In a recent blog, I talked about the U.S. need for "cyberwarriors." In this blog I ask a security expert what one should do to get into this field.
In a previous blog, I wrote about the U.S. search for cyberwarriors. Several people emailed me to ask how one would go about getting into the field. I contacted the host of TechRepublic's Security blog, Chad Perrin, to ask his take on this. This is what Chad had to say:
Unfortunately, public information on the subject is long on hype and short on specifics. There is a lot of talk of how very few people qualify, but little or none about what actually constitutes a set of concrete requirements for getting hired into the job.
There are some general approaches I might suggest for trying to find a way in. Before any of this is of any value, though, you need to be the type of person who has enough interest in the subject to have started exploring such skills on your own — at least, if you want to be any good at it.
One option is to talk to military recruiters. There are sure to be some intelligence jobs that would give you a start on a path to what they're calling "cyber warriors". The problem may be in figuring out which jobs in the military are appropriate.
Another is to be a teen in the right high school, thanks to the programs the government is trying to foster where teams from various schools can compete for recognition and get rewarded with training. For those who are too old for that, another option might be to attend conferences like DEFCON and get into the "capture the flag" competitions. Federal agents do attend DEFCON, for a variety of reasons, usually incognito — and in fact there is a game called "spot the fed" that people like to play at DEFCON; some of these people might be looking for recruits in the future.
Of course, before getting into a competition like this, you'll need to have some relevant skills.
I'm mostly guessing here, but I suspect that the thousand people that keep getting mentioned as being qualified are people with advanced degrees in computer science who may or may not actually be any good at the job, but definitely have quite a bit of (at least nominal) experience in specific security fields. Among them are sure to be some of the premier security experts in the country, most of whom probably have no interest in doing the job. I suspect that much of the problem the DoD is having finding people is a common problem in corporate America: trying to hire based on bullet points rather than aptitude and skill.
This is a developing job field, and concrete answers to how to get into it are going to be difficult to provide until things settle down a bit.
This is going to be an especially difficult question to answer satisfactorily for a while, because government doesn't seem to be very forthcoming about the requirements, the specific job roles, or who to contact if you're interested in the job — and government is pretty much the only employer in the field.
In the meantime, read a lot, and find (legal) ways to practice your skills. Assume that network intrusion and counter-intrusion skills are likely to be the most useful for the actual job itself, and go from there. Keep an eye out for opportunities, and good luck.