Does Your HR Office Really Get Cybersecurity?


Cybersecurity as a discipline doesn’t get respect in some quarters, according to a new survey.

As part of an ambitious White House effort initiated last year after a massive government data breach, the Obama administration plans to soon issue the first-ever governmentwide HR strategy for recruiting information security professionals.

Such strategy may be sorely needed, new survey results suggest.

Despite longstanding calls for the federal government to overhaul its recruiting practices to make them more amenable to the digital age, cybersecurity as a discipline doesn’t get respect in some quarters -- including HR.

Thirty-nine percent of federal cybersecurity executives polled in a new survey conducted by (ISC)2 and KPMG reported that their HR department rank cybersecurity as “unimportant” or “very unimportant. In contrast, just 8 percent of respondents said their agency’s IT shop rates cyber as “unimportant.”

That’s particularly concerning because HR offices are essential to helping embed certain values in an agency’s workforce, authors of a report accompanying the survey results noted.

“Integrating cyber hygiene and awareness in the traditional human resources functions of recruiting, onboarding, training and performance assessment are essential to creating a cyber-educated workforce that can reduce the threat potential,” the report stated. “In addition, human resources must nurture the fragile cyber workforce.”

Just how fragile is the federal cyber workforce?

According to the survey, 25 percent of respondents are unsatisfied with their jobs and are “definitely” planning on leaving or would leave if given the right opportunity.

Admittedly, the sample size in the survey is quite small -- 54 federal cyber executives, across defense and civilian agencies and contractors.

But the report notes: “Given the extreme nature of the existing shortage of cyber talent and the enormous task of filling the workforce pipeline, agency and government leadership must address job satisfaction of the existing cyber workforce.”

And the latest survey findings -- of a somewhat demoralized infosec workforce -- mirrors job sentiment in the broader federal IT workforce.

Just 37 percent of IT specialists said their agencies are able to recruit people “with the right skills,” according to a governmentwide survey released last year. A similar percentage of employees said they weren’t planning on staying with their organization.