What's wrong with cyber training? Apparently, a lot.

Our recent story headlined “What’s wrong with cyber training?” provoked quite the reaction.

Navy person using keyboard

Why are trained cybersecurity professionals hard for the government to hire?

Our recent story headlined What’s wrong with cyber training? provoked quite the reaction.

Some readers agreed that there is too much focus on paper credentials and not enough on real-world know-how. Others argued that without those certifications, landing a job is next to impossible.

As commenter rb CA put it: (1) In most professions, you have book learning and you learn how to really work after you are hired. No one comes out of college (or the one-week course) ready to design the next gen CPU for Intel. They work their way up after years of effort. (2) We want them cyber ready but their 4 year degree is worthless if they don't have A+, SEC+, and/or CISSP.

Others presented new angles to the discussion. Commenter Kathleen Smith, for example, wrote: "What we don't understand is that those launching cyber attacks have a different moral compass than we do. We do not train our folks to go no-holds-barred when researching, developing an offense or going on the defense as our assailants."

Amber Corrin responds: It’s true that there are cultural factors at play here. In China, enormous pressure is put on young computer science students to be able to crack codes, hack into iron-clad network and to do it all faster than anyone else. In Russia, involvement in cyber crime, especially if it’s being provided as a service to the government, is often a matter of pride. In both places, these types of activities are heavily ingrained in the culture – and not coincidentally, both countries are frequently attributed as being responsible for cyber attacks on the U.S.

SANS Institute founder Alan Paller, quoted in the original story, suggested it is a cultural issue in the U.S., too – one that is holding us back. Recruiting, rather than training, is a key problem, one both rooted in and magnified by the lack of attention paid to the types of young minds that the U.S. needs in the cyber domain.

"We’re not celebrating that kind of brain that likes to break stuff apart and figure it out," Paller said.

Finally, @PrometricCyber tweeted FCW: Would you say the lack of well-trained cyber security professionals makes the industry a lucrative job market?

Amber Corrin responds: The answer to that is two-fold. There’s no shortage of cybersecurity jobs – the market is stronger than essentially any other, according to the numerous reports released over the last six months. By most standards, it is also quite lucrative: According to an InformationWeek survey from earlier this year, IT security staff enjoy a median yearly salary of $95,000, with management at $120,000.

And Paller said that those on the policy and decision-making side still tend to earn more than those in the trenches. As he put it, that’s because the policy-makers are the ones determining salaries.

"The people who don’t know what they’re doing are getting paid more than the people who do because they make the rules about who gets paid what," Paller said.