Licensing cybersecurity professionals, II
Even with all the unanswered questions, some cybersecurity experts are happy just to be having the conversation on the topic; they say that all the focus on cybersecurity will turn more attention on training and certification efforts
We wrote yesterday that those who keep us safe — soldiers, police officers, EMS personnel — must go through rigorous training and certification process. There are no similar standards for those entrusted with keeping us safe from cyber attacks, and lawmakers want to devise such standards.
The current state of play
FCW’s Ben Bain writes that establishing certification or licensing requirements would force the government to define skill sets and career paths for cybersecurity professionals. Such tracks are common for other government jobs but nonexistent for IT security. “Everything always points back to the fact that we are calling things apples and oranges and grapes,” said Brenda Oldfield, director of cyber education and workforce development in the Homeland Security Department’s National Cybersecurity Division. “We do not have common terminology across the mission areas. Everything that we attempt to do in developing any plans for training and education of the civilian workforce or of the federal workforce depends upon this common lexicon.”
On that issue, the legislation might be getting ahead of itself, said Patricia Titus, former chief information security officer at the Transportation Security Administration and currently CISO at Unisys Federal Systems.
The Office of Personnel Management still has not designated a job series for IT security professionals, she said. Right now, such workers are categorized as IT specialists, managers or program analysts. “I think OPM needs to develop an IT security job series, and part of that series then would be the requirements of what the individuals have to do,” Titus said. Those might include certification, appropriate training and relevant job responsibilities, she added.
Oldfield has been working for years to establish a common set of skills for information security professionals in the government. Most recently, that effort has been folded into the education component of the Comprehensive National Cybersecurity Initiative, the multiyear, multibillion-dollar program launched by the Bush administration. Oldfield co-leads the education initiative for DHS in cooperation with DOD. “We have to be able to validate that cyber professionals have the skills needed, but we have to identify what those skills are uniformly,” she said.
Bain writes that officials have identified numerous federal documents that specify different IT security competencies that workers should possess. The challenge is to bring them all together. That’s the job of an interagency work group being established to identify critical roles and unify agencies’ training efforts. Such consolidation will also likely produce cost savings by eliminating duplicative
