At the most recent in the excellent Federal Computer Week/Juniper Networks series of cyber discussion breakfasts, Alan Paller gave us a wake up call.
Paller, the Director of Research for the SANS Institute, and one of the most respected experts in the cyber arena, followed Chris Painter of the National Security Staff. Painter gave a good review of the government efforts to implement the President’s cyber plans. He was cautiously optimistic and gave Howard Schmidt fairly high grades. Paller was much less upbeat.
He immediately dove into the subject by saying he was not going to sugar coat this issue. He touched a nerve with the crowd (maybe 15 percent government, the rest from industry). He did this by saying that the biggest problem was that we have tilted the entire tech world to the point where the “talkers” appeared to be of more value than the “doers.”
Paller stated that there were perhaps 1000 people in all of America who really had the world-class skills to “do” cyber security. Everyone else amounted to nothing more than fillers around this small group. He said we did it by our compensation. The talkers get paid more than the technicians. Paller likened it to a system that would pay doctors less than you do the guy who is the hospital manager. One might add something, but without the “doers,” nothing really happens.
The cry here was for a maximized effort to raise more people who can actually do the fight. We simply do not have enough people to do what needs to be done. Paller’s words struck home because most of the people in the room (this writer included) do not possess the sort of hard skills for which he was calling. Are we really that useless?
Paller admitted that the tech experts (I have called them Cyber Samurai) are not the right people to make policy or to even present what they can do to the public. Even his efforts to “polish then up” would probably fall short. So perhaps we are not completely without use; however, as the military measures the “tooth-to-tail” ratio (number of gunfighters to support personnel) and strive to reduce that ratio, we clearly need to get a better ratio of Cyber Samurai to the policy/sales/strategy types. We need the hard skills.
The last data point that really resonated with me was that over a million people (mostly young) hack for fun all the time. Paller noted that if we can only get a percentage of the best ones, say 10,000, and give them the best training we can to enhance their natural abilities, think what we could do? We need the hard skills, and we need them today.