The Obama administration needs to formally declare a “critical need” for cybersecurity talent in government and allow all agencies to fast-track the often sluggish federal hiring process when recruiting for a broad range of cyber positions.
The government should also stand up a civilian Cyber Reserve Training Corps, modeled on the military’s ROTC program, to provide education and workforce development and to serve as a more formalized pipeline to federal information-security careers.
Those are some of the key recommendations for shoring up the government’s wobbly cybersecurity recruiting efforts, made in a new report by the Partnership for Public Service and contractor Booz Allen Hamilton, “Cyber Insecurity II: Closing the Federal Talent Gap.”
The government continues to face a laundry list of challenges in recruiting and retaining cyber talent, including fierce competition from the private sector and an inability to shell out top-dollar salaries.
Even as cyberattacks on federal networks ratcheted up in recent years, the Obama administration has so far failed to map out a master strategy for plugging the gaps in its high-tech workforce, the report concluded.
Agencies have largely been left to fend for themselves, the authors of the report argued.
Some agencies, such as the National Security Agency and the Federal Bureau of Investigation, have been able to fill cybersecurity billets without much trouble. But most civilian agencies continue to struggle, creating a climate of “haves and have-nots” in the ranks of Uncle Sam’s overall cyber workforce.
The federal government even struggles to tally up the size of its total cyber workforce. The timeworn General Schedule system used to classify and categorize federal jobs has failed to keep pace with the times, meaning the federal government does not currently know exactly how many cybersecurity professionals it employs, what skills they have or the cyber skills the government lacks.
The report lays a good deal of the blame for the cyber workforce gap on the federal hiring process and pay-setting calculations that have failed to keep pace with the private sector.
“The overall slowness of the federal hiring process places the government at a competitive disadvantage,” the report concluded. If a position requires a security clearance, it’s not uncommon for the onboarding process to drag on for as long as a year.
Some agencies have been given permission to bypass certain hurdles in the hiring process -- so-called direct-hire authority, which is granted by the Office of Personnel Management to fill “severe” workforce shortages in a particular area.
But those exceptions are authorized for only a small subset of all the cyber positions across government and agencies are too cautious about fully using expedited hiring authority.
The report recommends expanding the hiring flexibilities to all agencies, covering a broader array of cyber positions across government.
Another snag in the search for cyber talent? The federal hiring process is often delegated to agency personnel offices that aren’t very adept at spotting a keeper in a pile of resumes. Most agencies now rely on special software and algorithms to scan resumes for keywords. But that isn’t always effective when candidates with unconventional, though still valuable, experiences.
Private-sector cyber experts interviewed by the authors of the report “began their forays into cybersecurity by tinkering, coding and in some cases even hacking as a hobby,” according to the report. “These experiences are not usually reflected in formal education or resumes, so government often overlooks promising candidates with nontraditional backgrounds or experiences.”
The report recommended agencies make better use of internships and scholarships that require government service as a condition.
Another potential solution, cybersecurity competitions, show promise at identifying candidates with nontraditional experiences but are still used by sparingly by agencies, the report stated.
The creation of a cyber ROTC based out of a governmentwide cybersecurity training center could also help enhance the level of college-level cybersecurity education available. The report proposes placing the cyber reserve unit within the civilian cybersecurity campus recently funded by Congress. Graduates of the program would transition into standby status, helping out agencies as needed.
The report is a follow-up to an earlier 2009 look at the government’s cyber workforce challenges. Many of the problems remain the same, however, the report stated.
“During the past five years, the federal government has taken some positive steps, but the same basic problems outlined in our 2009 report have grown more acute as the threat has multiplied,” the report concluded. “In short, the government still lacks the cyber workforce it needs and still does not have a comprehensive, enterprisewide strategy to recruit and retain that workforce.”
(Image via everything possible/ Shutterstock.com)