recommended reading

High cyber staff turnover rate is good for government, DARPA chief says

The Pentagon can vie with industry for cybersecurity researchers by letting the scientists return to the private sector after a few years in government, the Defense Advanced Research Projects Agency chief said in a novel suggestion for retaining talent from a narrow pool.

Contractors and agencies are seemingly desperate for reformed hackers, academics and other computer security whizzes to defend government networks from constantly morphing threats. Typically, the private sector lures computer scientists by paying a premium and letting them tinker with new gadgets and gizmos. The National Security Agency, the military's cyberespionage force, wants more liberty to offer salary increases and promotions for retention. DARPA, meanwhile, says its own workforce is rebooted every three to five years to keep up with technological advances.

"The shelf life of cyber capabilities is short. We might even posit that the shelf life of cyber skills is relativity short," DARPA acting Director Kaigham J. Gabriel told lawmakers late Tuesday afternoon. The Defense Department may want to preserve a core of professionals, "but in fact perhaps we should just plan on building a model where there will be a significant refresh of folks."

He also offered the somewhat paradoxical advice of dropping education requirements for researcher job eligibility. "This is a community where the traditional metrics of master's degree or a Ph.D. may not be as important," Gabriel said at a Senate Armed Services Emerging Threats and Capabilities Subcommittee hearing. Many of DARPA's cybersecurity program managers do not have doctorates, he said.

"Their skills, their capabilities, their insights are coming from the practice in the community, and frankly, it will have a shelf life," Gabriel said. "They'll go through the three to five years, and they'll move on, and others will come in with a newer, different perspective."

Gabriel noted that DARPA program managers, office directors and even department directors stay for the same time period. "That is the pace at which we believe you need to bring in the talent, to bring in the perspective and the sense of urgency."

Former DARPA Director Regina Dugan departed for a position at Google earlier this month.

NSA Research and Development Director Michael A. Wertheimer told lawmakers he needs greater latitude to promote and pay computer scientists to keep them at his agency.

"The average time and grade is 12 years to your first promotion, 12 years to your second promotion," he said. "You can't walk in and tell them, 'You're going to wait six years if you're good, 12 years if you're average.' "

NSA hires computer scientists with doctorates for $90,000 a year, while equivalent professionals in the private sector net between $75,000 and $124,000, Wertheimer said. In industry, the average salary increase is 4 percent annually, but NSA experts currently are under pay freeze, he said.

The high resignation rate among cybersecurity researchers demonstrates their frustration, Wertheimer said: "If you look at attrition across the National Security Agency, 44 percent who attrit are resigning, as opposed to retiring. In computer science, it's 70 percent" who are leaving before retirement age.

Wertheimer added, "Every one of them says to me on an exit interview, 'It's less about the money. It's the sense that I simply cannot advance in my organization.' "

Government cybersecurity contractors interviewed Tuesday night said the bureaucracy of government turns off skilled experts accustomed to academic freedom and higher productivity.

"If there's no innovation, they don't want to stay around in that place," said one member of the Information Systems Security Association National Capital Chapter who wished to remain anonymous for professional reasons. The chapter primarily consists of federal personnel and contractors. "I would like to go to the government, but with what I'm seeing as a contractor, why would I want to do that?"

Some of the entrenched leaders in government lack technical skills and, due to most procurement schedules, projects can drag on for years, the contractors said. "If they start working for the government they get demoralized," another member said.

One Pentagon contractor said, "the federal service rewards people who are risk avoidant," but observed that returning troops joining federal agencies are shaking up that culture with a "can-do" attitude.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    View
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    View
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    View
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    View
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    View
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    View

When you download a report, your information may be shared with the underwriters of that document.