I recently chatted with Randi Levin, CTO of the city of Los Angeles, for a cover story I'm writing about cloud computing and the security ramifications of the technology.
When I asked Levin about her critics, those who wonder whether the nation's second-largest city is setting itself up for failure by outsourcing its sensitive email information to a third-party (Google), she didn't flinch. (Or at least I don't think she did. We were on the phone, after all).
That is because Levin is a pragmatist, which is really the only way to be when you are paddling through one of the worst budget crises in LA history. In essence, she'd love to have a staff of skilled security personnel — who wouldn't? — but that just can't happen. So why not turn to others for help?
"We're in a union environment, so that makes it much more difficult," she explains. "You have to come through the union structure. And yes, we can't pay as much as the private sector."
Also, there is a skill set issue. Levin says. To achieve certain certification and training levels, employees would have to go through classes. Something the city can't afford to pay for.
Is there any interest in hiring and/or educating IT security workers?
"It's not something we're discussing right now," she told me. "We're all in survival mode. The discussion is how do we get through this period of time."
Los Angeles' budget crisis aside, this appears to be a common theme, especially at the federal level of government.
Clearly, if lawmakers and military commanders continually are going to warn about the imminence of a cyber war, certainly we want our government to include a skilled IT security workforce. But that's not happening, at least not right now.
There are a number of reasons why there such an apparent gap in cyber expertise at the federal level.
From an Aug. 2 blog post on the Baltimore Sun's website:
A report on preparing for the nation's cyber security needs last year by Booz Allen Hamilton, a consulting firm, found that federal scholarship programs designed to fill government openings were producing only 120 graduates a year with cyber security education — while the need was closer to 1,000 a year across several federal agencies.
Challenges abound in building a cyber security workforce, particularly for the federal government's defense and intelligence agencies and private contractors that work with them. Part of the difficulty isn't simply finding people with the right technical abilities, but making sure they can also qualify for a security clearance.
And the limited workforce means that government agencies and the private sector must compete. McCullough said defense agencies often can't match salaries paid by corporations and contractors, but they can provide workers tremendous real-life experiences and involvement in critical missions.
But with demand for human capital outpacing supply even at the private-sector level, the government has its work cut out for it. Maybe government needs to take some tips from Wall Street. I mean, tons of my friends were just dying to get into a finance job after college. And recruitment is once again growing. Not even a financial collapse could slow this industry down!
As for cybersecurity and government, initiatives are underway. They include pushes for scholarships for college students who agree to take jobs in government after they graduate, boot camps and efforts by the U.S. Office of Personnel Management and National Initiative for Cybersecurity Education to define cybersecurity roles across federal agencies.
Other areas to correct: Make the recruitment process more seamless. Make the hiring process faster. And clear up any confusion around certifications.
Higher salaries wouldn't hurt either.(Cough, Wall Street, cough).
I have an idea. How about plucking a few bucks from those bottomless defense budgets?