If you have tried to hire any cybersecurity talent recently, you know that experienced folks are hard to find, hard to keep and expensive. That is why we offer the virtual Chief Information Security Officer program.
But if you are the federal government and you have hundreds of agencies and millions of employees – not to mention adversaries that are working overtime to hack you – you need “a few good people”. Actually quite a few.
The federal government doesn’t have a great pay scale either, so in order to motivate people, they have to be aligned with the mission.
But the federal government doesn’t seem to have much of a mission when it comes to cybersecurity. We can’t even seem to agree on whether the Russians interfered with the last presidential election.
So what does that mean for the feds?
It means that senior cybersecurity people are leaving. Key people.
Jeanette Manfra, who is currently the Assistant Director for Cybersecurity for the Office of Cybersecurity and Communications at DHS’ Cybersecurity and Infrastructure Security Agency (how’s that for a title?) is leaving CISA to join Google. At Google, she is going to head up the Office of the CISO to help customers improve their security.
She is not alone.
Kate Charlet, who served as acting Deputy Assistant Secretary of Defense for Cyber Policy at the Department of Defense, left in and is now Director of Data Governance at Google.
Daniel Pietro, who was Director for Cybersecurity Policy on the staff of the National Security Council, joined Google as an executive for Public Sector Cloud at Google.
Rob Joyce, was forced out of his role at the White House as Cybersecurity Coordinator at the National Security Council by former National Security Advisor John Bolton. Rob, at least, went back to the NSA where he is appreciated. Now the White House has no one in that role and some people are saying that we may be back in the same situation as we were in 2014 when the Russians hacked the White House. Cyber is not a priority for this administration.
Joe Schatz resigned as White House CISO to join technology consulting firm TechCentrics.
In October 2019, Dimitrios Vastakis, Branch Chief of the White House Computer Network Defense and staff member of Office of the Chief Information Security Officer (OCISO) at the White House released a scathing resignation memo saying that OCISO staff are “systematically being targeted for removal from the Office of the Administration (OA) through various means.”
One of the key issues with all of these senior folks leaving is that all of the tribal knowledge is going with them. Even if you can replace these folks – and the evidence seems to indicate that either this administration doesn’t want to or can’t – there is no way to replace their knowledge of the workings of all of these federal systems.
Back in 2016 then acting director of OPM Beth Cobert said “…federal agencies’ lack of cybersecurity and IT talent is a major resource constraint that impacts their ability to protect information and assets.”
Another person who left, Michael Daniel, former special assistant to the president and cybersecurity coordinator at the White House, said “Hiring and retaining cybersecurity professionals is difficult for the federal government under normal circumstances, because supply remains low and demand high across our entire economy,”
President Trump did sign an EO last May to try and address the cybersecurity staffing gap estimated at 300,000.
I don’t know where that number came from. Maybe this is in the federal government alone. I have seen estimates of a nationwide shortage of over 3 million by next year. If the feds want 10% of that, they are going to have to work very hard and create an environment that is agile and receptive – something no government agency is good at doing in the best of times.
I hope the government is successful at turning this around, but I am a bit skeptical of their ability to do that. I guess we shall see. Source: MSSP Alerts