Cyber-security arms race is a gold rush for hackers

Cyber-security arms race is a gold rush for hackers

Summary: The next arms race is on and the governments involved are speeding to amass the expensive weaponry of 21st century battle -- hackers.

TOPICS: Security

The next arms race is on and the governments involved are speeding to amass the expensive weaponry of 21st century battle -- hackers.

No one, it seems, has enough and acquiring the cyber-security talent capable to conduct offensive and defensive operations is sending salaries for hackers through the roof, according to recent reports.

The most frequently quoted accounts of the shortfall come from Jim Gosler, a veteran cyber-security specialist and former official of the CIA, the National Security Agency and the Department of Energy. In 2008 Gosler estimated that the United States needed between 20,000 and 30,000 technicians with the requisite skills to defend cyberspace. At the time, he said there were about 1,000. Most security experts say the number still holds at about 1,000, a 97 percent shortfall.

John Bassett, associate fellow at the Royal United Services Institute in London and a former senior official at Britain's Government Communications Headquarters (GCHQ), told Reuters yesterday "There is absolutely not enough of them, you need an order of magnitude... more than we have at the moment."

The same 1,000 hackers are just recruited and poached from one agency or contractor to another, Allan Paller, Research Director of the SysAdmin, Audit, Network, Security (SANS) Institute, told NPR for a story on the topic last year.

"You go looking for those people, but everybody else is looking for the same thousand people," says SANS Research Director Alan Paller. "So they're just being pushed around from NSA to CIA to DHS to Boeing. It's a mess."

The shortage of skills has made the U.S.'s critical infrastructure vulnerable to cyber attack, Kevin Gronberg, Senior Counsel, Committee on Homeland Security, U.S. House of Representatives, said Tuesday during a penal discussion on cyber security at critical infrastructure facilities in the U.S. and 13 other countries.

For hackers, it's a sellers market that is unlikely to dissipate.

NextGov compiled some stats on security salaries across government agencies:

  • certified information systems auditors -- $100,855
  • certified security administrators -- $99,512
  • operators and testers, who monitor log files, manage system configurations and hack networks to identify weaknesses -- $76,000
  • Operators and testers with more technical skills, such as computer forensics -- $88,000
  • private sector operators and tester -- $175,000
  • information assurance personnel with master's degree GS-15 level -- up to $130,000
  • Chief Information Security Officers (CISOs) -- up to $180,000, plus premiums up to $220,000
  • Pentagon personnel reported the highest average annual salary -- $103,330

Those salaries are only likely to increase as the governments and contractors struggle to recruit and retain the necessary talent. Basset told Reuters the personalities of hackers makes retention more difficult than other engineering skills.

"Given the nature of hackers, it's going to be like herding cats," said Bassett. "You might be able to give them some money or tools which they would find interesting and keep them pointing in a certain direction for a certain period of time. But whether that would then give them any residual loyalty is a very open question."

The scarcity of security skills is a national security crisis, but for the engineers who have the skills to do perform a patriotic duty -- and for those with the aptitude and willing to change career course -- the current arms race is a gold rush.

Related Content:

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cyberspace(S)

    Defend cyberspace? He says it like there's one network with Chinese hackers on one end of it and USA 'defending' hackers on the other.

    Do not connect critical systems to the Internet or other public network, directly or indirectly and there isn't a single 'cyberspace'.

    Keep it that way, it's your *real* patriotic duty. It's not an arms race, it's basic security 101.
  • It seems like you could set up a firewall that would block IP's

    Internet security is an oxymoron.

    I have discovered that most firewalls only block traffic in and not out and that can be fixed by convincing the manufacturers to set them up both ways at the factory.

    Next I would like someone to make a firewall that could block a range of IP's and set it up to block IP's from china.

    So give me the job and I would solve your problems! I would not mind it if I made half of what these guys make........
  • RE: Cyber-security arms race is a gold rush for hackers


    If you could do that, I suggest you contact any one of the security agencies and get considerably more than the rates listed.