Advice to Trump: Top Cybersecurity Talent Costs Money

The Trump administration should revamp the way the government hires, pays and retains cybersecurity talent, a major information security accrediting organization said Wednesday.

That includes expanding a pay incentive program within the Homeland Security Department’s cyber operations division that offers a 20 to 25 percent pay bump for new cyber hires across the federal government, according to the cybersecurity workforce recommendations from (ISC)², a membership organization that offers accreditations for digital security specialists in a variety of fields.

The Trump team should also reform the government’s general schedule pay classification system, which makes it difficult to reward top performers and to demote or fire low performers, (ISC)² said.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The organization specifically promoted the concept of a “cyber National Guard” urged by Rep. Will Hurd, R-Texas, that would reimburse tuition for cybersecurity professionals who agree to serve limited tours in the federal government.

President Donald Trump has launched two task forces with some responsibility for federal cybersecurity and IT modernization—one run by former New York Mayor Rudy Giuliani and the other by Trump’s son-in-law Jared Kushner. An executive order that would address several government cybersecurity priorities has been delayed for several months.

The government should also invest in training nontechnical staff in good cyber hygiene, (ISC)² said, and promote better cooperation and understanding between the security workers who protect government’s digital systems and the acquisition, legal and human resources professionals who buy those systems and hire the people who will use them.

Finally, government should invest in workers who can translate the technical language of cybersecurity into language top agency officials can easily understand and act on.

“Effectiveness of the [chief information security officer] role in the future will depend upon a ‘translation’ layer of personnel that must be established and trained, the recommendations state,” the recommendations state.