Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Clearance barriers to Cyber Security Profession


Published on

There is a shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of the Comprehensive National Cybersecurity Initiative. The purpose of this research is to find solutions to remove the barriers related to security clearance regulations that affect the cybersecurity professional. A fully qualified cybersecurity professional with the ability to obtain a clearance, may be unable to obtain a cybersecurity job because they lack the necessary clearance to apply for a job. A review of several studies and government reports confirmed the shortage of workers and security clearance processing, but none of those studies addressed the problem of the security clearance barriers. It would behoove the federal government to 1) allow students in the final semester of their cybersecurity degree program to begin the clearance investigation for a secret clearance; and/or 2) partner with industry to establish a scholarship program for students designed to develop cybersecurity professionals for government contractors. Each of these options represent a win-win for all parties and is a major step towards accomplishing what President Obama has declared as a national security priority.

Published in: Technology, Business
  • Be the first to comment

Clearance barriers to Cyber Security Profession

  1. 1. Aleta Wilson, Ph.D. Clay Wilson, Ph.D. 1
  2. 2. ◦ This study explores activities required to employ cyber security workers for the  federal government and  its contractor community◦ These two sectors comprise an estimated 500,000 workers  who must undergo a significant background check because  positions which are labelled as "national security positions". 2
  3. 3. 3
  4. 4.  DOL Occupational Outlook Handbook does not contain a definition for cybersecurity professionals DOL categories acknowledge positions that involve people who ◦ plan, coordinate, and maintain an organizations information security ◦ database administrators plan and coordinate security measures with network administrators ◦ network engineers "may ... address information security issues” 4
  5. 5.  Department of Homeland Security Secretary Janet Napolitano defines Cybersecurity professionals as ◦ employees responsible for "... cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering“ 5
  6. 6. ◦ Frost & Sullivan conducted a survey of 10,413 information security professionals which indirectly defined security professionals as those  employed as Information Security professionals and  those who had cyber security as their primary job function. 6
  7. 7. DOD usually takes the lead in defining elements related to cyberspace and cybersecurity, but according to GAO "DOD has defined some key cyber-related terms but it has not yet fully identified the specific types of operations and program elements that are associated with full- spectrum cyberspace operations" 7
  8. 8.  Professionals who have information security as a major part of their job; those who self-identify as cyber or security specialists; and, those who build and maintain the national critical infrastructure of the computer systems on which the public and private sectors have come to rely. 8
  9. 9. Let’s go get them…. 9
  10. 10.  DHS staffing up to 1,000 positions over three years from 2009 DOD’s recently established Cyber Command is also staffing up NSA is stealing every human being from all sides Plus industry has corporate and contract needs to fulfill 10
  11. 11. "... there are not enough cybersecurity experts within the Federal Government or private sector to implement the [Comprehensive National Cybersecurity Initiative], nor is there an adequately established Federal cybersecurity career field" (Obama, 2009). 11
  12. 12.  Education (lack of) ◦ Science, Technology, Engineering Security Clearances ◦ U.S. Citizens need only apply 12
  13. 13.  Cyber positions are classified as “National Security Positions” Clearances are required Requires extensive background check Direct effect on cyber workforce 13
  14. 14. • Clock starts when there is a “need to know” i.e., job offer• A job search on found 882 positions requiring a security clearance within 5 miles of DC zip code• "If you are a Software Engineer and/or Systems Administrator with an active TS/SCI clearance and Full Scope Polygraph, please read on!" 14
  15. 15. • OPM handles 90% of security clearances for the feds and contractor community• Alphabet agencies conduct their own clearances • CIA, DIA, FBI, NGA, NRO, NSA, DoS• Reciprocity is coming (and so is Christmas) 15
  16. 16. Figure 1 Security Clearance Flowchart Start Yes Gather ID, etc and begin hiring process PH meets job Is there Issue Contingencyqualifications (is a BI file Hire Letter suitable) at OPM PH submits 3 No clearance months documentation to HA to 1-year ------ HA requests Yes background Goal is investigation Yes PH Hire 74 passes HA PH passes days, bu suita- bility inves- tigation End t …. test No No Rescind offer Rescind offerLegend: BI = background investigation; PH = potential hire; HA = hiring agency 16
  17. 17.  Many of current jobs will become vacant over the next 10 years Workforce must be home-grown due to citizenship requirement Great news for those with clearances ◦ Only 2% of those with clearances are unemployed Companies like Booze Allen stockpile cleared workers through use of college internships Small firms are inhibited from bids requiring cleared personnel 17
  18. 18.  Potential hires are given contingency letter pending clearance that can take 3 to 9 months for TS Some government bids require cleared personnel be included in bid If company cannot fill slot then they can lose contract Outcome – company with best cyber expertise but lacking facility clearance may be locked out of bid. 18
  19. 19.  Increased emphasis on S.T.E.M. $260M invested in STEM over next decade Growth in STEM jobs is 3X non-STEM jobs Government is certifying Universities with Information Assurance programs as Centers of Academic Excellence (124 and counting) 19
  20. 20.  Feds need to modify security regulations specific to cybersecurity professionals ◦ Relax the “need to know” rule and run clearance process concurrent with last semester of college  When they graduate… they can immediately begin work Grant “facility clearances” to the Centers of Excellence so that can submit their IA students for clearances Require a work commitment from student who is granted a clearance (i.e., student agrees to work for gov for a minimum of two years) Centers of Excellence can partner with large cleared contractors who will agree to hire and clear graduates 20
  21. 21.  Effect of security clearance barriers on small businesses that sell IT services to the government Are company’s with strong cyber skill sets being eliminated due to lack of security clearances 21
  22. 22. FURTHER RESEARCH Effect of security clearance barriers on small businesses that sell IT services to the government Are company’s with strong cyber skill sets being eliminated due to lack of security clearances NSA designated National Center of Academic Excellence in Information Assurance Education 22