Data Security Pros in Short Supply, Say Experts

Leading cyber experts warned that a shortage of talented computer security experts is a national security threat, at a time when cyber attacks are on the rise.

Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks at a time when attacks are on the rise.

Symantec Corp Chief Executive Enrique Salem told the Reuters Media and Technology Summit in New York that his company is working with the U.S. military, other government agencies and universities to help develop new programs to train security professionals.

"We don't have enough security professionals and that's a big issue. What I would tell you is it's going to be a bigger issue from a national security perspective than people realize," he said on Tuesday.

Jeff Moss, a prominent hacking expert who sits on the U.S. Department of Homeland Security Advisory Council, said that it is difficult to persuade talented people with technical skills to enter the field because it can be a thankless task.

"If you really look at security, it's like trying to prove a negative. If you do security well, nobody comes and says 'good job.' You only get called when things go wrong."

The warnings come at a time when the security industry is under fire for failing to detect increasingly sophisticated pieces of malicious software designed for financial fraud and espionage and failing to prevent the theft of valuable data.

Moss, who goes by the hacker name "Dark Tangent," said that he sees no end to the labor shortage.

"None of the projections look positive," said Moss, who serves as chief security officer for ICANN, a group that helps run some of the Internet's infrastructure. "The numbers I've seen look like shortages in the 20,000s to 40,000s for years to come."

Reuters last month reported that the National Security Agency is setting up a new cyber-ops program at select universities to expand U.S. cyber expertise needed for secret intelligence operations against computer networks of adversaries. The cyber-ops curriculum is geared to providing the basic education for jobs in intelligence, military and law enforcement.

The comments echo those of other technology industry executives who complain U.S. universities do not produce enough math and science graduates.

Salem pointed to UK banks as one industry already struggling to find enough network security experts.

"Because there's such a concentration of financial services companies there, there's not enough security expertise already in London. We see it. Banks can't find enough security professionals," he said.

Moss, who founded the Defcon and Black Hat hacking conferences that are held in Las Vegas each summer, said that U.S. government agencies are so desperate to fill positions that they are poaching security experts from private firms.

In some cases, security firms have retaliated by refusing to send their most talented cyber experts on government jobs for fear of losing them. Instead they send their "B Team" consultants, Moss said.

Government officials from normally secretive agencies, including the National Security Agency, FBI and U.S. military, attend Defcon each year to recruit gifted hacking geeks who they might not otherwise be able to identify. (Editing by Steve Orlofsky and Phil Berlowitz)