Viewpoint 1: We Need Lots of People, Chosen and Developed Properly
“A holistic approach to developing the cybersecurity workforce is needed, based on careful integration of workforce development strategies into a plan that involves educators, career professionals, employers, and policymakers. A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest.”
From “Holistically Building the Cybersecurity Workforce” by Lance J. Hoffman, Diana L. Burley, and Costis Toregas, IEEE Security & Privacy Magazine, March-April 2012.
Viewpoint 2: A Human in the Loop May Not be a Failsafe but a Liability
“ … We security professionals make a claim to the salary we draw because of our “judgment” and “skill.” I suggest that the demand for that judgment, that skill will soon wither in the face of the second [machine to machine] economy. We see computers doing things right now—Amazon or Netflix recommendations, Zillow estimates—that a decade ago would have required a human to intervene. The networked security militias of the second economy do not wait for humans, and it’s possible to argue that for the scale and speed at which a networked security collective operates, a human in the loop is not a failsafe but a liability (see http://geer.tinho.net/geer.suitsandspooks.8ii12.txt).
… which infosec job descriptions are more like typists and draftsmen and which are more like teachers and doctors? Do we need more infosec fighter pilots or more infosec ambulance drivers? Will the salaries of infosec professionals remain high enough for young people to indenture themselves? …”
From “More or Less” by Daniel E. Geer, Jr., IEEE Security & Privacy Magazine, January/February 2012