In spite of the headlines about NSA secrets leaked by former NSA contractor Edward Snowden, the NSA seems to find no shortage of people wanting to work there. RAND says NSA, "the country's largest and leading employer of cybersecurity professionals," is doing well in hiring, with fewer than 1% of their positions going vacant for any length of time. A mention is made in the RAND report that some federal agencies think they are being outbid for cybersecurity personnel by the NSA, FBI and Department of Homeland Security.
"NSA also has a very low turnover rate (losing no more to voluntary quits than to retirements)," the RAND report states. "One reason is that it pays attention to senior technical development programs to ensure that employees stay current and engaged."
RAND says NSA does devote a lot of time and energy to the task of finding the cybersecurity professionals it needs, having a total of 1,500 involving in the recruiting and employment process, with outreach into many universities, especially those with a "reputation for educating people who go into the military."
Eighty percent of NSA cybersecurity hires are entry level, with most having bachelor's degrees. NSA also has a "very intensive schooling system, lasting as long as three years for some," the report notes, adding, "For the most part, our interview suggests that the NSA makes rather than buys cybersecurity professionals." The NSA today absorbs a third of all Scholarship for Service graduates, the report says, partly because it has the most job openings and "also because it has a reputation for hiring the best hackers."
The Central Intelligence Agency also seeks to "build talent from within" but apparently faces more challenges in finding cybersecurity professionals, the report says.
The DoD's U.S. Cyber Command puts specific emphasis on an ability to work with foreign languages. The intent at USCYBERCOM is to "build teams of Cyber Protection Platoons that will be certified through mission-assistance training." The DoD's move to cloud-based services "could recast the skills required by cybersecurity warriors, from scanning and patching networks to the management of mobile devices and data access controls," the report points out.
The U.S. Air Force has a clearly-defined program for its cybersecurity mission that is working well enough that there is now the equivalent of a cybersecurity "waiting list." But the authors of the RAND report also express some skepticism that the Air Force may be a tad overoptimistic because it's using more civilians and fewer military personnel for cybersecurity than its goals suggest. "The USCYBERCOM guidance to its service components was to strive for a force mix of 80% military and 20% civilian, but the Air Force and other components find themselves running 60% military, 30% civilian and 10% contractors."
Sign up for CIO Asia eNewsletters.