Expert Flags Flaw in Cyber Workforce Plan

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
Brittany Ballenstedt By Brittany Ballenstedt,
Blogger

By Brittany Ballenstedt

|

The White House on Friday released a draft blueprint for building up the nation's cybersecurity workforce. But according to one expert, the guidance includes one fatal flaw -- it does not focus on building the computing, programming and networking skills necessary for effective cybersecurity work.

Alan Paller, director of the SANS Institute, described for Wired Workplace on Monday the missing piece in the blueprint: "There's no plan for developing the hands-on teachers or for using the existing hands-on people as teachers," Paller said. "It would be like having pilots trained by non-pilots; it would be scary."

The strategy is part of the National Initiative on Cybersecurity Education, or NICE, being developed by the National Institute for Standards and Technology in coordination with several other agencies, including the Homeland Security Department and Office of Personnel Management. The goal of the initiative is to bolster cyber awareness, education and training.

But Paller suggested that the blueprint focus on developing programming skills at the middle school level; security programming and networking management skills in high schools; and other advanced skills, such as script development and automation, reverse engineering, exploit analysis and forensics, in colleges and universities.

"Development of those skills requires an educational model much like that used for pilots and doctors," Paller wrote in a piece submitted to NICE leaders. "Teaching hospitals and flight training schools are the central ingredients. They are staffed by skilled pilots and skilled doctors with thousands of hours of hands-on experience -- not by academics who learned their medicine or piloting from books."

Paller added that the current strategy will have little or no impact in the coming years or even now if it is not updated to focus on developing the critical hands-on cybersecurity skills that are in such short supply.

"Unless the Strategy is amended, following it will lead to the training and development of thousands of people with the wrong skills and, by diverting people and money from the greater need, will exacerbate the shortages of talent needed to respond to a dynamic and rapidly developing array of threats," he said.

What are your thoughts on the draft strategy?

NEXT STORY: Broken Defense Family Deployment Help Links Need Help