OPM Offers New Guidance for Cybersecurity Rotational Programs 

The Office of Personnel Management has listed responsibilities for employees participating in rotational assignments as well as their supervisors in home and host agencies, which it highly recommends putting into a memorandum of understanding.

“Agencies are strongly encouraged to use the attached MOU (Appendix 1) which outlines the roles of the home agency, host agency, and participant,” reads a Nov. 18 memo to executive departments and agencies from acting OPM Director Michael J. Rigas.

Federal agencies are required to maintain employee training programs, and the memo notes that in the case of cybersecurity, opportunities for employees to work on assignments as part of those in other agencies can be especially beneficial for retaining staff long term. 

Government officials hope such programs can help make things interesting enough to draw professionals who are in high demand away from more lucrative private-sector jobs.

“Such rotational programs can be a benefit to the employee in that they are given opportunities to learn new skills and abilities,” Rigas wrote. “Moreover, loaning agencies themselves benefit from the new skills and perspective the employee develops. Cybersecurity rotations support organizational objectives with cybersecurity education, training, workforce development, and retention.”

OPM recommended the MOU cover roles parties would play in evaluations and agreement on objectives upfront. For example, assessments from a host-agency supervisor should factor into a home-agency supervisor’s annual assessment of the participant, who would have a say in describing the objectives.

The memo highlights three rotation opportunities for cybersecurity: the President’s Management Council interagency program, which is coordinated by OPM and includes a cyber track; the cybersecurity reskilling detail program, where assignments can last between nine and 12 months depending on other training; and the federal cybersecurity rotation program, which goes through the Department of Homeland Security. 

It also provides details that might alleviate some concerns about entering into cross agency training programs, which typically come in renewable 120-day stints, according to the memo.

On security clearances that might be necessary at a host agency, for example, it cites amended Executive Order 13467 and notes, “There are processes available that may enable individuals to begin working while investigations are being conducted. Reciprocity policies to support the movement of cleared individuals from one job to another are available.” 

And on costs, the memo clarifies in a footnote that while the Economy Act generally requires reimbursement for assignments or details, there are exceptions for matters that are similar or related to those that would ordinarily be done by the loaning agency. 

“Employee training can fall within this exception,” the memo says. “Agency heads have the authority to determine what constitutes a necessary training expense … which can include the cost of the employee’s salary while on a detail/rotation.” 

The memo also came with a template for requesting certain rotational assignments—those for employees going from an excepted service position to a competitive service position—which require OMB approval.

“In addition to hiring the right talent and training employees,” the memo says, “federal agencies should utilize rotational and developmental programs to build and continue to mature the capabilities of a pipeline of cybersecurity talent and leaders.”