OPM pitches Congress on a federal cyber workforce revamp

OPM Director Kiran Ahuja, shown here testifying at a House hearing in March 2023, is looking to create new paths for cyber talent to enter government service.

OPM Director Kiran Ahuja, shown here testifying at a House hearing in March 2023, is looking to create new paths for cyber talent to enter government service. Tom Williams/CQ-Roll Call, Inc via Getty Images

Agencies are competing for talent because of an uneven landscape of authorities, according to the personnel agency, which says its proposal can change that.

The federal government's HR shop is pitching a legislative proposal to give federal agencies new authorities and flexibilities in how they hire and pay cybersecurity workers to members of Congress, but so far no member has stepped up to sponsor the bill.

The package is meant to allow agencies across the government to increase pay for in-demand cyber talent, as they look to recruit in a tight market. The Office of Personnel Management developed the proposal with the Office of Management and Budget and the Office of the National Cyber Director. 

The proposal is geared at solving the cyber workforce problem across the government so that hiring officials don’t have to seek agency-specific authorities to bring on such talent, OPM says. 

“We wanted to look at a package that makes sense governmentwide so we don't have more pop-up legislation, we have one kind of system that fits across government,” said Jason Barke, deputy associate director of strategic workforce planning at OPM, at a fall event at the Foundation for the Defense of Democracies.

If passed into law as currently proposed, the changes would give OPM the authority to establish alternative cyber workforce classification and pay systems under Title 5, which contains the standards covering most federal employees, according to a fact sheet and legislative text OPM shared with Nextgov/FCW.

That would allow agencies to set up higher, market-sensitive pay rates and waive certain Title 5 procedures, while merit system principles and collective bargaining rights would remain intact, according to OPM. 

The package also includes a number of changes to how and what the government can pay cyber feds and others with hard-to-get skills.

That includes upping the “critical pay” amount that OPM can greenlight for positions central to agency missions that require high levels of expertise — which could apply not only to feds in cybersecurity, but also other high-demand jobs. Incentive pay for high-demand skills would also see changes.

The proposal would also enable OPM to establish higher special pay rates for feds in cyber, science, tech, engineering and math jobs, as well as higher maximum basic pay rates for senior executive service and other senior-level cybersecurity jobs.

Finally, if passed into law as written, OPM would also be able to set up a streamlined rating, ranking and selection process for agencies hiring cybersecurity experts in the competitive service. OPM says this would give agencies more flexibility in how they recruit, as well as how they screen, rank and select candidates that meet minimum qualifications for jobs. 

‘Competing with ourselves’

The personnel agency has been working on the legislative package since at least 2022. 

OPM Director Kiran Ahuja told lawmakers at the time that special cyber talent authorities at the Department of Homeland Security were creating internal competition for talent within the government. The Defense Department has a similar set of authorities for cybersecurity positions. DHS recruits cyber talent to the excepted service under Title 6, typically a more streamlined and flexible hiring process than under the Title 5 competitive service.

"We aren't just competing with the private sector," she said last year. "Oftentimes, we are competing with ourselves… DHS can pay for more for cyber talent, leaving other agencies at a competitive disadvantage."

The legislative proposal pitched to lawmakers doesn’t go as far as giving other agencies access to those excepted service capabilities available to DHS and DOD, as some would like. A 2022 report issued by the offshoot of the Cyberspace Solarium Commission, for example, recommended that Congress expand excepted service authorities across government for cybersecurity workers. 

But access to special authorities is not a guarantee of hiring success.

The Cyber Talent Management System at DHS — established under a special authority granted to the agency by Congress in 2014 — was slow to gain traction. DHS took seven years to stand up the system, and even then fell behind pace to meet its own goals to bring in 150 cyber feds using it by the end of fiscal 2022.

But OPM says that its proposal would still even the playing field for agencies and help them recruit and retain top talent in a tight market.

“I know that as OPM was crafting this package, they were looking at how some of that played out,” Kristy Daphnis, federal workforce branch chief at OMB, said at the same fall event. “[OPM was] really looking at it through that lens to say, ‘Okay, here's what worked in CTMS, here's what didn't, here's where we could do better, here's how this looks in a manner that can scale across government.’”

She added that the proposal’s development involved months of conversations with other agencies even before they got to the formal interagency review process, noting that the hope is to lay the groundwork for buy-in that will preclude agencies from asking for their own unique authorities.

Still, “like anything else, it’s a process and it will take some time to get to a point where this is useful. It has to get passed,” she said, also calling tight agency budgets the “elephant in the room.”

And even if the proposal is passed, agencies would still need implementation regulations to be issued, she said.

Going from proposal to policymaking

Some congressional committees have received the proposal from OPM, but the agency will still have to convince lawmakers to actually introduce it as legislation. 

An aide for Sen. Gary Peters, D-Mich., chair of the Homeland Security and Governmental Affairs Committee, told Nextgov/FCW that the committee’s staff had received the proposal and were reviewing it.

A Republican House Oversight and Accountability spokesperson said that “committee staff has received a briefing from OPM on the legislative proposal.”

“The committee is concerned about the difficulties the executive branch has had in filling cybersecurity vacancies and has moved legislation to address it,” they said, pointing to a bill meant to limit the use of education requirements in federal cyber jobs. 

But, “we are not aware that any of our members are planning to introduce the bill that OPM is proposing.”

An OPM spokesperson told Nextgov/FCW there isn’t a firm timeline on a potential introduction of the proposed bill.