Homeland Security Acts on Cyber Workforce Recommendations

The Homeland Security Department is working to implement 11 recommendations from an advisory council to better develop, recruit and retain sophisticated cybersecurity talent.

In a webinar on Thursday sponsored by Government Executive and Northrop Grumman, Dr. Doug Maughan, director of the cybersecurity division at DHS, said the department is moving forward on 11 recommendations released in October by the Homeland Security Advisory Council’s Task Force on Cyber Skills to effectively recruit, retain and train mission-critical cybersecurity professionals.

DHS is moving forward on defining cybersecurity roles and tasks, maintaining an authoritative list for these tasks and evaluating its talent inventory and ensuring that it has the current and future skills capacity to accomplish certain cyber tasks, Maughan said.

“As you can imagine in today’s cybersecurity environment, your skills can quickly become out of date if you don’t keep a training regimen for the future,” Maughan said.

As part of the second objective, DHS also has established a departmentwide organization to address the cyber skills shortage, and has been pairing that effort with the agency’s human capital office to help streamline the federal hiring process for cybersecurity talent.

“We obviously have a ways to go on that, but with cybersecurity and the attention it’s getting in our department and in the government in general, we are looking very deeply at a hiring processes that need to change,” he said.

DHS also is attempting to expand and change the pipeline of cyber professionals by working with community colleges, secondary schools and universities; organizing cybersecurity competitions; and working with the Veterans Administration to potentially train up veterans in the cybersecurity field, Maughan said.

Finally, the department is directing the majority of its direct hire authority in IT to hire 600 employees with mission-critical skills. It also is establishing a Cyber Reserve program that will allow it to tap retired DHS cybersecurity workers to help during “surge times,” Maughan added.

“What we have done is established a residency program with some of our operational organizations within the department,” Maughn said. “Our goal is to get the students into an operational environment where they can both learn and demonstrate operational skills, all aimed at trying to get them cybersecurity jobs in the future.”

Tony Sager, former chief operating officer at NSA and director at the SANS Institute, said a key factor in attracting cyber talent is the government’s ability to demonstrate that these careers have upward growth potential. “Federal employees, especially those in technology areas, are proud to say they could make more money any day but are happy serving the country,” Sager said. “But most federal employees don’t believe the system is looking out for them.”

Sager also encouraged agencies, particularly in times of tight budgets, to figure out how they can scale their resources across government. Most agencies, for example, do not have the resources for a large intern program, but they may be able to partner with other agencies to share resources including cyber interns and staff, he said.

Managers also have to get over the mindset that they have better knowledge or stronger skills than their younger counterparts, Sager said. “The manager is no longer the all-knowing wizard who teaches the youngsters all of these great skills,” he said. “Now, these young guys have a lot more information on current technologies than I do.”