Comment Yes Cringely, we have 1,000 security experts (Score 5, Interesting) 222
I have a fairly long track record in the security industry, and I'm really puzzled by Cringely's assertion. It's hard to tell if he is trying to make a point out of a semantic squabble, or if he genuinely believes that the information security community has fewer than 1,000 competent experts.
If the former, yeah, the term "cybersecurity expert" is unfortunate - but it's clear it's just PR speak for "information security professional". Cringely then attempts to define that first, largely meaningless term, and then polls his anonymous friends (who themselves probably do not fall within that definition) to come up with wild guessess.
If the latter, yes, we definitely have more than 1,000 security experts. There is something around 500 emitent, internationally recognized folks publishing books, research, and otherwise contributing to the "cutting edge" of the industry. Then there's another 500-1,000 top-tier, notable security VPs, CEOs, etc, working for Fortune 500 companies (they may not all be technically savvy, but they *are* the industry). Then, there is probably something close to 200,000 security professionals working for companies around the world - we have something like 50,000 registered CISSPs alone (which is a certification largely inaccessible to hobbyists, and pursued by a minority of infosec workers), something around 50,000 subscribers to BUGTRAQ and other security mailing lists, etc.
Does this mean that DHS would be able to hire 1,000 competent experts? Unlikely, as the government historically did a pretty poor job of competing with commercial corporations (in terms of compensation and work culture), and many agencies may lack the hiring rigor and expertise to make the right calls. Given the size of the networked infrastructure in the US, this number is high, but does not sound outlandish by itself, though (many large corporations have 20-100 security people on their payroll).