Trained and competent cybersecurity professionals have opted not to work for the United States government because they make more money working for private industry. This is the conclusion of a study conducted by Martin Libicki and colleagues at the RAND Corporation. The study was made public at the RAND website on June 18, 2014.
Demand for cybersecurity professionals overtook supply seven years ago according to the study. The dearth of trained cybersecurity professionals has made the minimum acceptable salary about $200,000. Corporations have dealt with the lack of personnel and the salary expectations by promotion from within and active recruiting but the United States government cannot compete.
The researchers suggest making the positions in government more attractive to women, waiving civil service rules that prevent hiring the best in cybersecurity, funding specific educational programs to train a new group of cybersecurity pros for the government, and promotion of this type of career as early as grammar school. The report makes no mention of increasing salaries in government to be competitive with private companies for the same work. The long-term approach is suggested to be development of systems that cannot be hacked.
The following scenario that has been played out in several movies and a few times in real life may offer the perfect solution to the present lack of people that can manage cybersecurity for the government. Hire the hackers that the government has arrested. What better source to design systems that cannot be hacked than those who have succeeded in hacking both corporate and government systems. Selection of prisoners that are serving long sentences would prevent the potential problem of a government employee hacking a government site.
Incentives could be offered to those people that are qualified that include less jail time and relocation to minimum security facilities. Most states and cities have prisoners that work for the state or city doing road maintenance and other work. The prisoner has the option to seek work and is not forced to work. Perhaps the government is overlooking the best labor pool for cybersecurity because those people are in prison.