Officials at the Department of Homeland Security say that change management efforts will help scale the Cybersecurity Talent Management System
The Department of Homeland Security spent seven years building a special human resources system to attract and hire cybersecurity specialists. So far, just one employee has started work at the department under the new system.
DHS, which plays a key role in the government's cybersecurity landscape by responding to major cybersecurity incidents, helping secure critical infrastructure and more, first got authority for the Cybersecurity Talent Management System (CTMS) from Congress in 2014. It went live in November 2021.
The first new employee hired through the system onboarded last week, with another expected to onboard imminently. Overall, the department has made around 15 to 20 "selections" that need to go through processes like background investigations before starting work with the department, according to Travis Hoadley, director of innovation in the DHS Office of the Chief Human Capital Officer.
The goal is to have 150 of those "selections" by the end of the fiscal year in September. That first tranche of hires will work in the Cybersecurity and Infrastructure Security Agency and Office of the Chief Information Officer – including CISA's first-ever CISO.
"We'd expected that at this point, we would have made more hires and had more folks on board," but nonetheless, DHS is sticking with that goal of 150, Hoadley told FCW.
Agency cited the need for more awareness of CTMS among DHS hiring managers and human resources officials and noted that market pressures are having an impact on hiring in and out of government, and that keen competition for cybersecurity talent plays a role as well.
The biggest challenge with CTMS so far has been "convincing people how awesome it is," CISA's Deputy Director Nitin Natarajan told FCW. CISA has been working to educate applicants as well as hiring managers on how the new system works.
The system has been characterized by Hoadley and other DHS officials as a wholesale civil service reform effort, with key differences from traditional government hiring being skills tests for applicants, like work simulations, and an alternative compensation scheme meant to help DHS better compete in the famously tight labor market for cybersecurity professionals.
Hoadley also cited "change management" as an ongoing challenge.
"Just having new flexibility at your doorstep doesn't mean that everything has been sort of reorganized to make you take maximum advantage of that flexibility, right?" Hoadley said. "Something we've really been focused on in the last few months is, how do we best deploy this more flexible approach and meet people where they are in terms of the way they do business now."
The expectation is that hiring will "accelerate" in the summer, said Hoadley.
So far, the department has gotten around 2,000 applications. Most have been from people in the federal government world already as either federal employees or contractors, and 10% to 15% are current DHS employees, who have to apply if they want to be part of the DHS Cybersecurity Service, the cadre being composed of CTMS hires.
Almost half of the applicants thus far are looking for entry-level positions in the department, although less than half of the 150 hires DHS is aiming for are expected to be entry-level, said Hoadley.
DHS also wants to fill advanced technical positions and executive positions, something that will take "more proactive work on our part," said Hoadley.
The first "executive hire" expected to onboard into the department is an associate director for threat hunting in CISA's cybersecurity division, said Hoadley. The department is also recruiting for CISA's first-ever chief information security officer using the system.
CTMS does have an alternative compensation scheme meant to be market-sensitive, and so far, it's enabled DHS to give a "much stronger compensation offer at all career levels," said Hoadley.
At the same time, "we've slammed into some of the realities of that labor market," he said.
"When we talk about certain cybersecurity areas of expertise, there are only so many people in the United States who can do that work in an expert level. We are competing out there in the world with all those other employers that are also seeking that talent, and we're competing at a time with this project launch where there's a lot of activity and dynamism in the labor market" Hoadley continued.
Nonetheless, the department is looking at adding more DHS components into the system after it hires its first 150 into CISA and the CIO office, with the expectation that these other components will start hiring near the end of the fiscal year, said Hoadley
At CISA, Natarajan doesn't have a set target for hiring through CTMS.
In the CISA budget request for fiscal year 2023, the department has "N/A" under its CTMS hiring goals for fiscal years 2022 and 2023 (it had previously aimed for 109 and 50 in 2020 and 2021, respectively – numbers that weren't hit because the system wasn't operational).
Natarajan told FCW that that change is due to CTMS being a DHS-wide program, as opposed to a CISA-specific program. CISA is looking to focus its metrics on its own initiatives. He does want to tap into CTMS as a tool, he said, but the most important thing is that people get hired.
"If we bring in folks from external to CISA through CTMS, I think that's great. If we bring them in through traditional Title 5 hiring, I think that's great. If we bring them in through interagency transfers because they're already feds, I think that's great," said Natarajan. "When I look at this, I'm really looking at, how do we continue to grow our workforce across the organization, how do we fill our vacancies, and how do we do that utilizing all the various tools that we have in our toolbox, CTMS definitely being one of them."