The Department of Homeland Security is planning a major hiring spree, looking to fill as many as 1,000 cybersecurity positions over the course of the next three years. The department announced the new initiative Thursday, marking DHS’s first real push to hire a large number of information security experts.
The new hiring authorization gives DHS the power to bring in hundreds of workers with backgrounds in network security, incident response, vulnerability detection and response and other security disciplines. However, the department likely won’t fill all of the positions, DHS Secretary Janet Napolitano said.
“Effective cybersecurity requires all partners—individuals, communities, government entities and the private sector—to work together to protect our networks and strengthen our cyber resiliency,” said Napolitano (below) in her announcement. “This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation’s defenses against cyber threats.”
But that’s an overly optimistic and simplistic view of the situation. Recruiting the “best cyber analysts, developers and engineers in the world” requires a number of things, not the least of which is money. The best security people in the world likely already have jobs that pay them considerably more than what the government can offer. Granted, the chance to help your country while doing interesting work can be a powerful draw, but it is unlikely to outweigh the more tangible benefits of life in the private sector.
DHS and other federal agencies have had a very difficult time recruiting and keeping top-flight security talent in recent years, and it’s unclear why that will change anytime soon. As Brian Krebs points out, even the National Security Agency is having trouble stemming the tide of departures from its security organization, many of whom are leaving to join the new Cyber Command just down the road.
Another problem is that many of the best security professionals in the world don’t live in the United States. Germany, Brazil, China, Russia and other countries have more than their fair share of security talent. And even if experts from abroad wanted to come work for DHS, it would be a long road for them to get in the door. But that’s a minor concern. There are certainly more than 1,000 qualified security pros in the U.S. Getting them to head to Washington is the real sticking point.
It’s encouraging to see the government acknowledging the need for more expertise. As the old saying goes, the first step is acknowledging that you have a problem. But simply throwing bodies (assuming DHS can get them) at the problem won’t be enough. The government, and by extension, the country, is sorely lacking leadership on the issue of cybersecurity and the longer that the White House delays naming a national cybersecurity coordinator, the deeper that deficit will be.
The word from Washington is that President Obama is likely to take the opportunity to name the coordinator this month, which happens to be National Cybersecurity Month. If he does, that will be a nice story. But it will be only the beginning of the fight, not the end.
*Janet Napolitano image via jim.greenhill‘s Flickr photostream.