Call: 571.323.7810
info@integratedintelsolutions.com
Integrated Intel SolutionsIntegrated Intel SolutionsIntegrated Intel SolutionsIntegrated Intel Solutions
  • What We Do
    • Our Solutions
    • Integrated Intelligence
    • Advanced Systems Engineering & Integration
    • Information Assurance and Cyber Security
    • Acquisition and Financial Management
    • Mission Support Proof
  • Careers
    • Be a Part of the Team
    • Career Opportunities in the Intelligence Community
  • Meet Our Team
  • Resources
    • News
    • Presentations
    • White Papers
  • Contact

Senior Cyber Leadership: Why a Technically Competent Cyber Workforce Is Not Enough

The Cyber Security Forum Initiative

Senior Cyber Leadership: Why a Technically Competent Cyber Workforce Is Not Enough

By Doug Capellman | News | 0 comment | 18 February, 2018 | 0

There is no shortage of articles, news reports, white papers, policy reviews, congressional testimonies, and other sources describing cyber threats and their potential consequences to U.S. and international security. James Clapper, Director of National Intelligence, testified before the U.S. Congress early in 2013 that the cyber threat had surpassed terrorism as the highest threat to U.S. national security. U.S. Army General Keith Alexander, dual-hatted as the director of the National Security Agency and Commander of the U.S. Cyber Command, described the loss of industrial information and intellectual property via cyber espionage and cybercrime as the “greatest transfer of wealth in the history of mankind.” Former U.S. Secretary of Defense Leon Panetta warned of a potential “Cyber Pearl Harbor” that may result due to the insecurity of our national critical infrastructures. These calls, in part, led U.S. President Barack Obama to issue Presidential Policy Directive-21, “Critical Infrastructure Security and Resilience,” and Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” in February of 2013 to drive cyber policy at the national level.

“Cyber defense requires not only IT experts with computer science, electrical engineering, and software security skills, but also professionals with an understanding of political theory, institutional theory, behavioral psychology, ethics, international law, international relations, and additional social sciences… the pillars of our society… are often led by individuals with extremely limited exposure to cyber issues and the existential threats they pose…”

Ms. Francesca Spidalieri
Fellow at the Pell Center for International Relations and Public Policy

Cyber threats are not simply a problem for the United States, but for the international community as well. For example, Estonian President Toomas Hendrik Ilves noted at the 2012 International Conference on Cyber Conflict that “the physical and the cyber worlds are quickly converging and boundaries between the “cyber” and the “real” world have begun to disappear. This, in turn, implies a convergence between cybersecurity and overall global security.” President Ilves perhaps is uniquely qualified to discuss cybersecurity since his country is well known for mitigating a 2007 cyber attack which was the first cyber incident recognized as impacting an entire nation-state.

Given the international threat posed by activities such as cyber espionage, cybercrime and the potential for cyber attacks and cyber warfare, a generally accepted assessment exists that there is a critical shortage of skilled cybersecurity experts to mitigate and manage the cyber threat. The Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency report, “A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters,” stated that there is a “desperate shortage of people who can design [adequately] secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.”

The technical skills called out by CSIS are echoed by the educational standards the National Security Agency (NSA) has established for an educational institution to earn the NSA Center of Academic Excellence in Information Assurance Education (CAE/IAE) designation. As a result of the emphasis placed on highly specialized, technical skills, cybersecurity-related curricula are predominantly taught in the computer science and engineering schools at most universities. Similar efforts exist internationally, including Great Britain’s “Academic Centres of Excellence in Cybersecurity” program and the work of international cybersecurity firms like Kaspersky labs sponsoring yearly international cybersecurity student competitions.

This report suggests that while significant and necessary emphasis has been placed on technical skills needed within the cyber workforce, little attention has been given to the people that will lead the future workforce. There are those that view cyber threat through the lens of national security risk and the potential for a “Cyber Pearl Harbor”, or business risk and the potential loss of intellectual property and competitive advantage. Regardless of one’s view, it is leadership that must develop sound strategy and manage adequately skilled resources to mitigate the cyber threat. As Jason Healey, Director of Cyber Statecraft of the Atlantic Council, notes in his book A Fierce Domain: Conflict in Cyberspace from 1986 to 2012, a number of cyber events serve as “wake up calls” to expose potential cyberspace threats, yet similar occurrences repeat. This is a failure of leadership.

As academia, organizations, and nations seek to develop a future generation of technically proficient cybersecurity specialists, a number of questions readily come to mind:

  • Who will lead this future cyber workforce in the furtherance of the organization’s mission and business strategies?
  • What knowledge, skills, and abilities (KSAs) are essential for these cyber leaders?
  • Are these KSAs currently being taught in colleges and universities? In the private and public sectors? Are they required by commercial certifying organizations?

Regarding U.S. colleges and universities, a report by the Pell Center’s Francesca Spidalieri assessed the top graduate schools in a number of interdisciplinary areas, including business administration, public policy, health care management, and other non-technical fields to determine if any of these programs offer electives, concentrations or other opportunities for their students to learn about cyber threats, vulnerabilities, and consequences. Her research concluded that cyberspace and cybersecurity education remains lacking and underdeveloped in most of the top-rated schools in the U.S. A handful of schools such as George Washington University, George Mason University, Washington University of St. Louis, and the University of Washington, however, have recently developed “Cyber Leader” graduate programs that are mash-ups of their Engineering and Business Schools. On the public sector side, the U.S. Department of Defense’s National Defense University Information Resources Management College also offers a “Cyber Leader” graduate concentration under their Government Information Leadership graduate program. The key is whether or not these programs are teaching the appropriate KSAs in light of current and future cyber threats, a point this report addresses later.

The National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) is representative of the public sector’s attempt to address cyber related educational requirements. The NICE framework identifies seven categories of which six are specific cyber specialties. The seventh category, “Oversight and Development,” does address some of the KSAs expected by such organizational positions as the Chief Information Officer (CIO) and Chief Information Security Officer (CISO). This report investigates whether or not these KSAs are sufficient in light of the growing cyber threat.

In addition to formal education, commercial certifications are very often key discriminators by which many private and public sector organizations have assessed applicants and employees for advancement. For example, the private sector has adopted the International Information Systems Security Certification Consortium’s (ISC)2 Certified Information Systems Security Professional (CISSP) as the de facto standard for cybersecurity managers. In fact, one senior executive interviewed for this report said that if an applicant seeking employment with her company has a bachelor’s or a master’s degree, but does not have a CISSP, the human resources department will not forward his/her resume for consideration. There are other examples of organizations where a Master’s of Science in IT Security may supersede the requirement of holding a CISSP. This reliance on commercial certifications begs yet another question: “Does a CISSP-like certification provide the sufficient KSAs for someone in a cyber leadership role or should there is something beyond a CISSP?” The CSIS report previously referenced addresses this question by stating that the “current certification regime is not merely inadequate, it creates a dangerously false sense of security…” The National Academy of Sciences recent report, “Professionalizing the Nation’s Cybersecurity Workforce?: Criteria for Decision Making,” concludes that the cybersecurity field is still young and the “technologies, threats, and actions taken to counter the threats that characterize the endeavor are changing too rapidly to risk imposing the rigidities that typically attend professional status.” Whether one agrees or disagrees with these assertions, it is clear that an organization’s Senior Cyber Leadership is essential in navigating these critical workforce issues.

For more, you can access the entire study:

Senior Cyber Leadership – Why a Technically Competent Cyber Workforce is Not Enough

Why Integrated Intel Solutions?

null

It all begins with a deep desire to do meaningful work to serve our great nation. If you want to join forces with a team of trusted advisors and solve interesting and exciting challenges, IIS is the company for you.

CAREERS AT IIS VIEW
TOP SECRET SCI JOBS
No tags.
Doug Capellman

Doug Capellman

Prior to starting his Doctorate, Doug volunteered and was selected by the Cyber Security Forum Initiative (CSFI) as the Governance, Risk, and Compliance (GRC) lead to do some research and collaboration for a study which investigated while considerable emphasis has been placed on technical skills required within the INFOSEC workforce, little attention has been placed with the executives and managers which will lead the future INFOSEC workforce.

More posts by Doug Capellman

Related Post

  • The Intelligence Community (IC) Cloud and New Engineering Services Procurement Models

    By Jon Stout | 0 comment

    Traditionally in the IC about 70 percent of the intelligence budget went to contractors for the procurement of technology and services (including analysis). Engineering services that control the development and integration of collection and analysis systems play a criticalRead more

  • Machine Learning

    Intelligence Careers: Contractor Support for Machine Learning in a Big Data World

    By Jon Stout | 0 comment

    The Intelligence Community (IC) collects and converts huge amount of raw data into actionable intelligence. But big data and open source collection has overwhelmed intelligence analysts. The IC is not unique facing this problem but,Read more

  • mission driven culture

    A Mission Driven Culture: NGA Systems Engineering Careers

    By Jon Stout | 0 comment

    Founded in 2002, Integrated Intel Solutions (IIS) has supplied systems engineering solutions to the National Geospatial – Intelligence Agency (NGA) to meet the mission requirements of the agency. As a qualified small business, IIS developedRead more

  • NGA Careers: Structured Observation Management

    NGA Careers: Structured Observation Management

    By Jon Stout | 0 comment

    The National Geospatial-Intelligence Agency is an Intelligence Community agency delivering world-class geospatial intelligence (GEOINT), that offers a decisive mission advantage to warfighters, policymakers, intelligence professionals and first responders. NGA is leaning Forward to Meet ChangingRead more

  • NGA Cloud Careers

    National Geospatial-Intelligence Agency Cloud Careers

    By Jon Stout | 0 comment

    The cloud in all its forms is a transformative technology and creates many career opportunities. This is particularly true in the Intelligence Community in general and the National Geospatial-Intelligence Agency in particular. With a focusRead more

  • Deep Dive Domain Knowledge

    NGA Careers: Deep Dive Domain Knowledge

    By Jon Stout | 0 comment

    Like all large, diverse, multinational organizations, the National-Geospatial Intelligence Agency (NGA) requires operational and mission knowledge to succeed as an IT services contractor. In the Intelligence Community this knowledge is often referred to as DeepRead more

  • Explore a Career at the NGA

    Explore a Career at the National Geospatial-Intelligence Agency

    By Jon Stout | 0 comment

    The National Geospatial-Intelligence Agency (NGA) is changing. The need to meet the rapidly changing mission environment and the use of emerging technologies and methodology requires new ways of doing business for the agency. This trendRead more

  • GSA Awards MAS Schedule 70 to IIS

    IIS Awarded GSA Schedule Multiple Award Schedule 70

    By IIS Admin | 0 comment

    GSA Schedule Awards MAS Schedule 70 to Aspiration Software LLC dba/ Integrated Intel Solutions (Schedule #47QTCA18D00CX) On May 24, 2018 Aspiration Software LLC dba/ Integrated Intel Solutions was awarded a GSA Schedule Multiple Award ScheduleRead more

Job Opportunities

View Career Opportunities in the Intelligence Community

Find us on Social Media

Recent Posts

  • Value Added Subcontracting
    16 November, 2018
    0

    Value Added Subcontracting

  • Small Business Subcontracting
    7 November, 2018
    0

    Small Business Enterprise Subcontracting in the Intelligence Community

  • 4 November, 2018
    0

    Small Business Contracting in the Intelligence Community

  • GSA Blanket Purchase Agreements (BPA)
    4 October, 2018
    0

    IIS announces GSA Blanket Purchase Agreements (BPA) for Federal Government Agencies

Archives

  • November 2018
  • October 2018
  • May 2018
  • February 2018
  • November 2017
  • October 2017
  • July 2017
  • June 2017
Integrated Intel Solutions Logo

IIS is a leaning forward provider of technical and engineering support for the Integrated Intelligence community (IC). We provide mission solutions for AWS/C2S (cloud) engineering and integration, systems and strategic engineering and architecture, data science and machine learning, legacy systems migration and ICIE/ICITE services engineering. As a value-added small business teaming partner, IIS contributes to winning IC proposal and contracting efforts.

Teaming Partners

CONTACT US

P.O. Box 903
Middleburg, Virginia 20118

571.323.7810
772.382.0214

info@integratedintelsolutions.com
  • Privacy
  • Sitemap
Copyright ©2019 Integrated Intel Solutions | All Rights Reserved | Website by Design Soup
  • Home
  • What We Do
    • Our Solutions
    • Integrated Intelligence
    • Advanced Systems Engineering & Integration
    • Information Assurance and Cyber Security
    • Acquisition and Financial Management
    • Mission Support Proof
  • Careers
    • Career Opportunities in the Intelligence Community
  • Meet Our Team
    • Integrated Work Ethic
    • Shawna L. Stout
    • Jeffrey S. Doolin
    • Marcus Stout
    • Douglas Parente
    • Pamela Hirsch Guck
    • Lorraine Rise
    • Jon M. Stout
  • Resources
    • News
    • Presentations
    • White Papers
  • Contact
    • Privacy
Integrated Intel Solutions