The Homeland Security Department’s new personnel system for its cyber workforce is almost ready for primetime.
The DHS secretary is finalizing regulations for the new personnel system, and the agency plans to unveil it “in the very near future,” the agency’s chief human capital officer, Angela Bailey, told the House Homeland Security Committee Wednesday afternoon.
“We live in a 21st century world,” Bailey said. “We can no longer just put Band-Aids on a 20th century system and call it a day, because it is not working. If we are going to do all this work over here in coding the 21st century codes — which make absolutely perfect sense — it makes no sense to me whatsoever that we have to turn around and try to recruit, hire, retain and pay people in a system that was designed in the 1940s. Those are some of the things that we are actually working on together to make sure that we can get implemented.”
Bailey said she’s finalizing the personnel system with the DHS deputy undersecretary for management, the assistant secretary for cybersecurity and communications, the chief information officer and the Cybersecurity Workforce Coordinating Council.
Her team briefed the Office of Management and Budget and the CIO Council on the new system and is preparing to brief the Office of Personnel Management next week.
The new system, which DHS would pilot specifically on hundreds of new cyber professionals, would give the department new tools to recruit, hire and pay its employees that’s a departure from the traditional General Schedule. Bailey before has described her vision to create a pathway for DHS cyber professionals to take jobs in and out of government. The new personnel system may also include a flexible benefits package, which would give cyber professionals a variety of incentives based on their stage in life.
DHS’ cyber workforce has gotten much attention from Congress in recent years, as lawmakers authorized the department to identify all cybersecurity positions within the agency, assign each position a data element code that aligns with the National Initiative for Cybersecurity Education’s National Cybersecurity Workforce Framework and establish procedures to identify vacant cyber positions.
Congress included those authorities in the Border Patrol Agent Pay Reform Act, which it signed into law back in 2014. The bill also included direct-hire authority for DHS to more quickly recruit top cyber talent.
Yet according to the Government Accountability Office, DHS hasn’t fulfilled all of those requirements, and it hasn’t filled all cyber positions.
DHS assigned codes to 79 percent of its cybersecurity positions, GAO said. OPM, however, reported the department had assigned codes to 95 percent of its positions. The difference, Bailey said, comes into play because the agency hadn’t assigned codes to all of its vacant positions.
“These numbers keep increasing,” said Greg Wilshusen, director of information security issues for GAO. “It was December 2016 [that] they had identified about 10,725 cybersecurity positions. More recently, we saw a draft report where DHS has identified over 14,000 cybersecurity positions.”
The numbers are shifting, Bailey said, as the department constantly changes what it means for a position to be a cyber job. And as the administration makes cybersecurity more of a priority, DHS and other agencies will continue to alter the definition.
Nevertheless, DHS will finish coding on all its cybersecurity positions by the end of April, she said.
Several members of the House Homeland Security Committee, including Chairman Mike McCaul (R-Texas), said they were disappointed DHS missed the deadlines they had set forth in a law they helped draft.
In addition, DHS hasn’t submitted official reports that detail the agency’s critical cyber needs, as described in the NICE National Cybersecurity Workforce Framework, Wilshusen said.
Hiring remains a challenge as well.
The National Protection and Programs Directorate hired 500 new cyber professionals over the past two years. Keeping those employees is the bigger problem, said Rita Moss, director of NPPD’s Office of Human Capital.
“We were actually hiring a lot of people throughout the course of the last few years,” she said. “We are also suffering attrition along with the rest of the cyber workforce in government and out of government. So although hiring is occurring, attrition is also occurring.”
“That will help shape our workforce,” she said. “When NPPD first stood up, the urgency was to hire people who are competent and skilled. There is a limited number of people who are competent and skilled in cyber talent. Now, we are trying to grow people from within by hiring people at a lower grade level.”