US Army: Military finds IT security certification difficulties

[InfoSec News <alerts () infosecnews org>]

https://www.networkworld.com/news/2012/041012-army-security-certs-258136.html

By Ellen Messmer
Network World
April 10, 2012

The U.S. Army is having a hard time manning its IT staff because it 
cannot find military personnel with the right networking and IT security 
qualifications.

The Department of Defense (DOD) Directive 8570.01-M is a military 
regulation first published in 2005 that puts forward considerable detail 
on the workplace and related training and certifications that military 
personnel -- and now contractors as well -- must have to operate 
DOD-related information systems for information assurance purposes. But 
the problem for the Army at this point is that it doesn't have enough 
personnel with the required training, said Lisa Lee, information 
assurance program manager, Program Executive Office, Enterprise 
Information Systems in the U.S. Army.

To cope with the shortage of certified personnel, the Army is altering 
its guidelines so that not as many individuals working in areas it calls 
"an enclave boundary" -- defined as a specific set of routers and 
firewalls -- will have to meet the previous requirements, said Lee, who 
spoke on the topic on behalf of the Army at the recent FOSE Conference 
in Washington, D.C.

With that change, the individuals who have the higher security 
credentials the military wants will be granted higher network 
administrative privileges and those at a lower certification level will 
have less, and likely make less money, she noted. "I was forced to do 
it," she said. "We have some good people having trouble passing the 
tests. They're just not good test takers."

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org