The Cyber Money Train

Monday, October 15, 2012

Joel Harding


Almost everybody knows that anything to do with Cyber equates to a lot of money.  One estimate for CY 2012 was $13 Billion being budgeted for cybersecurity just for the US government.

One study I recently read predicted we would need to increase spending by up to 1,800 percent to get adequate protection.  That, ladies and gentlemen, is a big chunk of change.

Recently I was sent an email by a colleague.  In the email they were discussing if this group should become involved in ‘cyber’.  I’m going to anonymize it, but here is the phrase that caught my eye:

"Everyone keeps on saying that “cyber is where the money is at” or “cyber programs are going to get more funding”.  Should cyber be something [we] should get more involved in?"

They do not come out and explicitly state that ‘because there is money we need to get our fingers into that money (get our fair share) and should we do it?  The answer is obviously “yes”, just for the sake of getting more money for the group.  The blatant quest for money is almost sickening. 

With the economy the way it is, I can understand this feeling, but where is the altruism?  Where is the drive for service for service’s sake?  The question should be ‘How can we help best and, oh by the way, how can we pay our bills at the same time?’  You could say it is the same thing but the emphasis is on the service, not the money.  It may possibly just be semantics but the emphasis is placed correctly.

This exposes one of the weakness of the system as a whole.  Anybody and everybody with the tiniest of irons in the fire thinks they need to get into the cyber game whereas I can testify that there are so many experts in the field that 50% of them could go away tomorrow and most of us wouldn’t notice and, more truthfully, not care. 

I have gone to many ‘cyber’ conferences and onstage there is some Senior VP on stage, pitching his company.  The blatant salesmanship is staggering. Sharing an idea, a concept, teaching others, rallying the community?  Fugghedaboutit.

Those who leave government service and work for a private corporation are usually relatively altruistic but some are louder and more blatant than others.  A former National Security Advisor wrote a book and when he speaks I keep wondering if he’s trying to increase the sales of his book. 

I have also seen a former Director of National Intelligence speaking about the cyber threat and how the sky is falling and all I can think about is that the corporation he is working for sells cybersecurity.

I recently had a meeting with a wonderful person who works at the Office of the Undersecretary of Defense for Policy, in the Cyber Policy office and I honestly felt sorry for them when they admitted they had no money, no contracts and weren’t hiring.  All the Business Development people in all the corporations must stay away, they don’t want to waste their time developing relationships with someone at the Pentagon who has no money to give them.

Later I was meeting with a business leader who lands contracts by forming a consortium of experts and surgically inserting them in efforts to win contracts and we were discussing “where’s the money?”  My own hypocrisy struck me but then the stark reality hit me squarely in the face.   I need the money.  I need more contracts, I need to pay the bills and not lose my house.

So, as Cuba Gooding Jr. and Tom Cruise say in Jerry MaGuire:  “Show me the Money” and I’ll show you where most cybersecurity experts are flocking towards.  I only hope it’s for the right reason or at least stated that way.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Budgets Cyber Security Security Infosec
Post Rating I Like this!
CP Constantine Preach it Brutha!

Though let's face it, I think we'd all be a little happier, if the money going around wasn't lining the pockets of people who do nothing but leech off the hard work done by others - but then, what else is new under the sun? The sharks have been circling onto infosec from all angles in the last decade, and all it takes is a worried smile, a reassuring handshake, a reference sheet of other people's ideas and an ignorant and fearful audience, to make a mint. Meanwhile, the people who actually solve problems will continue to struggle in underpaid anonymity; because solving actual problems is higher on their priority list than stroking their own ego and lining their pockets. Hardly unique to infosec though; ask any engineer from the past two centuries.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.