PRO+ Premium Content/Information Security
Access your Pro+ Content below.
A cybersecurity skills gap demands thinking outside the box
This article is part of the Information Security issue of November 2019, Vol. 20, No. 4
A 22-year-old hacker without a degree might not look like a candidate for a six-figure public-sector job, but the Department of Homeland Security's Christopher Krebs wants the federal government to look twice. Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency, said the longstanding General Schedule pay scale -- which bases federal job requirements and employee salaries on stringent education and experience metrics -- hamstrings the department's cybersecurity hiring practices to disastrous effect. Krebs and his DHS colleagues want flexibility to bring on less conventional hires -- a network administrator with a keen interest in security, say, or a self-taught tech whiz with a decade of informal yet substantive experience. "By the standards we have in place right now, I can't reward that person and pay them the way they could be paid in the private sector," he recently told the U.S. House of Representatives' appropriations committee. To help fill the cybersecurity skills gap, Krebs has helped spearhead a ...
Features in this issue
-
-
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.
News in this issue
-
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.
Columns in this issue
-
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.
-
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?