This page contains a Flash digital edition of a book.
Page 10


www.us- tech.com


TechWaTch Protecting Tomorrow: The Cybersecurity Shortage By Jeff Schmidt, JAS Global Advisors


curity graduates is threatening our ability to prevent and respond to fu- ture security challenges. Nearly everyone agrees that cy-


C


bersecurity is an issue of national and economic importance in the U.S. In many ways, the cyber sphere is the battleground of the 21st century, a global arena in which nations, corpo- rations and criminals compete for profits and information. In an effort to stem the tide of se-


curity threats and to mitigate the risk of a “cyber 9/11”, in 2009 President Obama made cybersecurity a national priority and announced his intention to establish a cybersecurity czar, a po- sition later filled by Howard Schmidt. The national focus on cybersecu-


rity highlighted a disturbing fact that was already common knowledge with- in the security community — the na- tion’s university systems are failing to produce enough quality graduates ca- pable of meeting both current and fu- ture challenges in cybersecurity.


High Stakes The education and recruitment


of the next generation’s cybersecurity workforce will have a direct impact on the future of the nation’s technolo- gy infrastructure.


The Stuxnet worm and similar at- tacks have revealed glaring security


ybersecurity is a national and economic priority. But a short- age of qualified information se-


holes in critical national infrastruc- ture. For the foreseeable future, utili- ties, financial institutions, communi- cation systems and other foundation- al components will continue to be high value targets for saboteurs and terrorists.


A storm of intrusions. National de- fense agencies have experienced a storm of intrusions and cyber attacks launched by foreign governments. The military and defense industry as- sumes that future wars and conflicts will take place both on battlefields and in cyberspace.


$1 trillion/year losses. According to some estimates, cyber attacks inflict losses in excess of $1 trillion per year on the U.S. economy. As the nation struggles to achieve sustained eco- nomic growth, loss prevention will play a larger role in corporate deci- sion-making and the U.S. economy. Although cybersecurity may not


be a top-of-mind concern for the aver- age citizen, no one is safe from the ef- fects of successful security intrusions, particularly when attacks are directed toward national infrastructure or se- curity interests. As a result, everyone — govern-


ment agencies, corporations, utility companies and even private individu- als — has a stake in the development of America’s cybersecurity workforce.


The cybersecurity workforce cur- rently suffers from both qualitative


Now Available in Digital Format! U.S. TECH


Every Issue Delivered Directly to Your Inbox. FREE!


Great Features:


Bookmarks, highlights, notes, forward to a friend, and more.


Coming soon: U.S. TECH on your iPAD and iPhone!


and quantitative shortcomings. The limited number of qualified security specialists has created heavy demand in both the public and private sectors. The shortage of qualified talent


extends beyond individuals capable of supporting, implementing and operat- ing extant security measures. Labor shortages also dominate the fields of systems design and development. Put simply, we can’t staff today’s security measures, let alone populate the ranks of workers responsible for pre- venting and detecting future threats. Recognizing the centrality of the


educational system in restocking the cyber workforce, the government and other stakeholders have launched sev- eral initiatives to stabilize the flow of qualified specialists into the public and private sectors. In 2000, the National Science


Foundation launched the Scholar- ship for Service program, an initia- tive to help fund undergraduate and post-graduate education for individu- als willing to serve in the govern- ment’s cybersecurity workforce after graduation. A similar effort was launched by


the Department of Defense through its Information Assurance Scholarship Program (IASP). This initiative is de- signed to create a feeder pipeline for individuals who are capable of sup- porting DoD’s IT management and in- frastructure protection functions. Although these and other pro-


grams offer grants to educational in- stitutions that are interested in ex- panding their cybersecurity programs, government grants and scholarships aren’t enough. With so much on the line, the task of training and educat- ing a qualified cybersecurity work- force will require a comprehensive strategy that features collaborative re- lationships between educational insti- tutions and private and public sector stakeholders. Clearly, it’s going to require no


small effort to repopulate the lean ranks of today’s cybersecurity work- force. In addition to educational incen- tives sponsored by public and private sector stakeholders, the cybersecurity and post-secondary educational com- munities must coordinate their efforts in several key areas.


A Plan of Action


Subscribe today: www.US-Tech.com The Nation’s Hi-Tech Electronics Publication


1. STEM Pipelines. The dearth of cybersecurity graduates is funda- mentally a breakdown in the intellec- tual supply chain. Since the founda- tions for cybersecurity education are laid long before students enter under- graduate and graduate programs, greater attention must be paid to the fact that the educational system fails to sufficiently prepare students for STEM (Science, Technology, Engi- neering & Math) disciplines. In- creased emphasis on STEM disci- plines in primary and secondary in- stitutions will widen the pipeline, cre- ating feeders for cybersecurity pro- grams at the post-secondary level. 2. Collaborative Partnerships be- tween universities, federal agencies


and private sector stakeholders will create powerful synergies in the area of cybersecurity education. For exam- ple, the University System of Mary- land works closely with the corporate community and public sector agencies to produce high volumes of cybersecu- rity graduates. More importantly, these collaborative relationships en- able Maryland to equip students with the skills and understandings that are most critical for today’s cybersecurity environment. 3. Professional Certifications. Se- rious professional certifications in the cybersecurity field are sorely lacking. Where certifications exist, they are of- ten weighted toward compliance capa- bilities rather than the kinds of skills and experiences that are necessary to address future security concerns. By establishing more rigid professional certifications and standards, the cy- bersecurity industry will encourage the creation of academically rigorous educational programs that include practical learning opportunities and real world training components. 4. International Awareness. From a qualitative standpoint, educational initiatives must promote an aware- ness that cybersecurity is a global concern. Curricula and programs that limit their focus to domestic threats lack relevancy and run the risk of producing graduates who are ill-equipped for the realities of the in- ternational security scene. From a quantitative perspective, some of the best cybersecurity candidates are now found outside of the U.S., forcing universities and employers to expand their efforts to attract foreign stu- dents and workforce assets. 5. Nontraditional Hiring. Many public and private sector employers are skittish about hiring individuals from nontraditional cybersecurity backgrounds. But like it or not, many of the sharpest minds in cybersecurity are former hackers or self-trained in- dividuals who lack formal educational credentials. In some sectors, the idea of offering these individuals piecework contracts (a payment per threat dis- covered) is being considered. The pos- sibility of utilizing nontraditional cy- bersecurity workers merits further ex- amination, particularly in the short- term as universities ramp up their ef- forts to train next-generation workers. We cannot simply assume that


the shortfall of qualified cybersecurity graduates will end overnight. This shortage has been many years in the making and it will take some time to reverse current trends. However, collaborative efforts


among university officials, faculty, government stakeholders and private corporations holds promise, and in time, have the potential to produce the next generation of global leaders in


the field of cybersecurity. Contact: JAS Global Advisors,


150 North Michigan Avenue, Suite 2800, Chicago, IL 60601 % 877-527- 3331 or 312-646-7673 fax: 312-284- 8890 Web: www.jasadvisors.com E-mail: info@jasadvisors.com r


December, 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84