Cyber Workforce Plan: A Different Take
The Obama administration late last week released a blueprint outlining steps to improve the recruitment, hiring and training of the cybersecurity workforce. And according to one expert, the blueprint is on the right track.
Hord Tipton, executive director of (ISC)2, told Wired Workplace on Wednesday that the administration's plans to adopt cybersecurity competency models, engage in cyber workforce planning and increase the number of cyber professionals nationwide are all welcome and effective steps to solving what has been dubbed a human capital crisis in cybersecurity.
The document is "validation in large part for many of the areas that we've identified are problems," Tipton said. "I'm left with the sense that we're on the same track here."
Tipton said he was most encouraged by the strategy's plan to open the discussion about the cybersecurity workforce to public and private groups. "It hasn't always been that way," he said. "All of this was trying to be developed inside government, and we felt they lost a lot of opportunity with that."
(ISC)2, which provides certification and training to cyber professionals, already has seen an increase in the number of people looking to obtain certifications, which in turn has caused the pass rates of certification exams to drop slightly, from mid-60 percent down to 50 percent, Tipton said.
"I think there's a recognition now in the hiring community that you have to validate that people can do the great things they claim to do," Tipton said. "We have a lot of people taking the exam now and more jobs that depend on certification. Our pass rates have dropped a bit because we have a lot more people who want to come into this space who aren't really qualified."
Tipton's comments are in stark contrast to comments made Monday by the SANS Institute's Alan Paller, who noted that the strategy's lack of focus on developing hands-on education for cyber professionals could spoil the entire plan.
Still, Tipton did agree that the plan could use some tweaking on areas like education and certification. He also noted that one major goal of the plan -- to increase the number of cyber professionals nationwide by 20 percent by 2015 -- may be a bit ambitious. "It may be optimistic, but you have to set your goals high here," he said. "We're ready to do our part."