Report Warns of Potential Brain Drain in Federal Cyber Force

The vast majority of the federal cybersecurity workforce is older than 40, an issue that could eventually lead to a personnel shortage in the field, according to a new report. 

The 2012 Information Technology Workforce Assessment for Cybersecurity, released Wednesday, found that nearly 80 percent of federal cybersecurity workers are over the age of 40, with most being closer to the retirement age threshold. Only 5 percent of the federal cyber workforce is 30 years of age or younger, the study found.

The report, which is based on an anonymous survey of nearly 23,000 cyber workers across 52 departments and agencies, also found that while the majority (49 percent) of cyber feds have more than 10 years of service until they reach retirement eligibility, nearly 33 percent will be eligible to retire in the next three years.

“While specific factors may be influencing the average age of a department or agency’s workforce, this data indicates potential risk to the current and future pipeline of cybersecurity professionals,” the report states. “An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field.”

In addition, the study found that the majority of cyber workers have spent most of their careers in the federal government, although not specifically in the field of cybersecurity. The largest number of respondents (31 percent) held the 2210 Information Technology Management job series, and most (61 percent) held a pay grade of GS-11 to GS-13, the study found. 

More than 17,500 participants also indicated that they had received an academic degree, with business administration and management the most popular fields of study. Nearly 6,000 participants also had obtained some level of certifications, with the most popular certifications being Security+ and the Certified Information Systems Security Professional.

It’s important to note, however, that the education and certification questions were optional items on the survey, and the report authors cautioned that these areas may not be a true representation of all participants.

Finally, several participants indicated that increased training could benefit them in the current roles, with 67 percent indicating a need for training in information assurance compliance.  Participants also cited a need for training in vulnerability assessment and management and knowledge management.

In addition to releasing the study, the CIO Council also launched the new ITWAC Reporting Tool that enables agencies to view and analyze IT workforce data across several workforce development topics, such as work experience, education, certifications and demographics. Each participating agency has online access to the tool through their self-identified points of contacts, the CIO Council said in a blog post Wednesday.

“Federal departments and agencies can use the data to support strategic cybersecurity workforce development activities such as workforce planning and professional development,” the report states. “Activities such as these can ensure that the federal cybersecurity workforce is properly equipped to respond to and protect the United States from cyber threats and attacks.”