Developing the Cyber Security Workforce - Different Perspectives

March 12, 2014

Viewpoint 1: We Need Lots of People, Chosen and Developed Properly
“A holistic approach to developing the cybersecurity workforce is needed, based on careful integration of workforce development strategies into a plan that involves educators, career professionals, employers, and policymakers. A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest.”
From “Holistically Building the Cybersecurity Workforce” by Lance J. Hoffman, Diana L. Burley, and Costis Toregas, IEEE Security & Privacy Magazine, March-April 2012.

Viewpoint 2: A Human in the Loop May Not be a Failsafe but a Liability
“ … We security professionals make a claim to the salary we draw because of our “judg­ment” and “skill.” I suggest that the demand for that judgment, that skill will soon wither in the face of the second [machine to machine] economy. We see computers doing things right now—Amazon or Netflix recommendations, Zil­low estimates—that a decade ago would have required a human to intervene. The networked security militias of the second economy do not wait for humans, and it’s possible to argue that for the scale and speed at which a networked security collective operates, a human in the loop is not a failsafe but a liability (see http://geer.tinho.net/geer.suitsandspooks.8ii12.txt).
… which infosec job descriptions are more like typ­ists and draftsmen and which are more like teachers and doctors? Do we need more infosec fighter pilots or more infosec ambu­lance drivers? Will the salaries of infosec professionals remain high enough for young people to indenture themselves? …”
From “More or Less” by Daniel E. Geer, Jr., IEEE Security & Privacy Magazine, January/February 2012