Seven years in the making, DHS's new cyber talent system boasts just one hire

Getty Images

Officials at the Department of Homeland Security say that change management efforts will help scale the Cybersecurity Talent Management System

The Department of Homeland Security spent seven years building a special human resources system to attract and hire cybersecurity specialists. So far, just one employee has started work at the department under the new system.

DHS, which plays a key role in the government's cybersecurity landscape by responding to major cybersecurity incidents, helping secure critical infrastructure and more, first got authority for the Cybersecurity Talent Management System (CTMS) from Congress in 2014. It went live in November 2021.

The first new employee hired through the system onboarded last week, with another expected to onboard imminently. Overall, the department has made around 15 to 20 "selections" that need to go through processes like background investigations before starting work with the department, according to Travis Hoadley, director of innovation in the DHS Office of the Chief Human Capital Officer. 

The goal is to have 150 of those "selections" by the end of the fiscal year in September. That first tranche of hires will work in the Cybersecurity and Infrastructure Security Agency and Office of the Chief Information Officer – including CISA's first-ever CISO.

"We'd expected that at this point, we would have made more hires and had more folks on board," but nonetheless, DHS is sticking with that goal of 150, Hoadley told FCW. 

Agency cited the need for more awareness of CTMS among DHS hiring managers and human resources officials and noted that market pressures are having an impact on hiring in and out of government, and that keen competition for cybersecurity talent plays a role as well.

The biggest challenge with CTMS so far has been "convincing people how awesome it is," CISA's Deputy Director Nitin Natarajan told FCW. CISA has been working to educate applicants as well as hiring managers on how the new system works.

The system has been characterized by Hoadley and other DHS officials as a wholesale civil service reform effort, with key differences from traditional government hiring being skills tests for applicants, like work simulations, and an alternative compensation scheme meant to help DHS better compete in the famously tight labor market for cybersecurity professionals.

Hoadley also cited "change management" as an ongoing challenge. 

"Just having new flexibility at your doorstep doesn't mean that everything has been sort of reorganized to make you take maximum advantage of that flexibility, right?" Hoadley said. "Something we've really been focused on in the last few months is, how do we best deploy this more flexible approach and meet people where they are in terms of the way they do business now."

The expectation is that hiring will "accelerate" in the summer, said Hoadley. 

So far, the department has gotten around 2,000 applications. Most have been from people in the federal government world already as either federal employees or contractors, and 10% to 15% are current DHS employees, who have to apply if they want to be part of the DHS Cybersecurity Service, the cadre being composed of CTMS hires.

Almost half of the applicants thus far are looking for entry-level positions in the department, although less than half of the 150 hires DHS is aiming for are expected to be entry-level, said Hoadley. 

DHS also wants to fill advanced technical positions and executive positions, something that will take "more proactive work on our part," said Hoadley.

The first "executive hire" expected to onboard into the department is an associate director for threat hunting in CISA's cybersecurity division, said Hoadley. The department is also recruiting for CISA's first-ever chief information security officer using the system. 

CTMS does have an alternative compensation scheme meant to be market-sensitive, and so far, it's enabled DHS to give a "much stronger compensation offer at all career levels," said Hoadley.

At the same time, "we've slammed into some of the realities of that labor market," he said.

"When we talk about certain cybersecurity areas of expertise, there are only so many people in the United States who can do that work in an expert level. We are competing out there in the world with all those other employers that are also seeking that talent, and we're competing at a time with this project launch where there's a lot of activity and dynamism in the labor market" Hoadley continued.

Nonetheless, the department is looking at adding more DHS components into the system after it hires its first 150 into CISA and the CIO office, with the expectation that these other components will start hiring near the end of the fiscal year, said Hoadley

At CISA, Natarajan doesn't have a set target for hiring through CTMS. 

In the CISA budget request for fiscal year 2023, the department has "N/A" under its CTMS hiring goals for fiscal years 2022 and 2023 (it had previously aimed for 109 and 50 in 2020 and 2021, respectively – numbers that weren't hit because the system wasn't operational). 

Natarajan told FCW that that change is due to CTMS being a DHS-wide program, as opposed to a CISA-specific program. CISA is looking to focus its metrics on its own initiatives. He does want to tap into CTMS as a tool, he said, but the most important thing is that people get hired. 

"If we bring in folks from external to CISA through CTMS, I think that's great. If we bring them in through traditional Title 5 hiring, I think that's great. If we bring them in through interagency transfers because they're already feds, I think that's great," said Natarajan. "When I look at this, I'm really looking at, how do we continue to grow our workforce across the organization, how do we fill our vacancies, and how do we do that utilizing all the various tools that we have in our toolbox, CTMS definitely being one of them."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.