The realm of cybersecurity is continually evolving and will continue to do so, indicated Tony Sager, director of programs, Council on CyberSecurity. While participating on the Professionalization of Cybersecurity panel at the AFCEA Homeland Security Conference in Washington, D.C., Sager discussed the evolution he has seen during his career in information technology. He began his career in communications security, which he says now sounds quaint. That evolved into information security and then information assurance and now cybersecurity. "If I'm fortunate enough to still be around in 3 to 5 years, I may be back here on a panel discussing cosmic security," he quipped. "We're still emerging from the wizardry stage," he added.
Sager described an ah-ha moment in which one of his colleagues decided to take a flip flop-wearing young intern to an important meeting. When Sager raised an eyebrow, the colleague reassured him that the kid knew the necessary technologies better than anyone else on the staff, and it dawned on Sager that the young kids being hired had more relevant skills than senior managers in government. Those same kids, however, many not have the same wisdom and judgment that comes with years of experience. Sager cited the need to quickly and effectively teach those employees to exercise solid judgment.
The best work force, according to Sager, are those who teach themselves, who will learn programming on the weekend simply because of their passion for technology. Those same employees, however, may not do well career-wise, because they do not get the five points necessary to check a particular box needed for promotion. Sager added that the cyber community has too many choices. He cited multiple certifications and other qualifications as an example. "We need to focus and identify what's really important to us and focus on building a system around that," Sager said.
Other panelists listed several criteria for a career path to be professionalized. Dr. Diane Burley, associate professor, Graduate School of Education and Human Development, The George Washington University, said the school has produced a report that identified several criteria. A career path needs to have defined, clear boundaries and educational opportunities. Additionally, a career field needs to identify deficiencies that would be remedied through professionalization. Furthermore, the benefits of professionalization should outweigh the costs.
Tom Bailey, senior vice president for human resources, QinetiQ North America, also offered a list of criteria for professionalization, including acceptance of the specific career field, development of the necessary skills, a definition of the profession, clearly defined career paths and availability of university degrees, along with the ability for a person to have the career available throughout their working life. While some of those criteria have been met by the cyberdomain, Bailey said, the cyber community still struggles with clear definitions. "No one really knows what cyber is," he lamented.
Renee Forney, executive director of the Homeland Security Department's CyberSkills Management Support Initiative, added that students often do not understand what cyber is. Instead, they understand job titles and specific functions, such as systems administration.
Stephanie Keith, who works cyberspace work force initiatives within the Defense Department Chief Information Office, emphasized that point when she asked for a show of hands for all those working in information technology. Hands shot up across the room. When she asked for a show of hands for those involved in cyber, however, fewer hands went up.
Panel moderator, Christina Ayiotis, a lawyer and George Washington University adjunct faculty member teaching a wide range of subjects, including cyber, privacy, big data and social media, stressed the importance of managing resources on a global level and the need to grow professionals capable of exploiting data in ways that help companies to grow.