recommended reading

You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors

When the Soviet Union launched the first satellite in 1957, it set off an intellectual arms race that led to more than $1 billion of federal investment in science education. Within a decade, Americans were sending their own expeditions to outer space. Presidents and other public figures since then have made a tradition of referring to Sputnik to push their political agendas. But just because it's a convenient rhetorical lever doesn't invalidate the analogy. And when it comes to cybersecurity, it hits pretty close to the truth.

The United States doesn't have nearly enough people who can defend the country from digital intrusions. We know this, because cybersecurity professionals are part of a larger class of workers in science, technology, engineering, and math--and we don't have nearly enough of them, either. We're just two years into President Obama's decade-long plan to develop an army of STEM teachers. We're little more than one year from his request to Congress for money to retrain 2 million Americans for high-tech work (a request Republicans blocked). And it has been less than a month since the Pentagon said it needed to increase the U.S. Cyber Command's workforce by 300 percent--a tall order by any measure, but one that's grown even more urgent since the public learned of massive and sustained Chinese attempts at cyberespionage last month.

Where are Cyber Command's new hires going to come from? Even with so many Americans out of work, it isn't as though there's a giant pool of cyber professionals tapping their feet, waiting to be plucked up by federal agencies and CEOs who've suddenly realized they're naked in cyberspace. In fact, over the next couple of years, the manpower deficit is only going to get worse as more companies come to grips with the scale of the danger.

Demand for cyber labor is still far outstripping supply, Ron Sanders, a vice president at Booz Allen Hamilton, told National Journal in a phone interview. "With each headline we read," he said, "the demand for skilled cyber professionals just increases."

The number of industry employees is already growing at double-digit rates. A new report released Monday finds that the number of people working in the cyber field is going to grow worldwide by 11 percent every year for the next five years. In North and South America, according to the paper--published by the International Information System Security Certification Consortium (ISC2)--that will mean almost a million more workers in the field by 2017. Many of them will be highly qualified. But not all of them will be in the employ of U.S. entities, to say nothing about working in the United States itself.

Here's another way to look at the supply of cyber labor. Every year since 2008, U.S. colleges have graduated some 38,000 computer-science majors. But, according to Education Department figures, that annual number has actually shrunk from a peak of nearly 60,000 in 2004. We graduate more than twice as many artists every year than computer scientists. And for every computer-science degree, the country gives out two in journalism or communications. The media industry's hurting, sure, but not for a lack of people. Not like this.

Some 12,000 cyber professionals responded to ISC2's annual global workforce survey. Of those, 57 percent reported working from the Americas. As this was a voluntary and self-reporting sample, the actual number of cyber workers based in North and South America could be higher. But it's safe to do at least some back-of-the-envelope calculations with these numbers. Even if we assumed all 6,840 of these respondents were U.S. citizens (which they're almost certainly not), and assuming the Pentagon could grant instant security clearances (which it can't), filling Cyber Command's 3,100 open positions tomorrow would still leave behind a rather large hole.

It gets worse. To become a cyber professional working in government, your record has to be exceptionally clean. That rules out pretty much any U.S. teen who's written a malicious script or vandalized a website. America's cyber competitors, meanwhile, aren't nearly so scrupulous down in HR.

"We do exclude individuals who cross the line, especially advertently," said Sanders. "We should be letting them know there are things you shouldn't do if you expect to go into cybersecurity."

To snag kids before they stray into trouble, as well as to raise interest in STEM jobs generally, recruiters are beginning to reach for younger and younger prospects. Two years ago, Microsoft released a study finding that 80 percent of current STEM students at universities chose their field when they were in high school, or even earlier. A fifth said they'd made up their minds as early as in middle school.

"One of the things we've been doing," said ISC2's foundation director, Julie Peeler, "has been working on reaching down into the secondary education level--and even looking at ways we can affect primary education" with outreach programs to young children. These are built upon what Peeler calls a "common body of knowledge" and ascends all the way to the university level, where over 100 postsecondary institutions now offer "information assurance" programs accredited by the National Security Agency. Forty-two states have certified Centers for Academic Excellence schools. Among them are New York's West Point and the U.S. Naval Academy in Annapolis, Md.

In the (very) long run, those institutions will pay off. But right now? We don't have enough cybersecurity professionals to make up for the deficits of the last five years, let alone meet the growing demands of the next five. At the pace we're training our digital soldiers, government and the private sector won't be working together to secure the country--they will be too busy fighting each other for what little manpower's coming out of the university system. And that's just as scary.

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.