Access your Pro+ Content below.
A cybersecurity skills gap demands thinking outside the box
This article is part of the Information Security issue of November 2019, Vol. 20, No. 4
A 22-year-old hacker without a degree might not look like a candidate for a six-figure public-sector job, but the Department of Homeland Security's Christopher Krebs wants the federal government to look twice. Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency, said the longstanding General Schedule pay scale -- which bases federal job requirements and employee salaries on stringent education and experience metrics -- hamstrings the department's cybersecurity hiring practices to disastrous effect. Krebs and his DHS colleagues want flexibility to bring on less conventional hires -- a network administrator with a keen interest in security, say, or a self-taught tech whiz with a decade of informal yet substantive experience. "By the standards we have in place right now, I can't reward that person and pay them the way they could be paid in the private sector," he recently told the U.S. House of Representatives' appropriations committee. To help fill the cybersecurity skills gap, Krebs has helped spearhead a ...
Access this PRO+ Content for Free!
Features in this issue
Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.
Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.
News in this issue
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.
Columns in this issue
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?