Forgot your password?
typodupeerror
Security The Military United States

Cyberwarrior Shortage Threatens US Security 394

Posted by CmdrTaco
from the who-wouldn't-want-that-on-their-card dept.
An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
This discussion has been archived. No new comments can be posted.

Cyberwarrior Shortage Threatens US Security

Comments Filter:
  • H1b? (Score:5, Funny)

    by Anonymous Coward on Tuesday July 20, 2010 @01:12PM (#32966898)

    if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.

    • Re: (Score:3, Insightful)

      by Maarx (1794262)

      if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.

      Trolling: When you do it right, nobody realizes you've done anything at all.

    • by alexborges (313924) on Tuesday July 20, 2010 @01:34PM (#32967296)

      Go look for the idiot that started the Hacker's Crackdown in th 90's. The result of this attitude was to either push some kids to the edge where the russian mob recruited them in on form or another, or plain make them corpodrones, albeit very good at typing crap into a cisco console, but perfectly worthless in the underlining of the net.

      Bravo, idiots, might I remind you that here in the net, we forsaw and told you about this. And now you come complainin....

      • by Ex-MislTech (557759) on Tuesday July 20, 2010 @02:46PM (#32968346)

        This will just be another case of Problem, Reaction, Solution.

        They already know what they want, this is just their horse and pony
        show to justify what they will do to get it.

        Likely some more Visa workers to drive down wage costs.

        I did a search for CISSP jobs and that ilk and there is not
        thousands of them out there waiting to be filled.

        I call Deja moo.

        Deja moo is like Deja Vu, but it refers to having heard this BS somewhere before.

        • by Ex-MislTech (557759) on Tuesday July 20, 2010 @02:48PM (#32968374)

          On monster.com I had the grand total of 11 hits for the whole US.

          Deja moo might be an understatement.

          • by bsDaemon (87307) on Tuesday July 20, 2010 @03:47PM (#32969268)

            Yeah, I'm not sure that NSA's Information Assurance Directorate advertises on Monster. That seems like it would be counter-productive. I think there are more jobs (certainly more than 11), but they're the ones that either you have to go looking for SPECIFICALLY and not just casually come across, or where they come to you.

            I heard the story on NPR yesterday morning as I was driving to work, and it sounded like they were counting in all the government, intelligence and military positions, too -- not just corporate positions. And they're not going to fill the black-bag gigs or core routing positions at tier1 ISPs, or the blue-badge jobs, with H1B visas.

            I think another part of the problem is that a lot of the people who have the skills and knowledge to do this type of work very well are also the same people who don't particularly support the organizations that do it, often times because of wildly inaccurate assumptions fed by crazy Hollywood story lines.

      • by lpq (583377)

        Everyone is focusing on government crackdown on hackers...but no one is focusing on standard reasons -- like how does government pay compare to what the person might earn in the private sector?

        Ok, now ask -- how much has the government done to cultivate love for country in the past quarter century?
        How about patriotism? No...paying people to snitch on their neighbors is not considered something that builds loyalty to country.

        Ok...now put the pay item into perspective....
        What are the pay and job prospects fo

    • Re: (Score:2, Interesting)

      Gee, why don't we just outsource the entire military, including the pentagon? In fact, let's outsource everything so we can just sit and munch Chitos all day? Of course we could treat people with respect, you know, like their rights, and maybe they'll come looking for the job.

    • The Government mouth piece is talking out of his ass.

      There are plenty of people who know how is just that the knowledge leads to suspicion by law enforcement and practice of said skills are illegal.

      It's the same thing if this guy said, "There aren't enough people who know how to murder and our spy agencies are having a hard time finding assassins! "

    • Re: (Score:3, Insightful)

      by INT_QRK (1043164)
      So, is it "We don't have sufficiently bright people," or is it "our people aren't performing with sufficient brilliance"? The difference is nuanced, but significant in both causes and effects. Sufficiently bright people will tend to seek an environment where they are afforded opportunities to excel. Highly bureaucratic organizations where politically ambitious leadership (albeit very, very, bright) chase silver-Power Point bullets inside of banners quoting their sponsors like packs of 8 year olds chasing a
    • by Anonymous Coward

      You know, as a U.S. citizen with a data systems security background, university degrees, CISSP, etc., I would happily apply for work with the U.S. government.

      However, every position I've discovered requires an existing security clearance, something you cannot just go out and get, at any price.

  • by tekrat (242117) on Tuesday July 20, 2010 @01:13PM (#32966908) Homepage Journal

    The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about

    • by Sponge Bath (413667) on Tuesday July 20, 2010 @01:17PM (#32966982)

      The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks.

      ...and refusing the skilled and desperately needed service of anyone who "likes show tunes".

      • by Anonymous Coward on Tuesday July 20, 2010 @01:45PM (#32967504)

        "The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks." ...and refusing the skilled and desperately needed service of anyone who "likes show tunes".

        How is this off-topic? At a certain level of government, homosexuality is enough to get you excluded from the game. That means there are likely some qualified candidates who are excluded based off a fairly arbitrary criteria.

        Most especially amusing is that because they make you hide it, they use the fact that you are hiding it to show that you might be a security risk because someone could blackmail you.

        Seriously, the parent poster makes an insightful point.

        • by Jah-Wren Ryel (80510) on Tuesday July 20, 2010 @08:30PM (#32972896)

          How is this off-topic? At a certain level of government, homosexuality is enough to get you excluded from the game. That means there are likely some qualified candidates who are excluded based off a fairly arbitrary criteria.

          That level is ONLY within the ranks of the military itself. It has nothing to do with civilian contractors. I personally know two trans-gendered people with clearances, deviation from the sexual norm is not a significant problem.

          • Re: (Score:3, Informative)

            by TheRaven64 (641858)
            To clarify: it's not a problem if you're open about it. They don't care what you do in your private life, they do care what you can be blackmailed about. If someone from China can threaten to tell your friends / parents that you're gay and send them photographs of you and your boyfriend if you don't give them secret information, this can be a problem. If your everyone already knows, it isn't.
    • by Monkeedude1212 (1560403) on Tuesday July 20, 2010 @01:26PM (#32967166) Journal

      I'm here in Canada - and I've tested the waters on controversial legal issues with computers - and I've considered going into the definately illegal waters just to see what would happen with the law.

      There was a case a long while back where a high schooler in Montreal or somewhere in the East Coast of the United States (I heard the story second hand from someone so I'm sketchy on the details) where he basically set up a botnet, and then to test it out he had it perform a DOS attack while he was at school, I think he ended up taking down CNN.com or Yahoo for a bit or something.

      Anyways, they hauled him off to juvee or some low security prison for a few years, and when he got out he was hired almost immediately for a security specialist job. (I believe at one of the websites he took down)

      I'd try it myself but I'm too old to go to Juvee...

    • by Culture20 (968837)

      The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about

      Sounds like the perfect premise for the 2015 remake of the Dirty Dozen.

    • by causality (777677) on Tuesday July 20, 2010 @01:27PM (#32967196)

      The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about

      It's part of a greater "war on curiosity" that's a fear-based initiative to stamp out any and all behaviors that even slightly deviate from a prescribed norm. Locking up those "evil hackers" is part of this. Another part of this is the way people are getting threatened by cops, security staff, and other jack-booted thugs for legally taking photos in public places. You also can't get a truly good chemistry set anymore, because somebody might use the glassware to make drugs. Now they complain that they can't find good personnel for something that requires initiative, individual thought and a willingness to think outside the box and see things from multiple angles.

      That serves them right. They've been systematically stamping out any kind of unapproved curiosity and exploration in the name of safety for a long time now. They've also done nothing but encourage the outsourcing trend of sending a great deal of IT talent to places like India, and you really do want US citizens to perform this kind of national security work. Then there's the general untrustworthiness of the US government as an institution, the idiocy and abuses and mismanagement that it perpetuates and the moral implications of joining up with them. That might further alienate domestic talent that would otherwise be interested. As far as I am concerned, they are reaping what they have sown.

      • by EdIII (1114411) on Tuesday July 20, 2010 @01:37PM (#32967340)

        There is another possibility too you know.

        We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in timeWe don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time

        Do *you* support our national security objectives? I know I don't.

        Especially since some people seem to be doing their damnedest to make copyrights a matter of national security. I'm sorry, let me take that back. ACTA negotiations already show that copyrights are a matter of national security.

        • by causality (777677) on Tuesday July 20, 2010 @01:56PM (#32967668)
          There is probably another possibility, but you mention none I did not already cover. I explained it thusly: Then there's the general untrustworthiness of the US government as an institution, the idiocy and abuses and mismanagement that it perpetuates and the moral implications of joining up with them.

          Copyright madness is certainly an example of this, and not the trait of an institution I want to support with my labor. I don't really understand how you wouldn't think this statement excludes copyright hysteria.

          By law I must pay my taxes or very bad things will happen, so I pay my taxes. That part is not a choice. But anywhere I have a legal choice, such as a choice of employers, I refuse to support this particular institution or join up with them in any way that is not mandatory. Maybe they were once a noble, respectable institution but they certainly don't fit that description now. I'd rather not be ashamed of how I get my living. That's why I wouldn't voluntarily work for the US Government.
        • by TheLink (130905) on Tuesday July 20, 2010 @02:01PM (#32967740) Journal
          Y'know, the greatest threat to US security might be the US government.

          1) Who wields the greatest power in the world?
          2) Is the entity in #1 really using it for the benefit of the USA? Or for the benefit of others?

          It's always bogeyman after bogeyman, "The US is under threat" and neverending wars against drugs/terror/whatever.
      • Re: (Score:3, Insightful)

        by arkane1234 (457605)

        The thing that scares me about it is, how do you interview for such a position? It really reminds me of when I was 21-22 years old and the FBI (not CIA since that was for offshore stuff at that time) would cuff you and interrogate BBS owners if they were suspected of anything more than owning a computer... even then you were suspect. I've had BBS sysops I was friends with (locally) that were ransacked by the FBI, and their items held in custody indefinitely... all over fabricated things so they could sear

      • by Target Practice (79470) on Tuesday July 20, 2010 @01:59PM (#32967710)

        Agreed. To top it off, now the government have created a paradox for themselves:
        -threatening students with lawsuits if they break copyright infringement laws
        -seizing computers used for questionable activity, and yet
        -rewarding students in contests where the challenge is an opportunity "...for them to hone their skills on being able to hack into other systems, particularly those of folks we may not be fond of,..."

        In a world where the corporation wins against individual rights, where suspicion can land you on a no-fly list, is it really so hard to understand why they can't fill these positions? We're raising the young to frown on the dark side of the internet. We have the Eloi, they have the Morlocks.

      • Re: (Score:3, Interesting)

        by arth1 (260657)

        This is a pitfall of democracy. The great majority of voters are unimaginative, and will gladly trade ingenuity (which they don't possess) for perceived safety.
        And it becomes even worse in a litigation-based society, where companies and individuals don't dare to take risks, lest they be sued into oblivion.
        So yes, we breed and reward mediocrity.

        That said, the US government also excludes people by discrimination:

        If you're too old, they don't want you (the age limit for joining the bureau is 37, IIRC)
        If you h

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      You need to read Where Have All The Hackers Gone [blogspot.com]. The guy who wrote it got a bronze Olympic medal returned to the US with a Google search. Worth reading.

    • So I guess its not traditional employment because its an offer the hacker cannot refuse.

    • by eln (21727)
      The problem with recruiting via the justice system, meaning recruiting black hats who get caught, is that you're hiring from a pool with demonstrated ethical issues. Sure, their technical skills may be top notch, but hiring someone who has already shown they're willing to circumvent legal and ethical boundaries just to satisfy their own curiosity is asking for trouble.
    • by tool462 (677306)

      Why not both? Do it the old fashioned way. Arrest them, then tell them they have to join the CyberArmy or go to prison.

  • by Anonymous Coward

    The US treats anyone with the least bit of curiosity or know-how with suspicion.

  • Jail time? (Score:5, Insightful)

    by IICV (652597) on Tuesday July 20, 2010 @01:16PM (#32966972)

    Maybe it's because we call anyone with even the smallest amount of computer knowledge a witch^H hacker, and burn them at the stake^H^H^H^H^H^H put them in jail (or detention, for the juveniles) while banning them from using computers?

    It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with computer systems, you won't get a generation of hackers.

    • Re:Jail time? (Score:4, Insightful)

      by 0racle (667029) on Tuesday July 20, 2010 @01:22PM (#32967080)
      Playing around and breaking the law are two different things. Some laws stifle learning and need to be changed, but most do not.
      • by Thud457 (234763)
        These bitches [wikipedia.org] should have their own Time-Life series of books sold on TeeVee.

        Of course, a true geek would realize that such books should only be a springboard to further inquiry...
      • Re: (Score:3, Interesting)

        by IICV (652597)

        I agree completely. However, this [slashdot.org] student was suspended for creating a way around that piece of crap known as CCA, which is not illegal in any way though it may be against university policy. This [slashdot.org] student was arrested and faced 10 years in jail for offering to modify the hardware his friends owned for money (yes the modification was illegal, but that in no way means it was unethical or wrong). This [slashdot.org] student was charged with a couple of felonies for finding and reporting an unsecured file on the school network

    • Re:Jail time? (Score:4, Insightful)

      by Culture20 (968837) on Tuesday July 20, 2010 @01:31PM (#32967244)

      It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with [other people's] computer systems, you won't get a generation of [computer crackers].

      FTFY. It's illegal for a reason.

  • Funny how.. (Score:4, Interesting)

    by SuperCharlie (1068072) on Tuesday July 20, 2010 @01:17PM (#32966992)
    "We don't have sufficiently bright people moving into this field"

    Yet we have sufficiently bright people who can create a system that rapes the stock market.
  • Perception... (Score:5, Insightful)

    by mlts (1038732) * on Tuesday July 20, 2010 @01:17PM (#32966994)

    It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."

    Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.

    Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.

    • Re:Perception... (Score:5, Informative)

      by Animats (122034) on Tuesday July 20, 2010 @01:27PM (#32967192) Homepage

      Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."

      There are now many unemployed lawyers. See the lawyer layoff list. [law.com] There's now "legal process outsourcing [legalproce...urcing.com], and it's not just clerical work any more. You can now send work to cheap lawyers in a Bangalore call center.

      A lawyer I was using was recently laid off by his downsizing law firm. It happens.

    • Well, Tron Legacy is coming out soon, that might make it cool again.

    • Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.

      There is a definitely a perception fix needed, but we need more. If we want to build up cyberwarriors, we need to reduce our exporting of jobs (offshoring), experience (H1B), and knowledge (foreign students). I'm not saying stop, but keep it in check.

      Second, we know how to train a soldier or a spy but we don't know how to train a cyber warrior. If we haven't had the equivalent of the OSS yet, we need it now. Also, what would be the incentive? People still join the military when they run out of emplo

    • by Culture20 (968837)

      "there is no such thing as an unemployed lawyer."

      I know two unemployed lawyers, and no unemployed sysadmins. /anecdote

  • by bogaboga (793279) on Tuesday July 20, 2010 @01:17PM (#32966998)

    'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."

    I wonder whether this gentleman has thought about the idea that his "national security objectives" cannot be achieved by computer science at all. In other words, those objectives are misplaced...simply put.

    Could I be right?

    • by fuzzyfuzzyfungus (1223518) on Tuesday July 20, 2010 @01:30PM (#32967230) Journal
      The fact that we are using the ridiculous term "cyberwarrior" suggests that, at the very least, the people writing the PR playbooks don't have a fucking clue.

      In addition to being corny as hell, "cyberwarrior" implies a dangerously literal application of traditional military doctrines(ie. you have the civilians, who do whatever, and then you have an army that stands between them and the bad guys and blows things up) to computer security. With networked computers, aside from the specific case of DOD sysadmins, virtually all of "computer security" is about making sure that the (overwhelmingly civilian) software and systems are properly designed and built. That isn't something that you are going to do by having a few "cyberwarriors" to hack through the enemy's code walls, or whatever. That is only doable by, more or less, massively increasing the status(and cost, sorry MBAs...) of programmers, software engineers, sysadmins, etc.

      Obviously, there will be some need for near-black-hats to spook around hostile networks in the service of various sinister three letter agencies; but the vast majority of "computer security" is much closer to being analogous to a civil engineering or public health question than it is to being a military one. Trying to solve "cybersecurity" with a relatively small number of "elite cyberwarriors" is rather like trying to keep a population from dying of cholera by building a few world-class research hospitals(with bed space for like 1% of the cases), rather than having civil engineers knock together a water system...
      • by gstoddart (321705)

        In addition to being corny as hell, "cyberwarrior" implies a dangerously literal application of traditional military doctrines(ie. you have the civilians, who do whatever, and then you have an army that stands between them and the bad guys and blows things up) to computer security.

        I think you've just described the plot of Live Free or Die Hard [imdb.com]. :-P

    • Our government needs MASSIVE improvements in their computer security. But the requirements of the government (get it secure now) are the opposite of the requirements of business (keep it just sucky enough to be able to sell the next version).

      And with that situation, no matter how many smart people you have working in government, there will always be more work than they can do. Which leads to hiring people who are less smart. And just about anyone in IT can tell you what happens when you put less skilled peo

  • 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."

    That's ok, just click on brightness and adjust. Works for my monitor.

    If you can't get them bright enough for when you move backward in time, that's when we have a problem.

  • all y'all have to do is setup a few sub sub basements with a few racks and fridges and then move anybody that can
    hack the doors into the group (of course filter for the obvious "problems").

    a few hints
    1 most good hackers will have some sort of criminal record
    2 hackers may or may not like a normal uniform and the hair thing may be an issue
    3 when you have a group setup DO NOT VISIT DO NOT ASK "HOW" (plausible deneyability is a good thing)
    4 psych evals may be another issue

    • by qbzzt (11136)

      How would the managers know if the people they hired to protect the system aren't a greater risk from those they are protecting from?

    • When I read this article I was thinking along the same lines: that many people who would be bright enough to be a asset are also bright enough to know that they would have dificulty passing a background check, a drug check, complying with a strict dress code, regular hours, ...

      I don't know what the solution is but I wonder if in this case, the military is it's own worst enemy -- deliberately disuading from service the very types of people they need to court: the open-minded, free-thinking, sociatal-challang

    • A CI is as close as a hacker ever will get to working for the government. Nobody volunteers to be a CI so they are forced into it. The option is usually to continue getting raped in prison, or become a CI. The problem is the life of a CI generally sucks.

      So no hacker is going to be able to really become a government employee. The hackers broke a federal law and this disqualifies them from ever serving in an official capacity. Why? It's so difficult to get security clearance that felons have no chance.

      So the

  • Cyber Warriors lol (Score:4, Insightful)

    by hypergreatthing (254983) on Tuesday July 20, 2010 @01:20PM (#32967050)

    Yes. I know what they should do. Bring back photon and use it as a recruitment tool http://en.wikipedia.org/wiki/Photon_(TV_series) [wikipedia.org]

    Who in their right mind would join up with a organization which wants to call you a Cyber Warrior?

    I mean, i get it from the perspective of appropriating money that should be used for better causes and justifying your 6 figure salary and all. But this whole thing is laughable.

  • by Culture20 (968837) on Tuesday July 20, 2010 @01:20PM (#32967058)
    Right Here [tronguy.net]
  • by Zeek40 (1017978) on Tuesday July 20, 2010 @01:21PM (#32967066)
    A big part of the problem is that those jobs are very unappealing. First the applicants have to get a security clearance, which weeds out all non-citizens and a good deal of other applicants, then they are forced to work in secure facilities that feel like caves or underground bunkers, and on top of that they aren't allowed to discuss what they do in anything but the most general terms. Taking a job doing cyber ops for the government is volunteering to put a giant gap in your resume that you can't discuss.
    • by qbzzt (11136)

      How many of those jobs are actually in the government? Most of our critical infrastructure (phone system, backbone, water supply, electrical supply, and so on) is privately owned and operated.

      • by gad_zuki! (70830)

        This is a good point and I was wondering the same thing. Why would we need more government security guys? Its in private industry that we need better security. Sure, the government could play a hand in that, but if your company isn't taking security seriously and using vendors that tie their hands, then all the government help in the world isn't going to help.

        There's no real cyberwar going on. There's just a bazillion skirmishes between hundreds of thousands of players. The government is just one player. P

      • by Zeek40 (1017978)
        Sorry, I meant government contracting. Almost all of the jobs are at civilian companies, but you need a security clearance to do them, so you're operating under the umbrella of the DoD.
    • The economy as it is right now has plenty of talented individuals just waiting to get hired. Theres 10% unemployment so there is no shortage of the labor force, as for qualifications these are skills which aren't learned in school so the government must already know who does what, they have enough fbi informants and others who gather information on anybody with any shred of credibility as far as computer skills go.

      So either they people they want to hire would rather remain unemployed than work for them (whi

    • by Culture20 (968837)

      Taking a job doing cyber ops for the government is volunteering to put a giant gap in your resume that you can't discuss.

      I don't know about you, but if I got an applicant for a position that said "I can't discuss my last job, but here's a recommendation from Colonel Muckitymuck, and no, he can't discuss what I did either. Your great grandkids might learn about it in history books though." I'd be impressed.

    • by Grishnakh (216268) on Tuesday July 20, 2010 @03:58PM (#32969414)

      First the applicants have to get a security clearance, which weeds out all non-citizens and a good deal of other applicants,

      Don't forget that the Federal government is big on drug testing, and the people who'd do well at this job are likely to be users of a fairly harmless, naturally-growing herb which happens to be highly illegal, and whose users are routinely thrown in prison for long terms, causing other dangerous and violent criminals to be released early to make room for them.

  • A bad deal (Score:5, Interesting)

    by DoofusOfDeath (636671) on Tuesday July 20, 2010 @01:22PM (#32967078)

    The federal government has a habit of imposing soul-crushing bureaucracies on its workers.

    Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.

  • Shortages (Score:5, Interesting)

    by Ukab the Great (87152) on Tuesday July 20, 2010 @01:22PM (#32967084)

    I'd believe in stuff like

    1. Shortages of people who patch their systems
    2. Shortages of companies who are willing to pay security specialists a decent wage
    3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
    4. Shortages of armed services who'd take overweight computer professionals over 30
    5. The tooth fairy
    6. Unicorns

    But a shortage of cyberwarriors? That seems a bit far fetched.

  • > a severe shortage of ... [sufficiently bright people]...
    > with the skills and knowledge necessary to do battle

    How many do we need? I submit that the number of brilliant hackers we need is quite small; if any shortage exists, it will be in the botnet, not the conference room.

  • I remember looking into some Information Assurance type programs a few years ago, as the buzz about this field (especially in the government sector) was beginning to pick up (or at least when I first became aware of it). Some of these programs cost about $50,000 USD a year. It was just too expensive in my eyes. Perhaps that's just become the cost of private higher education, but that doesn't make it easier to accept. I don't recall what the starting salaries for these types of specialists were, though.

    T

  • by stagg (1606187) on Tuesday July 20, 2010 @01:26PM (#32967156)
    ...is legal and cultural. The US penalizes innovation and experimentation more than anyone. The US government is responsible for the DMCA and massive efforts to punish people for hacking their own hardware and software, ludicrous prison terms, and so forth. On top of that you have a move away from generic, "hackable" computers to walled garden, Apple style technologies. That kind of culture doesn't really nurture a generation of future hackers. We don't encourage youth people to explore technology, we want them to play by the rules and keep their noses clean. With hacking hardware and software so stubbornly discouraged, it's no wonder that not very many people have the desired skill set.
    • by Americano (920576) on Tuesday July 20, 2010 @01:49PM (#32967572)

      The US penalizes innovation and experimentation more than anyone.

      Really?! For a country that penalizes this stuff more than anybody else, we sure do whole lot of it!

      http://www.nationmaster.com/graph/eco_res_and_dev_exp_of_gdp-economy-research-development-expenditure-gdp [nationmaster.com]
      http://ideas.repec.org/a/eaa/eerese/v5y2005i5_9.html [repec.org]
      http://en.wikipedia.org/wiki/Innovation#Measures [wikipedia.org]

      Perhaps next time you should engage your brain before spouting off Slashdot banalities designed to curry you favor with the mods!

  • by malice95 (40013) <Michael.Cunningham.USANO@SPAMgmail.com> on Tuesday July 20, 2010 @01:27PM (#32967180)

    People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).

    Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.

    There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.

    • by Krahar (1655029)

      Hacking skills are not taught in schools and working for the goverment pays c@rp

      Hey nice! I love carp!

  • Well, Duh! (Score:2, Insightful)

    by Anonymous Coward

    As an educator, specifically a computer science educator in higher education, I have to say that this is a shortage that the US has created. Let's see, if we outsource all IT jobs, and then allow various industry groups to sue the snot out of people based on their IP address; let's tell all potential students that jobs in this area can be done overseas, and that there is no reason to go into this area; let's pay low, low wages, and accept low-quality work from people who rose through the ranks due to politi

  • by terrahertz (911030) on Tuesday July 20, 2010 @01:27PM (#32967190)

    In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries.

    Based on my own experience, I would argue that there is a severe shortage of computer security specialists and engineers with the skills and knowledge and desire to do battle against would-be adversaries. Whether it's a personal financial concern or a personal ethical concern, there are lots of great reasons for skilled and knowledgeable experts to seek employment elsewhere.

  • Poor Recruiting (Score:3, Interesting)

    by Rob Riggs (6418) on Tuesday July 20, 2010 @01:28PM (#32967202) Homepage Journal

    Where are the recruiting posters, TV spots, and in-game adverts? I know the Marines and Army are looking. Where the heck does one sign up for cyber-warrior boot camp? What's the web site, email address or 1-800 number? Even the article leaves out that information. What a missed opportunity.

    Hint: hire a marketing team first.

  • The problem is a culture of insecurity that is pervasive throughout the entire country. Corporate entities do the bare minimum required by law to enforce security "standards". Government contractors don't seem to take security into account any more than they have to either.

    I worked at Data General for a while, on their B2 secure UNIX. My job was to audit functions in the C standard library for unexpected side-effects. I have never seen another company that pays that sort of attention to security. Data Gen

  • The culture (wage,work environment, hiring, management) is all wrong to attract true talent. I would really have to be hard pressed for work to consider a government job.

  • 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,'

    All we have are a bunch of morons here.

  • More than 850,000 people in the US hold Top Secret clearance. There are a lot of "sufficiently bright" technologists at NSA, CIA, DOD, etc and their contractors. Perhaps the issue is more one of priority than spending?
  • if (ugly or terrorist or other_party or undesireable)

    then (set off required little bomb in computer)

    endif

    you're welcome. the definitions table is up to you.

  • I work for a local government agency and have over 20 years experience in IT, with almost 10 in security. Due to a "small world" situation, my name came across the desk of someone at the FBI. I was informally asked what level of interest I would have working for them. I asked the guy several questions and came away with the following: Take a substantial pay cut, move my family over 400 miles away from most of our relatives, forfeit the retirement at my current employer, go through the FBI academy (no de
  • by vlm (69642) on Tuesday July 20, 2010 @01:46PM (#32967518)

    necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors

    Who is the enemy? If you think its a nebulous "them", then you're wrong, its us.

    "security" where I work is primarily focused on giving as many employees parking tickets as possible, monitoring our every move (although car breakins are of course not monitored), protecting the company from downsized employees, and generally being bullies.

    I can assure you that "leet cyberwarriors" are not going to be used against enemy nation of the week, but against Americans. Against people with the mistaken idea they live in a free country. Against anyone standing in the way of the big corporations that pay for our elections. Against anyone whom does not understand they exist to serve the govt, not the other way around.

  • General Turgidson: "Mister President! We must not allow... a NERD gap!"

  • We need a boot camp for this with out the PT / yelling in your face part.

    Also open it up to the people who are good with systems but not with dealing with people / PHB BS.

  • If the U.S. government were to offer training and good-paying jobs in "cyber warfare" or whatever they want to call it, I believe there are plenty of people who would rise to the opportunity. Full scholarships, retraining for displaced professionals, that sort of thing. What they seem to expect instead is an unlimited pool of highly skilled, motivated workers all ready to hit the ground running as soon as a job is (eventually) created for them. It doesn't work like that.

    When they say "critical shortage o

  • Open it up to Rain Man like people who are good with computers but are pass over for the army over there Autism / other things like it. There are people with stuff like Autism who can do good just as long is there some way to keep the all the non tech work bs way from them.

  • by QuantGuy (654249) on Tuesday July 20, 2010 @02:55PM (#32968466)

    This story is the biggest bunch of BS.

    I listened to this story on NPR. Instead of actually relying on hard data, the reporter simply found someone who estimated there are only 1,000 qualified "cyber" professionals in the US. The source presented no hard data, just a gut feel that there aren't enough people. This figure is about as well-sourced as the claim (often repeated) that the underground malware economy is bigger than the market for illegal drugs.

    Meanwhile, instead of calling outside the beltway, NPR also called up Alan Paller, the head of the SANS Institute, who parroted the same line. How Paller can say that there are less than 1,000 qualified security professionals with a straight face is beyond me. SANS claims to have trained over 150,000 people. Does that mean that 99% of their "graduates" are therefore unqualified?

    The worst part about this is that NPR did not even bother to disclose Paller's blatant conflict of interest. Contrary to popular belief, SANS is NOT a non-profit. It's in business to make a buck. I can't think of a better way to plump up the attendance rolls than to manufacture scare stories about "shortages" of professionals.

    I've got no real issues with Paller other than the fact that he's just another garden-variety huckster. I've got a bigger problem with NPR, who was just plain sloppy.

  • by walterbyrd (182728) on Tuesday July 20, 2010 @04:01PM (#32969472)

    I have been in IT for 30 years. I started in the USAF, and went on to work for defense contractors. Have held several clearances, including top secret. Have degrees in math and comp sci. I am presently long term unemployed.

    It seems to me that these "desperate shortage" articles come out routinely. No matter how many major IT layoffs, or how many CS grads can not find a job, or how depressed wages are for IT pros.

    Why are these articles never specific? Exactly what skills do they need that they find so hard to fill? Exactly what credentials are they looking for: BSCS, PhD, CISSP, CCIE, or what?

    Why do these articles seem to reek of corporate/government propaganda?

  • Hiring practices (Score:4, Insightful)

    by pootypeople (212497) on Tuesday July 20, 2010 @04:25PM (#32969860)

    Good IT guys don't want to go through the nonsense associated with these positions. They can get jobs with private industry that don't have the headaches. I live in the Washington area and there are plenty of IT jobs here. You just have to have a TS/SCI or plan to get one. I'm much happier not having the FBI asking my neighbors questions and crap like that.

  • by walterbyrd (182728) on Tuesday July 20, 2010 @04:41PM (#32970118)

    They typical run these propaganda campaigns about every six months.

    http://www.fiercegovernmentit.com/story/u-s-faces-shortage-cybersecurity-workers/2009-12-23 [fiercegovernmentit.com]

    Screaming and crying about desperate shortages is just a routine part of business. It keeps the poor saps studying for a career they will probably never get. It keeps the markets nice and glutted.

    IMO: what really gives this away as propaganda, is the lack of specificity. They will never tell you exactly what credentials are supposedly in such short supply.

The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth. -- Niels Bohr

Working...