Network News

X My Profile
View More Activity

DHS Seeking 1,000 Cyber Security Experts

The Department of Homeland Security is poised to go on a geek hiring spree.

DHS Secretary Janet Napolitano announced Thursday that the agency has been cleared to hire at least 1,000 new cybersecurity professionals over the next three years to fill staffing gaps at various DHS agencies.

"This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation's defenses against cyber threats," Napolitano said.

According to Napolitano, the department will look to fill "critical cybersecurity roles," including "cyber risk and strategic analysis, cyber incident response, vulnerability detection and assessment, intelligence and investigation, and network and systems engineering."

The DHS secretary made the remarks at a press conference Thursday to kick off National Cybersecurity Awareness Month. Interestingly, Thursday also marks the target date for the launch of the new U.S. Cyber Command (USCYBERCOM), according to a blog post from a group that includes Richard Clarke, the former special advisor to the president on cyber security during the Bush administration.

The Cyber Command is supposed to oversee government efforts to protect the military's computer networks, and potentially also assist in protecting the civilian government networks. The head of the Cyber Command will be National Security Agency Director Lt. Gen. Keith Alexander.

I mention the new command because some Beltway insiders believe a hiring frenzy currently underway at that upstart command could make it difficult for DHS to hire cyber security experts with the right in-the-trenches experience. Alan Paller, director of research at the SANS Institute, a cyber security research and training group based in Bethesda, Md., said the NSA has been aggressively poaching the best cyber security experts from the major defense contractors of late.

"The NSA is already stealing every human being from the other side, so there is no space for [DHS] to hire," Paller said. "They're going to have a helluva time getting people who are technically skilled -- not at just writing about cyber security -- but actually doing it."

Incidentally, the SANS Internet Storm Center is once again publishing a new cyber security tip each day of the month, in keeping with their annual observation of Cyber Security Month. Definitely worth a read.

By Brian Krebs  |  October 1, 2009; 1:45 PM ET
Categories:  From the Bunker , U.S. Government  | Tags: cyber, dhs, nsa, sans  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Hackers Breach Payroll Giant, Target Customers
Next: Trove of Hotmail Passwords Posted Online


Hire folks that have been to hell and back.
I feel that those that have track records.
Really experienced in the dark side.
Excel with providing actionable data.

Just hoping 'professionals' will take the
journey to the very
edge is short-sighted
those w/ experience
handle pressure than those
recently schooled using
outdated printed texts

mull over it before dismissing... mmmk

Posted by: macewan | October 1, 2009 4:26 PM | Report abuse

It's also meet the blind month.
The U.S. Mint's Louis Braille Bicentennial Silver Dollar is a very important part of this celebration.

Posted by: Dermitt | October 1, 2009 4:49 PM | Report abuse

It costs over $10,000, and over six months to get someone a "Secret" level clearance. The army does not want to do this.

Secure networks are expensive. Hiring more people doesn't improve security and if they don't pass the clearance test it's a waste of money. That means more chaos at a high price.

Posted by: Dermitt | October 1, 2009 5:26 PM | Report abuse

Janet Napolitano is clueless. Oh, let's just hire 1000 cyber security "experts"! She just now figured out this was a good idea?

And go walk into a university CS class. Take a look at the retards you are about to hire. There's a reason practically ALL corporate and government business networks are open to attack. Because at the end of the day, computer rejects are still computer rejects. Half ass their way to a paycheck. Find the few rare self-taught security experts out there who live for this stuff.

Amazes me they let an old woman who doesn't know JACK SH*T about anything run Homeland Security.

Posted by: fpwp | October 2, 2009 5:07 AM | Report abuse

Priceless. You go to the career page, then to the relevant "cybersecurity" page, and it was last updated Aug 14th. No new links.

Posted by: mjstanl | October 2, 2009 10:22 AM | Report abuse

Once again, I have to point out, a few months after 9/11 I submitted an application for a patent; in the beginning of 2009 I finally got it, after it had been buried in process and a facility relocation for about 6 years.

For now, it's a Linux "live DVD", an entire and full-blown operating system that cannot be altered by hackers because it is READ ONLY.

It has IPSec, Kerberos, all kinds of security goodies. Good luck even connecting if you're not authorized, much less hacking in and altering the READ ONLY Operating System.

And my patent 7,464,403 covers the ability to pump out stacks of them, each and every one individualized and pre-configured.

You'd think that they'd be beating a path to my door like I'd invented a better mousetrap.

I have yet to hear a word back from any of these people who claim to be all about and all for "cybersecurity". You'd think they'd at least want a copy or two for evaluation, but they aren't even interested enough to accept free copies.

The Chinese Hackers Guild are going to take over some day, and probably nobody collecting a check from the US will even be capable of noticing that they got PWNED, much less will they be enough of a m4d ski112 h4x0r who can do anything about it other than reinstall "Windows" and check the MS website to see if there are any updates to deal with it.

Posted by: thardman | October 2, 2009 1:43 PM | Report abuse


The reason no one's beating a path to your door is because it's not exactly new. We have years and years of experience with boot CD's as OS' (knoppix has been around for ages), and they have one major flaw: patches. Having a read-only OS is great...right up to the point where you realize you have a flaw in that read-only OS, and now you can't fix it.

Posted by: neversaylie | October 2, 2009 2:44 PM | Report abuse

@thardman, it appears that you have not covered DVD-ROM, Read-only Memory sticks, as well as the g and n network standards. I guess anyone who uses them needs not search for the way to your door.

Posted by: teplicky101 | October 2, 2009 3:33 PM | Report abuse

Having been playing in this field for many years, I can tell you now that there is no way in heck anyone worth anything is going to go to work for DHS for a measly GS-15 or SES salary.

We go to NSA and CIA (and to some extent DIA) exactly because their budgets are black and we get paid solely on what we are worth... No less.

Enjoy the team of mediocrity in DHS... About all they will be good for is calling up NSA and DoD to see what they think about things ;)

Posted by: indep2 | October 2, 2009 8:13 PM | Report abuse

Another reason it's DHS will have trouble hiring is that the application process is designed to hire traditional government workers, so for instance if you don't have a degree, you basically can't get noticed.

Posted by: captainoverboard | October 4, 2009 9:42 AM | Report abuse

BK- Might be great next time to have a link to the jobs, since a lot of us are in teh field. Nice article.

Posted by: dward__ | October 4, 2009 3:48 PM | Report abuse


I am just a bit curious and could probably answer this question thru my own research, but by chance, are there any paid training programs in this area?

During the 1960s, those of use in the Army Security Agency not only got a Top Secret Crypto [Plus if needed] security clearance, but many of us got stationed on multiple continents [inclusive of some embassy duty, if desired] and we had really quite a few top flight 'operators.'

Then in college at the U. of Md., I made the mistake of 'signing in' at a few SDS meetings, and so [I suspect] when I applied to NSA upon graduation, I got turned down. Then there was the 'draw a PERSON final question' on the exam. Since they obviously weren't looking for artists, a number of us read PERSON to be general neutral and we promptly had the proctor return our exams [and finally make an announcement that the PERSON had to have a sex.] This was back during days were being GAY was a security clearance risk, so I frigured they were looking for 'your ideal date,' which in my case was a chick in a mini with big b**bs. I figured wrong -- the shrinks claimed the person you drew was yourself. LOL Guess I showed them. LOL

Posted by: | October 5, 2009 3:20 AM | Report abuse


I guess today, that would have to be a chick in a mini-burka with big B**bs. LOL

Posted by: | October 5, 2009 3:25 AM | Report abuse

The best they can hope for is 1000 book-fed no "blackhat" experienced professional students.
They are the easiest to hack.

The real Cyber Experts are in the trenchs, don't necessarily have degrees (more often not) but good luck hiring REAL cybersecurity pros because the folks that do know IT Security are also not the ones that are going to want to sit on their hands while a security vulnerability they have found goes to the Supervisor, who then sits on it for the next meeting with their supervisor, etc. until it is exploited.

The true IT Security folks want to disect, and mitigate as fast as they can and working for the U.S. Government just doesn't facilitate that type of response.

They are getting what they want...a bunch of wannabees that have SANS certifications and degrees so that they can all go to meetings to talk about it while their data is going to China and back.

Bottom Line: A true security expert is not going to put up with bureaucracies involved with trying to diagnose or fix a security problem. The people that will take the positions and last and do little to no good are just bureaucrats themselves and do nothing for U.S. Cybersecurity.

Posted by: fdunn3 | October 6, 2009 9:33 AM | Report abuse

One thousand jobs eh? Where are they hiding?

I didn't see them. Either that or I guess they are going to fill them in a hurry. Of the three non executive positions one has already closed on 06 Octobre. The other two will be closed on the 16 Octobre. Does giving the month en Fran├žais preclude me from consideration? For you people that don't have degrees, I have them. I had the CS department chair arrive one morning to comment - you sure arrived early today. I had been studying the Unix kernel all night long. You don't produce black-lists (SecureMecca, HostsFile) without knowing what black-hats are doing. But in truth of fact knowing how to shut the door in the first place is the best solution. What I suspect is going to happen here is NOT that. The inertia to open holes will take over coming from upper management all they way down. And it doesn't matter where you are at. When the security people are mentioned by management at all it is like they just said a dirty word. Those are the people who just stopped my neat P2P sharing idea to get this job done in a hurry. Nevertheless, I did stick the URL in my jobs folder to see if this ever comes to fruition. There is one benefit. Some of us basically get to do nothing for the year while they do your security check IF they hire you. That should give you enough time to get a real job. If you don't want people swearing at you, get it in some other area other than computer / network security. But if Erdos himself is barred entry into the US by the FBI, what chance do you think any of us have in passing the security clearance? And all Erdos wanted to do was one of his many visits to Math students / professors at a University. So this is yet another case of goals that are totally unrealistic. Hype has reached new heights. So now you have heard the white-hat side of it.

Posted by: hhhobbit | October 8, 2009 2:07 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company