Feds, DoD need substantial investment to keep skilled cyber talent, says survey It will take substantial investment in training and certification programs, annual salaries and flexible work schedules for federal agencies to successfully compete with the private sector for the talent required to close the cybersecurity gap, according to a study including 2,620 Department of Defense, federal civilian and federal contractor employees. Sponsored by (ISC)2, Booz Allen Hamilton and Alta Associates, the 2017 Center for Cyber Safety and Education Global Information Security Workforce Study surveyed over 19,000 information security professionals between June 2016 and September 2016, including a record number of federal respondents. Of the federal sample, 85 percent were men, the average age was 47, over 40 percent had at least a bachelor’s degree, average experience was at least 15 years and average salary at least $118,000. Some 44 percent were located in the Washington, D.C., metro area. Half of federal respondents felt their organizations had improved security awareness, an understanding of risk management and effective security standards, but the time to remediate a cyberattack could be up to a week. Having organizations adopt the NIST Cybersecurity Workforce Framework improved effectiveness, and the most important factor in reinforcing the security of organization infrastructure was cited as hiring and retaining qualified professionals. Key survey takeaways on how government agencies can acquire and retain a diverse skilled cybersecurity workforce include boosting annual salaries by approximately $7,000, supporting work-life balance through remote work policies, paying for professional certifications, promoting a cutting-edge mission and sense of purpose and highlighting opportunities for advancement. Cloud education remains the top area of in-demand information security training and what is seen as the prime skills area for advancing careers, followed by risk assessment and management. The largest demand for personnel appears to be at the non-managerial staff level, but a low demand for entry-level personnel indicates those with experience have an advantage. The entire report can be viewed at IAmCyberSafe.org.