U.S. Initiative Puts Focus on IT Security Skills

Will the U.S. government’s renewed interest in a new generation of national cybersecurity initiatives lead to more security-related jobs?

by Don Willmott

As more of the Federal government’s operations become increasingly dependent on the Internet, the need to protect the nation’s digital infrastructure from what President Obama called "a weapon of mass disruption" has never been more urgent.

In fact, the Department of Defense logged 360 million hacking attempts in 2008, up from just six million two years earlier, and has spent $100 million in the past six months alone to repair cyber attack damage, according to The Wall Street Journal. It was the Journal that broke the news cyber spies had breached the nation’s electricity grid and the Pentagon’s $300 billion Joint Strike Fighters weapon program this spring.

The White House Assessment

On May 29, the White House released a 60-day, 76-page Cyberspace Policy Review subtitled Assuring a Trusted and Resilient Information and Communications Infrastructure. The report, which makes for fascinating reading (download a PDF of the report here), shines a spotlight on the issue of national cybersecurity and proposes a number of measures to bolster it. "Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations," it says.

Because "the Federal government is not organized to address this growing problem effectively now or in the future," the report suggests centralization of security efforts and partnerships with the private sector and academia be developed to coordinate its ultimate security objectives. In addition, the report recommends investment " in processes, technologies, and infrastructure that will help prevent cyber incidents."

So the questions arise: Where will it invest? Will new jobs be created? Who will get them?

"Public-private partnerships are critical to the success of a comprehensive cybersecurity public service campaign," said Shannon Kellogg, director of information security policy at EMC and a member of the National Cyber Security Alliance board of directors. "A true collaboration among government agencies, nonprofits, and private companies will enable us to empower our citizens to protect themselves and, in turn, make our country’s overall cyber defenses stronger."

Security Job Security?

In other words, security experts are sitting pretty. "The demand for specific skills involved in information security is greater than ever and, at least for the foreseeable future, looks like a very good career investment," says Andrew Storms, director of Security Operations at nCircle, a San Francisco-based provider of automated security and compliance solutions. "The strongest demand for information security professionals is from sectors bound by the greatest number of regulations. Government agencies and contractors are always looking for professionals with strong IT security skills."

While IT operations and security operations were once two separate groups, Storms notes they are now highly symbiotic, and often merged on the corporate org chart. "This means that nearly every IT job now requires some level of security knowledge," he says. "The hottest trends at the moment are Web application security and compliance automation. Job seekers would be well advised to brush up on these skills and highlight that experience on their resumes."

More Money, More Jobs

Given that the Federal government plans to spend at least $75.8 billion on IT in 2010, a 7.2 percent increase over expected 2009 spending, there is clearly money to be made in both the public and private sector IT security arenas.

One place to take your security-rich resume is large defense contractors, such as Lockheed Martin, the biggest supplier of IT to the federal government. It currently employs 146,000 people and is hiring 16,000 people annually, including 4,000 to 5,000 new college graduates, according to U.S. News & World Report. Northrop Grumman, Raytheon, and General Dynamics also have huge security contracts with government agencies.

While the White House report doesn’t lay out a detailed prescription for addressing the nation’s overall cybersecurity, it does hint at where efforts will be focused. Read between the lines, and you’ll uncover some potentially interesting security career tracks. Some examples:

  • "The general public needs to be well informed to use the technology safely." (Education)
  • "The United States needs a technologically advanced workforce to remain competitive in the 21st-century economy." (Education)
  • "In schools, math and science must be a priority. The United States should initiate a K-12 cybersecurity education program for digital safety, ethics, and security; expand university curricula; and set the conditions to create a competent workforce for the digital age." (Education)
  • "Promote cybersecurity risk awareness for all citizens." (Evangelism)
  • "Investment in systems that automate or centralize network management." (Network Management)
  • "The government needs a reliable, consistent mechanism for bringing all appropriate information together to form a common operating picture." (Networking Infrastructure)