Experts warn of shortage of U.S. cyber pros

Tue Jun 12, 2012 7:51pm EDT

Related Topics

(Reuters) - Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks at a time when attacks are on the rise.

Symantec Corp Chief Executive Enrique Salem told the Reuters Media and Technology Summit in New York that his company is working with the U.S. military, other government agencies and universities to help develop new programs to train security professionals.

"We don't have enough security professionals and that's a big issue. What I would tell you is it's going to be a bigger issue from a national security perspective than people realize," he said on Tuesday.

Jeff Moss, a prominent hacking expert who sits on the U.S. Department of Homeland Security Advisory Council, said that it is difficult to persuade talented people with technical skills to enter the field because it can be a thankless task.

"If you really look at security, it's like trying to prove a negative. If you do security well, nobody comes and says 'good job.' You only get called when things go wrong."

The warnings come at a time when the security industry is under fire for failing to detect increasingly sophisticated pieces of malicious software designed for financial fraud and espionage and failing to prevent the theft of valuable data.

Moss, who goes by the hacker name "Dark Tangent," said that he sees no end to the labor shortage.

"None of the projections look positive," said Moss, who serves as chief security officer for ICANN, a group that helps run some of the Internet's infrastructure. "The numbers I've seen look like shortages in the 20,000s to 40,000s for years to come."

Reuters last month reported that the National Security Agency is setting up a new cyber-ops program at select universities to expand U.S. cyber expertise needed for secret intelligence operations against computer networks of adversaries. The cyber-ops curriculum is geared to providing the basic education for jobs in intelligence, military and law enforcement.

The comments echo those of other technology industry executives who complain U.S. universities do not produce enough math and science graduates.

Salem pointed to UK banks as one industry already struggling to find enough network security experts.

"Because there's such a concentration of financial services companies there, there's not enough security expertise already in London. We see it. Banks can't find enough security professionals," he said.

Moss, who founded the Defcon and Black Hat hacking conferences that are held in Las Vegas each summer, said that U.S. government agencies are so desperate to fill positions that they are poaching security experts from private firms.

In some cases, security firms have retaliated by refusing to send their most talented cyber experts on government jobs for fear of losing them. Instead they send their "B Team" consultants, Moss said.

Government officials from normally secretive agencies, including the National Security Agency, FBI and U.S. military, attend Defcon each year to recruit gifted hacking geeks who they might not otherwise be able to identify.

(Editing by Steve Orlofsky and Phil Berlowitz)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
THowell wrote:
I would love to break into Security but where can I gain experience if most jobs require some experience. I am working on getting certified with CompTIA Security+, which I feel is a start.

Jun 13, 2012 12:56pm EDT  --  Report as abuse
pc7wiz wrote:
I think this article is missing the mark. There are hundreds of IT professionals who are unemployed with Security+ certifications that should be filling these gaps, but everyone wants 5 – 10 years of experience, and want to pay peanuts for that experience!

I can identify 20+ IT professionals who are looking for work in the Security / Cybersecurity industry!!!

So, until IT CIO’s start hiring these excellent people with a year or two of experience, there will still be a “lack of security people” in their minds.

Jun 13, 2012 6:03pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.