Guess the Size of Fed IT Security Workforce

[InfoSec News <alerts () infosecnews org>]

http://www.govinfosecurity.com/articles.php?art_id=4285

By Eric Chabrow
Executive Editor
GovInfoSecurity.com
November 30, 2011

The lack of government-wide definitions for information security 
occupations means the agencies with the largest IT budgets don't know 
how many cybersecurity experts they employ.

That's one finding in a Government Accountability Office report released 
Tuesday that details how eight surveyed agencies have taken varied steps 
to implement workforce planning for IT security personnel. The report, 
entitled Cybersecurity Human Capital: Initiatives Need Better Planning 
and Coordination, also revealed:

* All surveyed agencies had defined roles and responsibilities for their 
cybersecurity workforce, but these roles did not always align with 
guidelines issued by the federal Chief Information Officers Council and 
National Institute of Standards and Technology.

* Some agencies had few problems recruiting qualified IT security 
personnel while others had a hard time hiring infosec experts. One 
department, Veterans Affairs, said it can find qualified personnel, but 
once they've been trained, they leave for higher paying jobs, often with 
government contractors.

* Most agencies employed some form of incentives to support their IT 
security workforce, but none of the eight agencies had metrics to 
measure the effectiveness of those inducements.

* The robustness and availability of cybersecurity training and 
development programs varied significantly among the agencies. For 
example, the departments of Commerce and Defense required cybersecurity 
personnel to obtain certifications and fulfill continuing education 
requirements. Other agencies used an informal or ad hoc approach to 
identifying required training.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn