adfa, p. 1, 2011.
© Springer-Verlag Berlin Heidelberg 2011
Cybersecurity Workforce Development Directions
Ronald C Dodge
1
, Costis Toregas
2
, Lance Hoffman
2
1
United States Military Academy, West Point NY, 10996
ronald.dodge@usma.edu
2
The George Washington University, Washington, DC 20052
{costis.toregas, lance.hoffman}@gwu.edu
Abstract. The cybersecurity workforce is one of the most critical employ-
ment sectors in the world. The systems supporting the information technology
requirements of the world’s government, power, and financial systems are in-
terconnected more than any other system in the world. Despite the criticality
and interconnectivity of these systems, the workforce has developed without a
concentrated and standard view of its requirements. In this paper the authors
report on efforts in the last two years to define the requirements for developing
the cybersecurity workforce.
1 Introduction
The cybersecurity workforce is failing to meet the demands of a society with deep
reliance on information technology. This failure is abundantly evident in many secu-
rity assessment reports. Identifying the requirements of this career field and creating
a holistic approach to defining accreditation guidance to certify an individual’s com-
petence to be a part of this workforce has been the topic of several workshops in the
USA in the past two years. While there was no overlap in planning or participation in
the workshops, they arrived at the same conclusion – change is needed now in the
way we develop and manage the cybersecurity workforce.
In 2011, the United States Department of Homeland Security sponsored a work-
shop executed by the Institute for Information Infrastructure Protection (I3P). In this
workshop, approximately 40 representatives from the US government, international
corporations, and academic institutions met to discuss and outline the demands within
each sector for cybersecurity workforce professionals. The final report
1
highlighted
the sense that the cybersecurity workforce resembled an ecosystem comprised of ex-
pertise in complementary knowledge, skills, and abilities. The domains of expertise,
however, are nearly impossible to all master within a specific job function in the ca-
reer field. Unfortunately, if one is lacking, the system is vulnerable to attack or fail-
ure.
A second effort sponsored by the National Science Foundation and executed by the
Cyber Security Policy and Research Institute (CSPRI) of The George Washington
University (GW) started to explore the integration of workforce development strate-
