recommended reading

More Than 1 in 5 Cyber Jobs Vacant at Key DHS Division

Homeland Security cyber security analysts work in 2011.

Homeland Security cyber security analysts work in 2011. // Mark J. Terrill/AP file photo

More than one in five jobs at a key cybersecurity component within the Homeland Security Department are vacant, in large part due to steep competition in recruiting and hiring qualified personnel, according to a new report by the Government Accountability Office.  

The report, which assessed recruiting and hiring efforts at DHS overall, found that the Office of Cybersecurity and Communications – the subcomponent within the National Protection and Programs Directorate that houses cybersecurity personnel – has a vacancy rate of 22 percent.

NPPD officials cited challenges in recruiting cyber professionals because of the length of time taken to conduct security checks to grant top-secret security clearances as well as low pay in comparison with the private sector.

A lack of clearly defined skills or unique occupational series for cybersecurity positions is not only hindering recruitment efforts but also DHS’ efforts to measure cybersecurity hiring and attrition, GAO found. Without a defined career series and path, cybersecurity personnel are spread throughout a number of different occupational series within NPPD, meaning officials could not provide GAO with specific hire and loss data on the cyber workforce.

NPPD has taken a number of steps to help offset these recruiting challenges, including using direct hire authority and establishing relationships with cybersecurity centers of academic excellence to create a pipeline of qualified cyber staff. There also are department-wide efforts to boost the cyber workforce, particularly through the creation of a specific cybersecurity job series, GAO found.

GAO’s assessment was released just one day before a National Academies of Science report, which was sponsored by DHS, concluded that cybersecurity is much too young and diverse a discipline to introduce professionalization standards. Introducing these standards now, particularly given the staffing shortages that already exist in the field, would likely be counterproductive, the report found.

While the GAO report offered no specific recommendations on overcoming cybersecurity recruiting challenges, it did recommend that DHS work to better assess its departmentwide recruiting and outreach strategy by requiring all components provide consistent recruiting cost information to the department’s chief human capital office. DHS said these efforts are already underway, with an estimated completion date of Dec. 31.

“Doing so would help DHS better track the amount of resources being spent on recruiting and outreach throughout DHS and assess the extent to which increased coordination and leveraging resources have decreased recruiting costs,” the report states. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.