Filling the Infosec Talent Gap in the United States

Keith Glass DHS, in particular, is going to have problems getting people. They have a bad reputation as a place to work for IT folks, their security clearance process is byzantine, and frankly, they don't pay a premium for Cleared workers, which Defense and Inteligence tend to do.

As for State and Local positions, given the current budgetary problems of all too many states and localities, it's going to be difficult, if not impossible, to match the salaries available for Federal or Private Sector positions. And if they can't hire, it's even more unlikely they'll subsidize a "Security Cadet" with no immediate return on investment.

In the end, it all comes down to not enough money chasing too few qualified individuals.

Carter Schoenberg Keith,

My apologies if I did not drive my point clearly enough. My intent was to ask if organizations that can't afford the high end talent can get these people at undervalued salaries while these people finish out their obligations to the government, if that would be worth each organization subsidizing "X" amount annually to ensure there is always a revolving pool of qualified candidates.

Carter Schoenberg When I look at "Is Infosec Worker Need Underestimated?" http://www.govinfosecurity.com/podcasts.php?podcastID=719&rf=2010-09-07-eg I scratch my head when I review the laborious process that Keith rightfully described as (byzantine) it becomes clear that there is no real process to quickly bring on qualified talent into our agencies. Most likely just lateral moves from OSI, NCIS and other entities merely changing from DoD to non-DoD roles. Given current attempts to have all aspects of budget for cybersecurity under one czar, it makes for interesting water cooler talk to see how this will pan out. Especially since a recently appointed DoD CIO is on hold for a few months now even after the offer was extended.

Keith Glass I still maintain that the economics of scarce talent are going to overwhelm any hopes of getting people while they are "undervalued". Considering, ESPECIALLY at the state and local level, where budgetary-based furloughs are increasingly common, why a pro with in-demand talents would remain there ?? Any contract to remain with a given organization in return for subsidization of education would go null and void as soon as the job "stopped": a contract goes both ways. . .

Susan V. James I can't see anyone who possesses a clearance, a coveted security certification or two, and several years of experience in infosec even looking at the DoD or DHS as an employer. Consider that the same infosec talent is also needed in the bank/financial regulatory agencies. In that arena, the govt. is in direct competition with the financial industry for talent: Bank of America, CitiGroup, JP Morgan Chase... and the Big Four audit firms who keep an eye on them. Plus the numerous consultancies that cater to the IT/security needs of that sector. The govt. has to really ratchet up the infosec pay scale to compete - or *regulate* the entire infosec industry and put a cap on what everyone can make so they can compete - or resort to conscription. There's just overall too few people in the talent pool that everyone is chasing after. And outsourcing to the cheapest overseas provider is not a solution here (oh, the irony.) They either have to pay competitively, or make the job about something other than a big paycheck in the near term. Perhaps a promise of a retirement check (deferred compensation) after 10 years of service, regardless of age, or tax incentives for infosec talent that chooses to work in the govt. sector - until the problem of an insufficient talent pool is addressed.

But I do think areas of govt. infosec are starting to open their wallets. I saw a job posting a couple of months ago for a Federal Reserve Bank, for an InfoSec managerial position (not at the top) where the starting salary range was listed between 215-250k, plus bonus. Clearance and commensurate experience required, and they were willing to sponsor the clearance for the right person.