by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 2014
the endpoints of that traffic, such as servers and workstations, for vulner- abilities and secure configurations. Durbin said the two programs are sym- biotic: CDM aggregates and correlates data that can be used to develop more security signatures for Einstein. Zitz said DHS’ treatment of Einstein as just one piece of the cyber puzzle “is indicative of the maturation of...NPPD [as a place] where all of those pieces come together now.” Still lacking manpower Despite the rise in automated cyberse- curity services, which can reduce the manpower needed for some security missions, complex programs such as Einstein and CDM require experts to carry them out. And DHS has at times struggled to hire and retain those experts. Cybersecurity professionals can earn significantly more money in the private sector than they can in government, and the work can require long and stressful hours on the job. A recent front-page Washington Post article states that a high turnover rate among senior DHS cybersecurity offi- cials has hampered the department’s work. From June 2011 to March 2012, five such officials left for the private sector, according to the Post. But Zitz rejected the notion of instability among the department’s cybersecurity leader- ship. He cited Ann Barron-DiCamillo, who has worked at US-CERT for two years and been its director since Janu- ary 2013, as one example of continuity. “I think you’ve got stability in the leadership,” Zitz said. “I think a con- tinuing concern is more so the idea that the subject-matter experts and tech- nical experts who are inside of gov- ernment, who are performing cyber- security duties — they are extremely valuable and sought after in the private sector as well.” Here, again, Congress could help. On Sept. 18, the Senate unanimously approved a measure that would give DHS Secretary Jeh Johnson greater authority to hire cybersecurity pro- fessionals and pay them salaries com- mensurate with those of cybersecurity experts at the Defense Department. The average annual salary for cyberse- curity professionals, public or private, is around $80,000, according to a recent Rand study, which cited 2012 data from the Office of Personnel Management. More than one-quarter of federal secu- rity employees earn $74,872 to $97,333, or somewhere near that industry aver- age, according to the study. Yet there is a roughly $155,500 ceil- ing for how much the government can pay cybersecurity professionals, while top private-sector jobs can offer sever- al hundred thousand dollars in annual pay. As the Rand study notes, “Once professionals can command more than $250,000 a year, the competitiveness of the U.S. government as an employer suffers correspondingly.” Regardless of any action Congress takes on cybersecurity hiring, private- sector IT experts will, in general, always earn more than their public-sec- tor counterparts. But it is not always about the money. DHS recruiters hope their appeals to a sense of mission to protect federal networks in cyberspace will resonate as that mission grows clearer. ■ October 2014 FCW.COM 21 APRIL 2014 DHS’ U.S. Computer Emergency Readiness Team gets a big test from Heartbleed, an OpenSSL vulnerability affecting vast portions of the Internet. US-CERT issues an alert with mitigation advice to industry within 24 hours, but it reportedly takes DHS a week to get approval from some agencies to scan their networks for signs of the vulnerability. AUGUST 2014 Larry Zelvin resigns as director of DHS’ National Cybersecurity and Communications Integration Center, the department’s hub for monitoring cyber threats. He is one of several high-level cybersecurity officials to leave for the private sector in recent years. OCTOBER 2014 Citing the need to respond more quickly to bugs like Heartbleed, the Office of Management and Budget announces enhanced authority for DHS to scan federal networks for acute cyber threats. DHS has long sought that authority. “Cybersecurity isn’t like finding a needle in a haystack. It’s like finding a dirty needle in a pile of needles.” — Ken Durbin, Symantec
September 30, 2014
November and December 2014