US Army: Military finds IT security certification difficulties
Network World - The U.S. Army is having a hard time manning its IT staff because it cannot find military personnel with the right networking and IT security qualifications.
The Department of Defense (DOD) Directive 8570.01-M is a military regulation first published in 2005 that puts forward considerable detail on the workplace and related training and certifications that military personnel -- and now contractors as well -- must have to operate DOD-related information systems for information assurance purposes. But the problem for the Army at this point is that it doesn't have enough personnel with the required training, said Lisa Lee, information assurance program manager, Program Executive Office, Enterprise Information Systems in the U.S. Army.
STUPID TECH SUPPORT TRICKS: IT calls of shame
To cope with the shortage of certified personnel, the Army is altering its guidelines so that not as many individuals working in areas it calls "an enclave boundary" -- defined as a specific set of routers and firewalls -- will have to meet the previous requirements, said Lee, who spoke on the topic on behalf of the Army at the recent FOSE Conference in Washington, D.C.
With that change, the individuals who have the higher security credentials the military wants will be granted higher network administrative privileges and those at a lower certification level will have less, and likely make less money, she noted. "I was forced to do it," she said. "We have some good people having trouble passing the tests. They're just not good test takers."
The alphabet-soup of security certifications, many of them well-known to the private sector, include specific sets of requirements oriented toward various designated security levels and network and operating environment, as listed on the Defense Information Systems Agency website www.disa.mil. The certifications include A+CE, Network+CE, SSCP, GSEC, CISA, GSE, CISSP, GSLC and several more.
The Army pays for a lot of baseline training and certification for personnel through vouchers, but the problem now is that "the vouchers run out" and the Army is on the lookout for "as much free stuff" as it can get, Lee said. Contractors are responsible for paying for their own training, she said. And for some types of certifications, Army personnel have to shell out on their own, she added.
Lee also noted that if someone is a "valued employee, they'll put you in another job" if you fail to get specified certification. She said she's seen people with IT security certifications who weren't as good in their jobs as those who weren't similarly certified.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- SANS: Next-Generation Datacenters = Next-Generation Security
- This whitepaper takes a look at some new technology that may allow security teams to implement more flexible and capable protection models in...
- SANS: Protecting Virtual Endpoints with McAfee Server Security Suite Essentials
- SANS review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
- Safeguarding the Next-Generation Data Center
- Use of virtual and cloud servers has exploded. Unfortunately, security often lags behind. McAfee recommends looking at innovative solutions in order to erect...
- Aberdeen: Securing the Evolving Datacenter
- This report highlights ways security technologies and services are evolving to provide the visibility and control needed to deploy workloads flexibly in the... All Government IT White Papers
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- All Government IT Webcasts