Call: 571.323.7810
info@integratedintelsolutions.com
Integrated Intel SolutionsIntegrated Intel SolutionsIntegrated Intel SolutionsIntegrated Intel Solutions
  • What We Do
    • Our Solutions
    • Integrated Intelligence
    • Advanced Systems Engineering & Integration
    • Information Assurance and Cyber Security
    • Acquisition and Financial Management
    • Mission Support Proof
  • Careers
    • Be a Part of the Team
    • Career Opportunities in the Intelligence Community
  • Meet Our Team
    • Shawna L. Stout
    • Marcus Stout
    • Douglas Parente
    • Laurie Ternes
  • Resources
    • News
    • White Papers
  • Contact

Senior Cyber Leadership: Why a Technically Competent Cyber Workforce Is Not Enough

The Cyber Security Forum Initiative

Senior Cyber Leadership: Why a Technically Competent Cyber Workforce Is Not Enough

By Doug Capellman | News | Comments are Closed | 18 February, 2018 | 0

There is no shortage of articles, news reports, white papers, policy reviews, congressional testimonies, and other sources describing cyber threats and their potential consequences to U.S. and international security. James Clapper, Director of National Intelligence, testified before the U.S. Congress early in 2013 that the cyber threat had surpassed terrorism as the highest threat to U.S. national security. U.S. Army General Keith Alexander, dual-hatted as the director of the National Security Agency and Commander of the U.S. Cyber Command, described the loss of industrial information and intellectual property via cyber espionage and cybercrime as the “greatest transfer of wealth in the history of mankind.” Former U.S. Secretary of Defense Leon Panetta warned of a potential “Cyber Pearl Harbor” that may result due to the insecurity of our national critical infrastructures. These calls, in part, led U.S. President Barack Obama to issue Presidential Policy Directive-21, “Critical Infrastructure Security and Resilience,” and Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” in February of 2013 to drive cyber policy at the national level.

“Cyber defense requires not only IT experts with computer science, electrical engineering, and software security skills, but also professionals with an understanding of political theory, institutional theory, behavioral psychology, ethics, international law, international relations, and additional social sciences… the pillars of our society… are often led by individuals with extremely limited exposure to cyber issues and the existential threats they pose…”

Ms. Francesca Spidalieri
Fellow at the Pell Center for International Relations and Public Policy

Cyber threats are not simply a problem for the United States, but for the international community as well. For example, Estonian President Toomas Hendrik Ilves noted at the 2012 International Conference on Cyber Conflict that “the physical and the cyber worlds are quickly converging and boundaries between the “cyber” and the “real” world have begun to disappear. This, in turn, implies a convergence between cybersecurity and overall global security.” President Ilves perhaps is uniquely qualified to discuss cybersecurity since his country is well known for mitigating a 2007 cyber attack which was the first cyber incident recognized as impacting an entire nation-state.

Given the international threat posed by activities such as cyber espionage, cybercrime and the potential for cyber attacks and cyber warfare, a generally accepted assessment exists that there is a critical shortage of skilled cybersecurity experts to mitigate and manage the cyber threat. The Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency report, “A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters,” stated that there is a “desperate shortage of people who can design [adequately] secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.”

The technical skills called out by CSIS are echoed by the educational standards the National Security Agency (NSA) has established for an educational institution to earn the NSA Center of Academic Excellence in Information Assurance Education (CAE/IAE) designation. As a result of the emphasis placed on highly specialized, technical skills, cybersecurity-related curricula are predominantly taught in the computer science and engineering schools at most universities. Similar efforts exist internationally, including Great Britain’s “Academic Centres of Excellence in Cybersecurity” program and the work of international cybersecurity firms like Kaspersky labs sponsoring yearly international cybersecurity student competitions.

This report suggests that while significant and necessary emphasis has been placed on technical skills needed within the cyber workforce, little attention has been given to the people that will lead the future workforce. There are those that view cyber threat through the lens of national security risk and the potential for a “Cyber Pearl Harbor”, or business risk and the potential loss of intellectual property and competitive advantage. Regardless of one’s view, it is leadership that must develop sound strategy and manage adequately skilled resources to mitigate the cyber threat. As Jason Healey, Director of Cyber Statecraft of the Atlantic Council, notes in his book A Fierce Domain: Conflict in Cyberspace from 1986 to 2012, a number of cyber events serve as “wake up calls” to expose potential cyberspace threats, yet similar occurrences repeat. This is a failure of leadership.

As academia, organizations, and nations seek to develop a future generation of technically proficient cybersecurity specialists, a number of questions readily come to mind:

  • Who will lead this future cyber workforce in the furtherance of the organization’s mission and business strategies?
  • What knowledge, skills, and abilities (KSAs) are essential for these cyber leaders?
  • Are these KSAs currently being taught in colleges and universities? In the private and public sectors? Are they required by commercial certifying organizations?

Regarding U.S. colleges and universities, a report by the Pell Center’s Francesca Spidalieri assessed the top graduate schools in a number of interdisciplinary areas, including business administration, public policy, health care management, and other non-technical fields to determine if any of these programs offer electives, concentrations or other opportunities for their students to learn about cyber threats, vulnerabilities, and consequences. Her research concluded that cyberspace and cybersecurity education remains lacking and underdeveloped in most of the top-rated schools in the U.S. A handful of schools such as George Washington University, George Mason University, Washington University of St. Louis, and the University of Washington, however, have recently developed “Cyber Leader” graduate programs that are mash-ups of their Engineering and Business Schools. On the public sector side, the U.S. Department of Defense’s National Defense University Information Resources Management College also offers a “Cyber Leader” graduate concentration under their Government Information Leadership graduate program. The key is whether or not these programs are teaching the appropriate KSAs in light of current and future cyber threats, a point this report addresses later.

The National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) is representative of the public sector’s attempt to address cyber related educational requirements. The NICE framework identifies seven categories of which six are specific cyber specialties. The seventh category, “Oversight and Development,” does address some of the KSAs expected by such organizational positions as the Chief Information Officer (CIO) and Chief Information Security Officer (CISO). This report investigates whether or not these KSAs are sufficient in light of the growing cyber threat.

In addition to formal education, commercial certifications are very often key discriminators by which many private and public sector organizations have assessed applicants and employees for advancement. For example, the private sector has adopted the International Information Systems Security Certification Consortium’s (ISC)2 Certified Information Systems Security Professional (CISSP) as the de facto standard for cybersecurity managers. In fact, one senior executive interviewed for this report said that if an applicant seeking employment with her company has a bachelor’s or a master’s degree, but does not have a CISSP, the human resources department will not forward his/her resume for consideration. There are other examples of organizations where a Master’s of Science in IT Security may supersede the requirement of holding a CISSP. This reliance on commercial certifications begs yet another question: “Does a CISSP-like certification provide the sufficient KSAs for someone in a cyber leadership role or should there is something beyond a CISSP?” The CSIS report previously referenced addresses this question by stating that the “current certification regime is not merely inadequate, it creates a dangerously false sense of security…” The National Academy of Sciences recent report, “Professionalizing the Nation’s Cybersecurity Workforce?: Criteria for Decision Making,” concludes that the cybersecurity field is still young and the “technologies, threats, and actions taken to counter the threats that characterize the endeavor are changing too rapidly to risk imposing the rigidities that typically attend professional status.” Whether one agrees or disagrees with these assertions, it is clear that an organization’s Senior Cyber Leadership is essential in navigating these critical workforce issues.

For more, you can access the entire study:

Senior Cyber Leadership – Why a Technically Competent Cyber Workforce is Not Enough

Why Integrated Intel Solutions?

null

It all begins with a deep desire to do meaningful work to serve our great nation. If you want to join forces with a team of trusted advisors and solve interesting and exciting challenges, IIS is the company for you.

CAREERS AT IIS VIEW
TOP SECRET SCI JOBS
No tags.

Doug Capellman

Prior to starting his Doctorate, Doug volunteered and was selected by the Cyber Security Forum Initiative (CSFI) as the Governance, Risk, and Compliance (GRC) lead to do some research and collaboration for a study which investigated while considerable emphasis has been placed on technical skills required within the INFOSEC workforce, little attention has been placed with the executives and managers which will lead the future INFOSEC workforce.

More posts by Doug Capellman

Related Posts

  • Value Added Subcontracting

    Value Added Subcontracting

    By IIS Team | Comments are Closed

    The Federal Government is actively pursuing small business goals for awards of prime and subcontracts in many Federal agencies. The Department of Defense is also aggressively pursuing small business subcontractors as part of its overallRead more

  • Small Business Subcontracting

    Small Business Enterprise Subcontracting in the Intelligence Community

    By IIS Team | Comments are Closed

    Defense contracting, particularly for the Intelligence Community (IC) is a growth industry and small business subcontracting plans play an important role. One reason is the federally mandated set aside requirement for large prime contractors but thatRead more

  • Small Business Contracting in the Intelligence Community

    By IIS Team | Comments are Closed

    Small Business Contracting has developed into a major industry supporting the Department of Defense and the Intelligence Community. But a strong value added proposition is a requirement for success. As a small business Integrated Intel SolutionsRead more

  • GSA Blanket Purchase Agreements (BPA)

    IIS announces GSA Blanket Purchase Agreements (BPA) for Federal Government Agencies

    By IIS Team | Comments are Closed

    Many Federal Government Agencies seek to reduce the delays and expense in preparing and awarding service contracts through the normal acquisition and IDIQ process. As a solution for this problem, the GSA Blanket Purchase AgreementsRead more

  • GSA Awards MAS Schedule 70 to IIS

    IIS Awarded GSA Schedule Multiple Award Schedule 70

    By IIS Admin | Comments are Closed

    GSA Schedule Awards MAS Schedule 70 to Aspiration Software LLC dba/ Integrated Intel Solutions (Schedule #47QTCA18D00CX) On May 24, 2018 Aspiration Software LLC dba/ Integrated Intel Solutions was awarded a GSA Schedule Multiple Award ScheduleRead more

Job Opportunities

View Career Opportunities in the Intelligence Community

Find us on Social Media

Recent Posts

  • Value Added Subcontracting
    16 November, 2018
    Comments Off on Value Added Subcontracting

    Value Added Subcontracting

  • Small Business Subcontracting
    7 November, 2018
    Comments Off on Small Business Enterprise Subcontracting in the Intelligence Community

    Small Business Enterprise Subcontracting in the Intelligence Community

  • 4 November, 2018
    Comments Off on Small Business Contracting in the Intelligence Community

    Small Business Contracting in the Intelligence Community

  • GSA Blanket Purchase Agreements (BPA)
    4 October, 2018
    Comments Off on IIS announces GSA Blanket Purchase Agreements (BPA) for Federal Government Agencies

    IIS announces GSA Blanket Purchase Agreements (BPA) for Federal Government Agencies

Archives

  • November 2018
  • October 2018
  • May 2018
  • February 2018
  • November 2017
  • October 2017
  • July 2017
  • June 2017
Integrated Intel Solutions Logo

IIS is a leaning forward provider of technical and engineering support for the Integrated Intelligence community (IC). We provide mission solutions for AWS/C2S (cloud) engineering and integration, systems and strategic engineering and architecture, data science and machine learning, legacy systems migration and ICIE/ICITE services engineering. As a value-added small business teaming partner, IIS contributes to winning IC proposal and contracting efforts.

Slide NSF-ISR Certification registered to ISO 9001

CONTACT US

P.O. Box 903
Middleburg, Virginia 20118

571.323.7810
772.382.0214

info@integratedintelsolutions.com
  • Privacy
  • Sitemap
Copyright ©2025 Integrated Intel Solutions | All Rights Reserved | Website by Design Soup
  • Home
  • What We Do
    • Our Solutions
    • Integrated Intelligence
    • Advanced Systems Engineering & Integration
    • Information Assurance and Cyber Security
    • Acquisition and Financial Management
    • Mission Support Proof
  • Careers
    • Career Opportunities in the Intelligence Community
  • Meet Our Team
    • Integrated Work Ethic
    • Shawna L. Stout
    • Marcus Stout
    • Douglas Parente
  • Resources
    • News
    • White Papers
  • Contact
    • Privacy
Integrated Intel Solutions