With sequestration cuts underway across the federal government, and the plight of the federal information security workforce being traditionally viewed as non-mission essential, one can only hope that the historically underfunded budgets of the federal CISO will survive the carving knives of the sequester-mandated cuts.
The effects of the sequestration cuts on the federal information security workforce were very evident, as demonstrated by the large percentage of regular attendees absent from this year's RSA Security Conference in San Francisco. Long considered the mecca for security practitioners, RSA clearly took a hit in the number of government attendees this year and began a trend with subsequent conferences such as the Global Privacy Summit in Washington DC. In fact, it has been rumored that DHS will be canceling the annual Government Forum of Incident Response Teams (GFIRST) Conference which brings together federal cyber frontline practitioners to share tools, tactics, techniques and procedures in protecting federal cyberspace.
In light of the explosion of sophisticated cyber attacks that have placed government systems at risk, coupled with the shortage of skilled federal cyber warriors, sequestration cuts to the cyber training budgets of federal agencies would appear illogical and untimely.
While the need for federal 'belt-tightening’ is a reality that we have all come to accept, the realities of an exploding cyber threat landscape is something we cannot afford to ignore. The fact that cybersecurity was declared by the White House as a national priority in May of 2009, and again during the last State of the Union Address, now is not the time to start chipping away at the gains that federal CISOs have managed to eek out over the years. Federal CISO budgets were meager to start; this is one area where we can’t afford to cut further.