June 13, 2012

Cyber Security Expert Warns Of Shortage Of Security Pros In U.S.

Peter Suciu for

On Wednesday a leading cyber expert warned that a shortage of talented computer security experts in the United States could prove a challenge to protect corporate and government networks, notably at a time when such attacks are actually on the rise.

“We don't have enough security professionals and that's a big issue,” said Symantec Corp CEO Enrique Salem at the Reuters Media and Technology Summit in New York. “What I would tell you is it's going to be a bigger issue from a national security perspective than people realize.”

Salem noted that his company was working with the U.S. military, as well as other government agencies and universities to help develop new programs to train security professionals.

And this really shouldn´t come as news say experts.

“I think this is very legitimate concern,” said Fred H. Cate, professor of law at the Indiana University School of Law in Bloomington. “This has been a long standing concern.”

Cate, who is also senior policy advisor to the Center for Information Policy Leadership at Hunton & Williams, and is a member of Microsoft´s Trustworthy Computing Academic Advisory Board, told redOrbit that the U.S. Federal Government is very much aware of this issue as it helps sponsor security programs to encourage training.

“This is like any business need,” said Cate. “This one in particular is challenging because it requires specific skills.”

Schools are stepping up to address the challenges.

Reuters reported that U.S. defense contractor Northrop Grumman Corp just this week launched the first undergraduate honors program in cybersecurity with the University of Maryland to help train more workers.

But it is much more than just training noted Cate.

“There is the added challenge that to work in some government sectors security clearance is also required. So those looking to work in cyber security also need to have a background that is consistent with this clearance.”

This means being an American citizen or resident that can pass the background checks, and while not all security pros — notably those in the private sector — need the clearance, in some growing industries it is being required.

The good news is that those looking to work in this field will likely get paid more to do so.

“That is my impression,” added Cate. “Salaries are escalating, and if you had enough people to do the jobs you wouldn´t pay them as much.”

But it will likely take more than just money to solve this problem.

“I suspect what it is going to take is time,” said Cate. “The perks are there, the pay is there, but the job requires computer skills and who are interested in spending their lives doing this job. It is not simply a question of taking a person who was doing one job and training them to do another. It is going to take time as much as anything else.”

The private sector has also been trying to hold onto its employees as the government has begun to poach security experts from other firms. The government has been sending recruiters to events such as the Defcon and Black Hat hacking conferences that are held in Las Vegas.

As a result many security firms are not hesitant to send their best experts to the conferences, or to government jobs. Additionally, the security field often includes non-poaching clauses in contracts with companies to guard against losing their talent

But is also isn´t just about finding the best “geek” for the job said Cates.

“The other part of this problem is that the job is getting broader. Now it is increasingly requiring someone to have legal training or business experience as well as security experience. It is more than just finding the right geek, it is calling upon a range of skills today. Those are tough shoes to fill.”