April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Building a first class cyber workforce
The need for cybersecurity experts spans across all industries, and cyber jobs within the U.S. Government are plentiful. Recruiting top technical talent on the agency side and on the contractor side is an essential component to building a fully-functional and competent cyber network defense and cyber offensive team.
The increased complexity of government networks -- combined with the rising amount of data stored, analyzed and shared across these networks -- have created a greater need for cyber professionals. At the same time, the job market has become more competitive than ever before. Candidates with the right education, certification and people skills will be most successful in today’s cyber job market and command the highest salaries.
Training and education
The cyber landscape is a technically challenging environment to work in and candidates with a strong educational background and skill set are best suited for this challenge. Individuals with a college degree in computer science, computer engineering, electrical engineering and mathematics generally possess the solid foundation needed to be the most successful in the cyber profession. The capacity for learning a multitude of different technologies, writing software, implementing algorithms, designing networks, performing statistical analyses, and developing logical rules is a requirement in the cyber profession.
The IT Security Essential Body of Knowledge (EBK), which was developed by the National Cyber Security Division, a division of the Office of Cyber Security and Communications within DHS, is a good rule of thumb for technical know-how. It establishes a national baseline of the essential knowledge and skills that IT security practitioners in the public and private sectors should have to perform specific roles and responsibilities.
Thorough technical education and training is particularly important today with the emergence of tools, such as the SANS Institute’s CyberTalent Assessment Tool, which provides recruiters and HR professionals with a better understanding of cyber job candidates’ technical knowledge by comparing that knowledge against other applicants. The job market is becoming increasing more competitive and recruiters are seeking the best-of-the-best to fill top cyber positions.
Beyond education, soft skills for success
While technical acumen is imperative to recruit from the nation’s top universities, there must also be a focus on the curriculum of those universities, as well as course development. Recruiters within government often look for candidates with technical, detail-oriented resumes, experience in Security Information and Event Management (SIEM), Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS), Unix or Linux experience, and operating system certifications. Candidates involved in cyber initiatives such as cyber clubs, competition teams and cyber-related college groups rise to the top of the pack because these activities demonstrate not just an interest in cyber, but passion, commitment and a level of understanding of the responsibilities of a cyber professional.
Soft skills are equally important when recruiting cyber talent because they are crucial to the environment, culture, operations and success of the individual, as well as the company or government agency. Top candidates have traits like dedication, integrity, flexibility, trustworthiness and critical analytical and thinking skills.
Soft skills are often overlooked qualities that can improve a cyber professional’s chances of success in the cyber profession. For example, when managing a Security Operations Center (SOC), I came across an analyst who forgot to implement low-level blocks within the IPS before leaving for family vacation. Rather than create a high risk of error trying to instruct someone over the telephone how to properly implement the blocks, the analyst turned around and drove two hours back to the SOC to complete his task before taking off again for vacation. This individual demonstrated his commitment, dedication, integrity and, most importantly, his level of understanding of the responsibility and expectation of a cyber professional.
Breaking into the field
Individuals who are interested in breaking into the cyber industry, but do not necessarily have the right educational background, should consider the following ways to make themselves more marketable:
1. Look at cyber job openings and study the technology, operating systems and applications that are listed to ensure you have the necessary technical, high-level knowledge before you apply.
2. Work to receive information security certifications, such as CISSP, SANS and other technology certifications.
3. Start off with a help desk position in a data center to gain technical skills, as well as operations awareness, and then work your way up the ladder into a security team.
4. Set up a networking lab with firewalls and log collection tools, and protect, defend and analyze logs.
As the cyber landscape continues to evolve and become more complex, it can only be expected that the job market will continue to grow and become more competitive. Today’s cyber professionals need to be armed with the right technical and non-technical skills to compete in this market and make lasting contributions to the overall cybersecurity efforts of government and industry.
Enoch Long is a principal security strategist at Splunk, specializing in database development and network security engineering. He can be reached at: