CISA Plans to Hire Chief People Officer to Boost Cyber Workforce

The Cybersecurity and Infrastructure Security Agency is searching for an official to ensure its recruitment efforts reflect its operational priorities and coordinate with the private sector and other agencies to address the infamous shortage of cyber personnel across the country.

“Move urgently to hire a Chief People Officer responsible for working with the director and senior leadership to advance a unified approach to talent acquisition,” CISA’s Cybersecurity Advisory Committee, or CSAC, wrote in draft recommendations, adding, “The CSAC strongly supports CISA’s current plans to do this.”

The committee is set to vote on the draft recommendations and present them to CISA Director Jen Easterly during their quarterly meeting Wednesday. The agency on Friday shared the draft recommendations with registered attendees, emphasizing they won’t be final until after the vote.

“CISA requires a comprehensive review of its current workforce and talent needs to ensure that it is properly aligned with the agency’s strategic goals and future growth,” the advisors wrote. “The review should include assessment of CISA’s policies and processes to support hiring for those needs while better competing with the private sector.”

The advisors recommend CISA prioritize workforce development for cybersecurity, a challenge that has perpetually dogged policy makers. The estimated shortage of cybersecurity professionals in the U.S. has doubled from 300,000 to 600,000 in recent years, with 39,000 of those vacancies plaguing the public sector, according to data from Cyberseek and the National Institute of Standards and Technology. 

CISA has touted new abilities under a Cyber Talent Management System, but a recent report on the issue from the Foundation for the Defense of Democracies, which houses a nonprofit offshoot of the congressionally mandated Cyberspace Solarium Commission, recommended the government empower the Office of Personnel Management to more centrally tackle the problem.

CISA advisors said the agency should “review hiring goals on a regular basis with senior agency leadership, under the guidance of the Chief People Officer and Chief Human Capital Officer, to ensure they remain aligned with the agency’s strategy and needs and are properly directed and budgeted to be competitive with private sector employers.”

Other draft recommendations for the meeting Wednesday include developing a more systematic approach. CISA should collect and analyze data on candidates to create benchmarks and monitor progress, setting a goal of “90 days from offer to onboarding for cybersecurity candidates,” for example. The process within CISA currently takes an average of 198 days, the advisors noted.  

The advisors also took aim at what they said sounds like an overwrought process for granting security clearances. 

“Conduct a thorough review of the interagency security clearing process to identify paths to streamline and speed up this critical path for CISA candidates,” wrote the advisors who were assigned to address the workforce challenge. “The subcommittee heard consistently that the current, unpredictable suitability process is unnecessarily cumbersome and time-consuming, which is a significant obstacle to hiring.” 

Another subcommittee assigned to advise CISA on technical issues also saw opportunities to boost the workforce while improving the vulnerability disclosure process.

“Develop incentives and access to information to aid security researchers who will submit vulnerabilities affecting critical systems,” read the draft recommendations, with advisors suggesting the pool of potential security researchers could grow through work visa sponsorships and training opportunities, including internships and networking exposure.