More Legislation May Be Coming to Bolster the Federal Cyber Workforce

Blue Planet Studio/Shutterstock

Industry sees focus on education as a path to ending competition over personnel.

SAN FRANCISCO — In a keynote address at the RSA cybersecurity conference Tuesday, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told participants CISA is recruiting for its “posse” to fight illegal hacking. 

“We’re hiring, come work for us!” he said. But it can take more than a year to make it through queues for security clearances, and that’s just one factor that can dampen enthusiasm for filling out an application to work for CISA, or elsewhere in the government.

On Wednesday, key congressional staff speaking at the conference said lawmakers are thinking of ways legislation might help. 

The Senate Committee on Homeland Security and Government Affairs is focused on trying “to see what are the barriers to people entering the federal space, in terms of working for the government enhancing our overall cybersecurity,” said Michelle Woods, director of homeland security for the committee's majority. “So we’re going to be looking to enact some legislation in that space.”

Woods spoke along with Jeffrey Rothblum, a senior professional staff member for the Senate Homeland Committee’s minority office and Hope Goins, staff director for the House Homeland Security Committee, on their cybersecurity priorities for the rest of the year. Norma Krayem, vice president and chair of the cybersecurity and data privacy practice at Van Scoyoc Associates, led the discussion.

Rothblum said ranking memner Sen. Gary Peters, D-Mich., is working with committee Chairman Sen. Ron Johnson, R-Wisc., to get an understanding of the “comparative advantages” involved in individuals deciding whether to work for the public or private sector.

“There’s a big challenge trying to get a job in government, particularly if you don’t have a clearance, you’re talking about very long wait to get in through all the background checks and things like that,” Rothblum said, focusing on the public sector side. “So in talking about security, and some other technical fields, we can’t afford to tell someone it’s going to take you 380 days to get hired into CISA over at DHS. Who is going to wait around for over a year to do that, when there are so many other opportunities, particularly for these very high-skilled workers?” 

Krayem said cybersecurity is a problem for the private sector too. She suggested lawmakers look for ways industry and government can work more collaboratively with universities to come up with streamlined programs that can help train the workforce for future industry needs.

“The education piece is important because otherwise we just keep trying to poach workers from each other,” she said.

Krayem said there might also be some low hanging fruit in examining the definition of STEM—science, technology, engineering and math—initiatives.

“Sometimes agencies see that cybersecurity is part of that, and sometimes it’s specifically excluded,” she said. “So an easy kind of legislative fix may be looking at the definition of STEM at different agencies and trying to streamline and make sure those are all eligible activities.”

The congressional staff also noted ways outside of legislation that the committees would be working to improve the cybersecurity workforce.

Woods praised DHS' initiative establishing a talent management system to shorten and automate the hiring process.

The system, which she said is supposed to be fully operational in October, will also allow DHS to retain and pay individuals at a higher salary and discontinue reliance on self-reporting. Individuals would instead be tested for positions, which is expected to provide greater flexibility than the tenure-based General Schedule system, and reduce the time to higher.

“We’re going to be looking to make sure that happens and will be holding DHS’ feet to the fire there,” Woods said.

Goins added House Homeland Committee staff have been working on diversifying the pipeline of potential cybersecurity workers coming out of academia. 

She said staff have held roundtables with leaders of historically black colleges and universities as well as the private sector on the issue. 

Krayem noted diversity will be especially important in helping to combat bias issues facing artificial intelligence tools.