Demand for a Cybersecurity Workforce
This recent Washington Post article highlights the competition between DHS and NSA in their publically stated goals of hiring 1000 to 3000 new cybersecurity professionals per year over the next few years.
I find it extremely doubtful that this level of expertise even exists. The sum total of “real” cybersecurity expertise (in terms of deep technical knowledge and strategic foresight) is probably only on the order of 1000 people worldwide. Yes, there are many people who are operational security experts (meaning that they stare at screenfuls of log entries and pretty pictures of network traces flying by), but there are very few who actually understand the internal workings of systems, the properties that lead to weaknesses and vulnerabilities, and how to manipulate real systems, hardware, networks, and program execution in order to install malware or subvert system control.
Without a commitment to educating such a workforce, it is impossible to hire such a workforce into existence. And as Gene Spafford notes, the NSA CAE (Centers of Academic Excellence in Information Assurance) program isn’t really effective in this regard (nor, might I add, is the NSF Scholarship for Service program, at least at producing the sheer volume of needed workers).
