Stopping the Cybersecurity Brain Drain Calls for Outside the Box Thinking

The president’s new National Cyber Strategy calls for the development of a “superior cybersecurity workforce.” That might be easier said than done.

Historically, finding, nurturing and keeping skilled cybersecurity talent has been a significant challenge for government agencies. The government is often hamstrung by strict budgetary considerations and legacy technologies, and often cannot pay as well as the private sector.

There’s also the issue of supply and demand. A report by the Commerce and Homeland Security departments noted that there were an estimated 299,000 active openings for cybersecurity-related jobs as of August 2017. Unfortunately, there aren’t enough well-trained professionals to fill those positions.

The government is taking steps to address these challenges. The National Cyber Strategy offers specific recommendations for attracting and keeping top-tier cybersecurity talent, including providing greater financial compensation to better compete with the private sector. Meanwhile, the Office of Personnel Management has released guidance to help agencies identify their own cybersecurity skills gaps and steps they can take to fill those gaps.

But while these initiatives are welcome and necessary, more outside the box thinking is needed if the government is to compete for the best talent. Here are a few non-traditional ideas that could help agencies augment the efforts already underway to attract, hire and keep a stable of trained, skilled and happy cybersecurity professionals.

Create a Cybersecurity “National Guard”

The government has always been an attractive destination for students seeking financial aid or job skills, and the public sector has a well-earned reputation for training. That reputation could be used to create a cybersecurity National Guard. In exchange for a year or more of cybersecurity training, students would commit to the equivalent number of years of government cybersecurity work.

This initiative would solve some immediate challenges. It would provide government agencies with a homegrown workforce specifically trained to address cybersecurity threats against the U.S. It would also give agencies time to nurture and grow this workforce, thereby providing the government with more opportunity to keep employees from jumping ship to the private sector.

Retrain Professionals to Become Cybersecurity Experts

We hear a lot about workers being retrained in IT, but there is a great opportunity for the government to focus their efforts specifically on cybersecurity. There are many people across the country working in fields that are negatively impacted from globalization or making less than minimum wage willing to learn a new skill in a higher paying field, especially if the government is willing to invest in them. According to the Bureau of Labor Statistics, there are more than 80 million U.S. workers age 16 and older being paid hourly rates. The federal government could look at them and other lower income earners as a giant cybersecurity talent pool.

Location is less relevant than one might expect, since the only thing the workers would need is an internet connection and a willingness to learn. The government can look well beyond the Beltway for its next generation of cybersecurity talent and develop a skilled lineup of experts across America.

Automate Mundane Cybersecurity Tasks

No top of the line cybersecurity expert wants to spend their days just keeping the lights on. They want to feel a sense of purpose and proactively contribute to their agencies’ missions. Further, someone working on a sleep-inducing task is more likely to make mistakes, thereby exposing their organization to even greater risk.

Automated security systems can relieve workers of time-consuming and tedious tasks and increase employee productivity. They’ll spend less time patching systems and chasing down alerts and more time working truly making a difference by creating impactful security strategies and policies.

Remember: Transforming an agency’s culture and work environment is just as important as transforming its technology—perhaps even more so when it comes to attracting and keeping talent.

Centralize Cybersecurity Under One Agency

Under the National Cyber Strategy, Homeland Security will be responsible for overseeing “the development, management, and deployment of cybersecurity personnel across Federal departments and agencies with the exception of the DOD and IC.” This is significant, as it moves the government away from having each agency be responsible for its own cybersecurity workers.

But the government should consider centralizing all cybersecurity efforts under one roof, not just personnel management. Consider that the Housing and Urban Development Department needs a solid cybersecurity strategy, too, but that’s never going to be HUD’s central mission. Someone needs to take responsibility for HUD’s security programs—preferably an agency that is focused on and well-versed in cybersecurity. That could be Homeland Security, or it could be another organization. Placing the responsibility under one roof will help the government focus on training, hiring and keeping the best people as opposed to the most people to fill needs at every agency.

These ideas signify the type of creative thinking the government will need to attract and retain top-tier employees in a world that’s woefully short of cybersecurity talent. ISACA predicts a global shortage of two million cybersecurity experts by 2019. The private sector will be fighting for whoever is out there. The government needs to pull out all the stops to have a chance in that fight.

Eric Trexler is vice president of global governments and critical infrastructure at Forcepoint.