No Recession For Cybersecurity
Gail Repsher Emery,Washington Technology
Nov 21, 2001 4:31 AM
WASHINGTON, D.C., U.S.A., 2001 NOV 21 (NB) --
With the demand for cybersecurity professionals outstripping
supply, high-tech companies and government
agencies are using innovative programs to recruit and train workers
with specialized skills in information security.
Booz-Allen & Hamilton Inc. of McLean, Va., for
example, held a reunion of former employees who worked on national
security projects Nov. 6 in Annapolis Junction,
Md. The company also relies heavily on its employee referral program.
Recruiting manager Elizabeth Segal said
sometimes 50 percent of Booz-Allen's information security hires come
through employee referrals.
At the State Department, officials are taking
advantage of a 3-year-old incentive program to recruit and retain IT
security professionals, said Bruce Morrison,
deputy chief information officer for operations in the department's
Bureau of Information Resource Management. The
State Department will pay an incentive bonus worth 5 percent to
10 percent of base salary to employees who
receive certificates in certain information technology specialties,
including information security.
“It's been successful in retaining people who
have specific security skills and encouraging people to get specific
security specifications,” Morrison said. “It
targets the people who are most valuable to the department and most
likely
to be lured away by the private sector.”
Like Booz-Allen and the State Department, many
commercial and governmental enterprises are moving rapidly to
satisfy the government's growing need for
improved IT security following the Sept. 11 terrorist attacks.
Organizations have been beefing up their IT
security staffs, checking for system vulnerabilities and installing new
security fixes.
“The people who attacked the World Trade Center
and the Pentagon seemed much more interested in blowing things
up than in attacking our critical
infrastructure, but they also surprised the world with their audacity.
We cannot
discount the potential threat of attack against
our IT infrastructure,” said Lynn McNulty, an information security
consultant who works primarily for federal
agencies.
Consulting firm Booz-Allen has responded to the
threat by bringing together its partners representing government
and commercial groups in one strategic security
service.
“We've never really offered it as a cross-firm
effort for both government and commercial clients,” Segal said. “But
what we're seeing after Sept. 11 is a common
need. We are going to see that security in a broader sense, including
keeping people, physical infrastructures and
networks secure, will fall under the umbrella of strategic security.
It's
disaster recovery, business continuity,
information operations, computer network defense, critical
infrastructure
protection and information assurance.”
Morrison said the State Department is increasing
its security programs across the board. The department's firewall
staff has been beefed up and is operating 24
hours a day, seven days a week. Other priorities include contingency
planning and security audits on each of the
department's 300 Web sites. The department is also expanding its use of
public key infrastructure and biometrics in
order to lessen the possibility that staff members could access
information
they're not entitled to see.
The Federal Reserve also is examining potential
threats against its systems, said James Wade, vice president of
information technology planning and standards
and chief security officer for the Federal Reserve System, the United
States' central bank. Like Booz-Allen, he's
seeing a movement toward collaboration between the physical security,
information security and business continuity
operations.
“We're talking more about information security
as an enterprisewide operation,” Wade said from his office in
Richmond, Va.
But finding skilled workers is a serious
challenge.
“You find people who have good technical skills,
but they ... do not understand the concepts and methodologies
used in information security,” said Wade, who
also serves as president of the International Information Systems
Security Certification Consortium Inc., a
Framingham, Mass., group dedicated to information security education.
Innovative recruiting methods are helping to
alleviate this problem. An increasing interest in information assurance
and a rise in educational programs is also
expanding the pool of qualified workers.
First of all, “it's cool. It wasn't five years
ago. It also has gotten to be important,” said Alan Paller, director of
research
at the SANS Institute, a research and education
organization in Bethesda, Md., for systems administration,
networking and security. Registration for the
SANS Institute's security courses has surged threefold this year, to
14,000 enrollees, Paller said.
Similarly, the International Information Systems
Security Certification Consortium has seen a surge in IT security
certifications, said McNulty, a member of the
board of directors of the professional certification group. The group
has
awarded more than 5,000 Certified Information
Systems Security Professional certificates, he said.
Several federal education programs designed to
boost the number of IT security professionals should alleviate the
demand over time, said Vic Maconachy, program
manager for the National INFOSEC Education and Training program
at the National Security Agency at Fort Meade,
Md.
The NSA's Centers of Academic Excellence in
Information Assurance Education Program brings attention and
prestige to schools with rigorous IT security
education programs. So far, 23 schools, including the University of
Maryland, Baltimore County, have achieved the
distinction.
Two scholarship programs, one run by the
National Science Foundation, the other run by the Department of Defense,
pay for some IT security education in return for
government service. The NSF program also funds faculty education
in IT security and university IT infrastructure.
The Defense Department program also provides mentors for the
students.
“We've been working for several years to place a
core of cyber security specialists in federal government. That
legislation [establishing these programs] put
money out there to make that a reality,” Maconachy said. “We're seeing
more students come out of academia with greater
skills in information assurance. The numbers are small, but they
will grow.”
Reported by Newsbytes.com,
http://www.newsbytes.com
|
