[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Guess the Size of Fed IT Security Workforce
By Eric Chabrow
November 30, 2011
The lack of government-wide definitions for information security
occupations means the agencies with the largest IT budgets don't know
how many cybersecurity experts they employ.
That's one finding in a Government Accountability Office report released
Tuesday that details how eight surveyed agencies have taken varied steps
to implement workforce planning for IT security personnel. The report,
entitled Cybersecurity Human Capital: Initiatives Need Better Planning
and Coordination, also revealed:
* All surveyed agencies had defined roles and responsibilities for their
cybersecurity workforce, but these roles did not always align with
guidelines issued by the federal Chief Information Officers Council and
National Institute of Standards and Technology.
* Some agencies had few problems recruiting qualified IT security
personnel while others had a hard time hiring infosec experts. One
department, Veterans Affairs, said it can find qualified personnel, but
once they've been trained, they leave for higher paying jobs, often with
* Most agencies employed some form of incentives to support their IT
security workforce, but none of the eight agencies had metrics to
measure the effectiveness of those inducements.
* The robustness and availability of cybersecurity training and
development programs varied significantly among the agencies. For
example, the departments of Commerce and Defense required cybersecurity
personnel to obtain certifications and fulfill continuing education
requirements. Other agencies used an informal or ad hoc approach to
identifying required training.
Subscribe to InfoSec News - www.infosecnews.org