Dire Need for Skilled Cyber Pros

The government needs approximately 20,000 more cybersecurity professionals, particularly those with unique skills to discover evidence of sophisticated attacks, two experts suggest.

Alan Paller, director of research at the SANS Institute, and Ed Giorgio, former chief cryptographer at the National Security Agency, estimate that the government currently employs 117,000 full-time civilian, contractor and military cybersecurity professionals in four different cyber categories: strategy, management and compliance officers; operators and testers; academic security researchers; and hunters and tool builders.

The numbers are not nearly enough, particularly for those professionals who are responsible for hands-on execution, the experts say.

For example, the government needs approximately 10,000 more operators and testers in areas such as computer network defense, penetration testing, systems engineering and intrusion detection. There also is a dire need for approximately 9,000 more experienced and skilled operators and testers, known as "hunters," and 1,000 more academic security researchers.

Paller suggests the shift in which skills are needed has largely been a result of the dramatic increase in the sophistication of attacks, combined with the inability of manual processes to keep pace with changing threats.

The demand for particular skills is highly uneven, Paller said. "It used to be very strong for the non-technical people, but right now, it's for people with hands-on skills. Even the managers now have to have hands-on skills to manage the newly emerging technical people."