USAJOBS is the Federal Government's official one-stop source for federal jobs and employment information. Currently, there are 47,303 U.S. Government job opportunities worldwide. That site has recently added a link for positions created by the stimulus package. Many of those positions will be filled through accelerated hiring procedures. To access that directly, go to http://jobsearch.usajobs.gov/a9recoveryjobs.asp.

  • Prospective job candidates can access the exclusive job listing at individual federal agencies from http://dcjobsource.com/fed.html. Visiting the individual web sites of different federal agencies also helps as often each agency has its own special job positions and requirements posted on their website.

  • Federal Bureau of Investigation, National Security Agency and Treasury Department, often fill unadvertised openings at job fairs. Some are listed at www.govcentral.com/careers/articles/1871 and at www.fedjobs.com/chat/jobfairs.html.

  • Candidates looking for jobs with government contractors can visit www.fedbizopps.gov and www.recovery.gov to accelerate their job search initiatives.

  • For current students who are seeking internships within the government two good resourceful sites are - www.makingthedifference.org and www.studentjobs.gov.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.