Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity should be professionalised

Jaikumar Vijayan | Aug. 6, 2014
It's time to institute national standards and licensing requirements for cybersecurity professionals, Pell Center says.

One way to get started might be to set up a Federally Funded Research and Development Center (FFRDC) similar to the Department of Defense's Software Engineering Institute, she noted.

The Pell report is not the first to propose professionalizing cybersecurity. The Center for Strategic and International Studies (CSIS), for instance, put forward a similar set of cybersecurity recommendations for President Barack Obama during his first term.

Critics of such proposals have argued that the sheer diversity of the field -- and the fast pace at which cybersecurity is evolving -- make it very hard to professionalize. Many have argued that cybersecurity is too broad to be treated as a single profession and maintain that the field is still too young to be professionalized.

Alan Paller, director of research at the SANS Institute, one of the largest cybersecurity training organizations in the U.S., said professionalization is practical -- but only within the technical roles. "But more than half have non-technical roles, so it wouldn't work across the whole profession."

Where skills are measurable, in areas such as forensics, incident response and penetration testing, employers and the nation deserve a better way of ensuring a person doing the work has the right knowledge and skills, Paller said.

"If it is more general, as in security management, then the variability makes reliable assessment impossible. Note, there is no certification and professional bodies for corporate management -- only for more specific, technical areas," he said.

James Lewis, senior fellow and director at CSIS, called the Pell proposal a good one, but something that will take a long time to implement.

"You need to identify what people need to know, then find a way to train and certify them," Lewis said. "There is real resistance from some job holders who are largely self-taught and the existing certification entities, who fear their business would be threatened," Lewis said. "Think how long it took to get an AMA or ABA, and we're just at the beginning for cybersecurity."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.