Delivering Greatness

Leading Thoughts

"Leading Thoughts" is an exciting addition to the EmeSec website here you will find a short summary of thoughts that are relevant and current to EmeSec, information assurance, our customers, and the business of security.

The Future includes Cyber Security Math

Cyber Security and Information Assurance are hot topics and reflect the concern and interest of the military, federal agencies, the White House, Federal Contractors, and employees seeking satisfying careers. Information assurance (IA) has always benefited from essential technology, visionary and highly skilled personnel and evolving processes that incorporate risk, risk management, budget economics, and organizational requirements. As the volume of information and data has grown and continues to expand, information security has become increasingly inter-tangled with technology. The result is the operational term and emphasis on “cyber security.”

As cyber security interest has grown, so has the request for fully qualified candidates at the agency and organizational level throughout the government, DOD and private enterprise. The Center for Strategic & International Studies (CSIS) report by Karen Evans and Franklin Reeder for the President titled “A Human Capital Crisis in Cybersecurity” outlines some of the challenges facing the execution and application of protection through Cyber Security and the need to train, grow and prove technical skills and proficiencies. This model identifies for practicing Cybersecurity and IA professionals how the career path will likely change in the near future. http://csis.org/publication/prepublication-a-human-capital-crisis-in-cybersecurity.

One aspect of the report that was only indirectly addressed is the cost of developing cyber security skills and certifications across a wider range of intern, novice, intermediate, highly technical and expert IA and Cyber Security personnel. Interestingly, the economy and the need for cyber security professionals don’t seem to be in synch. As more and more requests for professional IA services focus on personal and corporate certifications to meet DOD and NIST requirements, the cost estimates and available funding seem less related to the requirements for certifications and the value this type of validated skill set delivers. Individuals with acceptable experience, certifications and clearances have been able to assertively seek increasing salaries that only larger businesses might afford. Government agencies seem to be seeking dedicated and loyal professionals that will work at below market wages while defending our national assets. Smaller businesses are evaluating how best to meet rising costs of employees and shrinking profits within an evolving cyber security market.

Private for profit businesses of all sizes will for a short time provide quality personnel for less profit while regulations and requirements for training increase; however, as market dynamics continue to press businesses expect or consider that cheapening cyber security even during economically stressed times might result in unanticipated challenges that compound the mission of protecting our digital infrastructure. Some of the challenges are likely to be:

  • Increased insider threat from lack of salary or frustration with workload and response
  • Complacency in cyber security implementation and management
  • Increased liability for leaders in government and private enterprise
  • Even fewer students or potential cyber security candidates

Here is the new math of cyber security: Long term, private enterprises may have to evaluate the time and cost of developing new cyber security talent. In addition to establishing training within government and private enterprise, organizations must consider innovative pricing, innovative application and reward for contractors so they might create a new vision for highly technical employees. Employees will always benefit when private enterprise benefits. Government will benefit more when private enterprise benefits. Private enterprise can only support, defend and deliver national readiness appropriately when compensation and value are positively correlated. Cyber Security in the near future will encompass not only the normal business risks and costs, but perhaps a few new math and pricing concepts that we’ve overlooked.