News & Events

Where Are All the Cybersecurity Professionals?

By Jon Yim

As federal agencies scramble to secure their information systems from cyberattacks and other security risks, as well as increase efforts to meet administrative cybersecurity goals, a new concern is beginning to gain more attention within agencies – the steady need for experienced cybersecurity professionals.

The 2012 Information Technology Workforce Assessment for Cybersecurity (“ITWAC”), prepared by the National Initiative for Cybersecurity Education and the Federal Information Officer’s Council, found the average professional working in the federal cybersecurity field is over 40 years old.  Additionally, over 20% of cybersecurity professionals are eligible for retirement in the next three years.  The combination of tightening budgets, federal pay freezes, and more federal employees opting for early retirement could lead to a greater shortage in cybersecurity professionals, especially in management and leadership positions, as younger professionals often lack leadership experience and other critical skillsets. 

Furthermore, the lack of cybersecurity training programs, certifications, and institutions offering advanced degrees makes it difficult for younger professionals to acquire the education needed to replace retiring talent.  The ITWAC report surveyed 22,956 employees from over 52 departments and agencies and identified information assurance compliance, vulnerability assessment and management, and knowledge management as key framework specialty areas where employees felt they needed additional training.

Figure A: ITWAC Participant Age Range Distribution

As federal cybersecurity initiatives remain a major priority for agencies, the demand for experienced cybersecurity professionals will become an area of increased focus.  The looming retirement of top-level cyber talent will drive the need for more educational programs and advanced certifications to be able to train and develop younger employees and fill vacated positions.  The Department of Homeland Security (currently the lead agency responsible for protecting federal civilian networks) and the National Security Agency have already begun working with universities across the United States to help increase cybersecurity educational programs.  While these efforts are a step in the right direction, there is considerable work required to produce enough technologically-skilled and cyber-savvy professionals to satisfy the personnel demand expected in the near future.