Not only is the federal government trying to define the requisite skills for its cyber security work force, but also what to pay, reports Nextgov.com.
The story says the government lacks some 20,000 or 30,000 people with the needed skills to defend cyberspace, but it's not just a problem of finding the appropriate candidates. As the Department of Homeland Security has found, it's about breaking through all the red tape in hiring them. All the while, the number of attacks keeps rising.
At issue, basically, is who are the most valuable cyber defenders? Are they the hunters-the network operators and penetration testers skilled at probing for vulnerabilities-or the information assurance analysts, including auditors and security administrators? The latter jobs, though they pay more now, increasingly are being automated. Salaries can vary by agency and also by education and certification.
Operators and testers, who monitor log files, manage system configurations and hack networks to identify weaknesses, were paid about $76,000 last summer, according to the SANS Institute, a computer security education center. Some people in this category with more technical skills, such as computer forensics, were making $88,000.
The article says the government typically does not hire entry-level people into these jobs because it requires more experience.
At the top of the GS-15 level, staff with master's degrees and specialized experience can earn up to $130,000, according to the International Information Systems Security Certification Consortium (ISC)2. Information assurance senior executives, such as chief information security officers, are paid up to $180,000, but can earn up to $220,000 if an agency uses paybands, a system that gives the agency more flexibility in compensation.
From its February report, among (ISC)2 members working in the federal government, civil service cyber workers at the Pentagon reported the highest average annual salary, $103,330. At a Cabinet-level agency, a CISO can make about $150,000 without paybanding while the salary for those at smaller agencies is around $130,000.
(ISC)2 found certified personnel earn 10 percent to 25 percent more than noncertified staff.
The consortium also found one of the big beefs among federal security pros was the lack of a career path in government security, but so far, the government has opted not to create a new "series" or career track for them.