The National Security Agency is probably among the best-equipped parts of the federal government at recruiting, training and staffing an elite team of cybersecurity professionals.
Thanks to Congress, the agency has been granted significant leeway in bypassing the sluggish federal hiring process to onboard staff quicker and greater latitude to pay new recruits retention bonuses and provide other perks.
But even that’s not enough to stop some top-level technical talent from jumping ship.
“We're throwing the kitchen sink at them from our standpoint,” said NSA’s human resources technical director, John Yelnosky. “And they're writing in to us, as they leave NSA, in their exit interviews, 'I'm leaving to double my salary.’”
Yelnosky spoke Tuesday during a panel discussion hosted by the Partnership for Public Service on the shortage of skilled cybersecurity professionals in government.
A recent report from the partnership and consultancy Booz Allen Hamilton called attention to the most pressing challenges the government faces in hiring cyber talent: the arcane federal hiring process, a rigid pay scale not keeping pace with the private sector and the lack of a governmentwide “master strategy” for boosting the cyber workforce.
NSA, along with other parts of the intelligence community and the Defense Department, has been granted flexibility to bypass traditional hurdles in the hiring process and adjust salary rates to be more competitive.
The report called on the Obama administration to allow all agencies to fast-track cyber hiring, as well as stand up a governmentwide cyber training center and create a version of the military ROTC program for cyber recruits.
"NSA is really the poster child for many of the reforms we've advocated here," said Ron Sanders, former chief human capital officer for the intelligence community and a vice president at Booz Allen Hamilton, who co-authored the report.
But NSA’s experiences point to the lack of a silver bullet.
“We lose more technical people at much higher rates to resignations early on in their careers than we do people in other skill sets,” Yelnosky said of the churn in NSA’s cyber personnel.
It stings all the more as most depart after they’ve undergone extensive, specialized NSA training.
"The competition out there is really fierce and particularly for these folks that we make a big investment in, and we feel those losses very keenly,” Yelnosky said.
According to the report, 2014 marked the second year in a row in which the number of civilian federal cyber employees streaming for the exits outpaced the number of new hires. (That figure, which excludes military members and intelligence community employees followed a three-year period between 2009-2012, when the number of new hires outpaced separations by much larger margins, however.)
The overall attrition rate isn’t necessarily raising eyebrows.
“But the alarm for us is that 25 percent of our millennials are turning over, and so that’s an entirely different equation when the talent you just brought in is leaving so quickly,” said Sara Ratcliff, director of the human capital management office in the Office of the Undersecretary of Defense for Intelligence.
Overall, less than a quarter of the federal civilian cybersecurity workforce is under the age of 30. Nearly half is over 50.
Government’s ability to shell out the big bucks is no doubt part of the reason for the attrition, at least at NSA, Yelnosky said, citing the messages that frequently crop up on the agency’s internal social media network from departing employees.
“A typical parting thought is, ‘I love NSA, I love the mission, I love the people, I love the opportunity, I love the work . . . I can't afford to stay here."
The federal pay scale, excluding locality pay and other add-ons, tops out at $130,000.
Other factors may be at play for those sought-after millennials.
"They want great technology; they want good spaces to work in; they want lots of development opportunities; they really want and expect all of those things,” Yelnosky said. “And there are employers who are more advanced than we are in providing that whole package."