As if the sequester isn’t causing enough problems for the Federal Government, we are now learning that a vast majority of Federal cybersecurity employees are over the age of 40, and most of those are even closer to retirement than the threshold. The 2012 Information Technology Workforce Assessment for Cybersecurity report was released last week and with it comes some fairly stunning revelations.
- 5% of the Federal Cyber workforce is 30 or younger
- Close to 50% of the group is within 10 years of retirement
- 33% is within 3 years of retirement
The broad message here is that there will be an enormous gap to fill once these people start to retire. Not only will we be losing the seasoned front line soldiers that defend our networks, systems, financial well-being and personal information, but we will also be losing all of the institutional knowledge that is locked away in their brains – often used but rarely documented. So much of what cybersecurity professionals do is based on good habits, repetition, and deep, intimate knowledge of the systems and software that they have nurtured for the past 20 years.
So how do we pass along this institutional knowledge and years of experience to the freshly minted CISSP? Before all of this knowledge flows out the revolving door, the Federal Government must implement a process that allows them to capture the infinite knowledge that the cyber workforce has amassed, and implement it in such a way that allows them to ensure that the next generation of cybersecurity professionals implement the standards, best practices and policies that have been in use for the generations past.