Few would disagree that there’s far greater demand for best cybersecurity professionals than there are qualified people to fill those places. But a new study published today suggests the true cybersecurity workforce challenge is Hiring the best Hacker and keeping the top 1 percent of their pool — the”best of the best” hackers out there.
According to the study,”H4cker5 Wanted: An Evaluation of the Cybersecurity Labor Market,” made by the Rand Corp., the lack of cybersecurity professionals is an important threat to national security, but it is predominantly an issue at the maximum capability levels.
“These are the people capable of detecting the existence of complex technology persistent risks, or, conversely, discovering the hidden vulnerabilities in systems and software which allow complex persistent threats to take hold of systems that are targeted,” the report claims.
Researchers in Rand interviewed experts from five federal agencies, five educational institutions, two significant security firms, 1 defense contractor and one individual expert.
Upper-tier cybersecurity professionals — people that are qualified to perform forensics, write code or conduct red-teaming — are the hardest to engage in the modern labour market, according to the research. But government agencies face additional challenges”over and beyond those faced by private-sector companies” when it comes to hiring cybersecurity professionals.
Hiring the best Hacker
It notes that the top 1-5 percentage of hackers can often command salaries of around $300,000 annually and are often more seasoned business professionals. The average salary for a government cybersecurity specialist is $80,000 each year.
“Thus, government employers may find it difficult to Hire a Hacker enough upper-tier professionals, even if the private sector doesn’t,” the report says.
Members of the top 1 percent of hackers are usually in their 30s (not 20s or younger, as conventional wisdom would suggest) and bring to the table”the ability to handle groups of heterogeneous people, market the value of safety to other people, and/or meld safety considerations into the complicated and multifaceted world of government decisionmaking.”
Although it’s practically impossible for the federal government to compete with the private sector once a top-tier cybersecurity professional reaches the maximum salary range, 1 agency which does a surprisingly good job in attracting and retaining some of the world’s top hacker talent is the National Security Agency.
And hardly any cybersecurity professionals quit their jobs in NSA. According to the Rand researchers, NSA’s success is partially the effect of the amount of effort it puts into employee development and training.
“Our interview implies that the NSA makes instead of purchases cybersecurity professionals,” the report says. And while 80 percent of NSA’s new hires are entry-level workers with bachelor’s degrees, the bureau has one of the most intensive training programs in the world.
“Only one organization may be the most prestigious place to work, and for this line of work…NSA is difficult to beat,” the report says. The agency, according to the Rand study, always absorbs one-third of all Scholarship for Service Graduates due to its reputation for hiring the best hackers.
NSA also has 80 individuals devoted to recruitment, with the other 300 who have recruiting as a secondary responsibility.
“All told, that’s a whole lot of effort–indicating, from our standpoint, the difficulties of finding sufficient cybersecurity professionals can be mainly met if enough energy is committed to the job,” the report says.