While there's a notion that a dearth of cybersecurity professionals the shortage is most acute at the "high end" where $250,000 salaries are not uncommon for those who combine technical and managerial skills.
That's according to the RAND Corp. report today on the topic, which also looked at how well the National Security Agency and other military-focused agencies were recruiting cybersecurity pros.
The "H4CKERS WANTED" report from RAND, the non-profit policy think tank funded by the U.S. government and private endowment, looked at whether cybersecurity jobs are going unfilled, especially in the federal government, and if so, why. Co-authored by Martin Libicki, David Sentry and Julia Pollak, the RAND report reaches the conclusion that in the spectrum of the tasks that cybersecurity professionals might do, two types stand out as hard to find and recruit. In addition to the managerial job often thought of as the "chief information security officer" these days, it's also the talented geeky few who can figure out that highly stealthy attacks are occurring or who can find "the hidden vulnerabilities in software and systems that allow advanced persistent threats to take hold of targeted systems."
Demand for cybersecurity skills in general began rising within the last five years, the report says, not because hackers are attacking networks more but because the defenders of those networks are far more aware of the hackers and are eager to employ someone who can set up ways to detect and stop them. In addition, the rise of state-sponsored stealthy cyber-espionage--and in some cases, even hard-hitting attacks suggestive of cyberwar--is heightening concerns.
The U.S. federal government, especially the Department of Defense (DoD), has sometimes found it hard to compete with the private sector to hire those cybersecurity professionals. That's not only because DoD salaries are not only often lower than the private sector, but it's hard to flexibly change government salaries because of bureaucratic rules. "Thus, even as many proclaim the advent of cyberwar as a decisive component of modern warfare, others argue that DoD has a difficult time acquiring the people to wage that kind of war," RAND notes.
Even when the U.S. government makes an effort to grant agencies leeway to offer higher salaries and benefits--the report says the DoD's nascent U.S. Cyber Command, through the U.S Air Force, is making direct hires and offering recruits moving expenses and repayment of student loans, for example -- there are still many obstacles: long recruitment, vetting, background checks and security clearance can add months and discourage potential candidates. The report notes outsourcing to private contractors isn't entirely feasible, pointing out at a minimum there are often "legal issues associated with who can do what, many associated with the chain of military command."
Sign up for CIO Asia eNewsletters.