The cyber workforce is one of those consistent and constant challenges every organization faces. The fact is there’s never enough people, and it’s always hard to hire, retain and continue to train the employees an organization has on staff.

The good news is public and private sector organizations are paying attention to possible solutions. These range from better technology to include orchestration and automation to changing recruiting tactics to updating training and education regiments.

The National Security Agency plans to hire 3,000 new cybersecurity employees over the next few years. It’s facing a potentially huge retirement wave with 30% to 40% of all employees able to walk out the door and into retirement.

Kristina Walter, the director of the Future-Ready Workforce Initiative at the NSA, said it has a plan to meet their cyber workforce needs across all levels of the agency.

“The unique thing about the National Security Agency is that we’re an intelligence agency, but we also are a combat support agency. So we have spent a long time securing military communications working with the Department of Defense to make sure that our leaders’ communications have been secure. It’s a unique opportunity for people coming into the agency to see a lot of different aspects of cybersecurity,” Walter said on the discussion Strategies for developing the cyber workforce of the future. “We have a lot of development programs that we bring people into. They’ll do rotational tours in different organizations at the agency to really diversify their experience. We bring in a lot of entry level talent. We have a lot of student programs where we bring folks in to feed that pipeline. But we also recognize, and one of the initiatives as the future ready workforce initiative, that we needed to partner with industry and with academia because cybersecurity is national security issue.”

Walter said her goal is to help NSA evolve what a career looks like across the NSA.

OPM revamping workforce

That challenge is similar for every agency.

The Office of Personnel Management’s evolution partly is to relook at positions as employees do leave or retire.

James Saunders, the chief information security officer at OPM, said the agency has hired about 10 new cyber workers over the last few years.

“Instead of chasing people in their 50s and 40s, why not target early career talent? For example, folks who are recently out of college, or maybe still in college, people who transfer from other industries that have transferable skills, those are some of the areas are really targeted,” he said. “Whenever someone leaves my organization, at the GS-15 or GS-14 level, I take a look at the position and say, ‘Hey, does it need to stay at 15? Or 14? Or can I break this down into a GS-7, 9, 11 or 12?’ That way I can go after some folks who are in college or folks who are in a national competitions because that’s the talent that we need.”

Saunders said OPM also is taking advantage of direct hire authorities to reduce the time it takes to get hard to find cyber experts on board.

Governmentwide authorities like direct hire are another change in tactic agencies are turning to.

Jimmy Hall Jr., the chief information officer at the Bureau of Intelligence and Research at the State Department, said he is taking full advantage of the 25% pay increase approved for cyber workers.

But pay alone isn’t enough to meet the State Department’s bureau’s needs.

“Continuous training and monitoring is how we want to get better at watching ourselves and training ourselves, and not just as a one-time event,” Hall said. “We want to improve our diversity and inclusion, which is a pretty big and essential when you’re talking about cybersecurity.”

Hall said to get the incentive pay, employees must earn cyber and other certifications and continually improve their skillsets.

Creating a destination workplace

Even in the private sector, pay isn’t always enough to hire and retain hard to find cyber workers.

Jon Check, the executive director for cyber protection solutions for Raytheon, an RTX Business, said organizations have to guard against burnout.

“One of the things we’ve really focused on at Raytheon is trying to create almost a destination workplace. There’s a mission that matters and you’re going to meet your career goals through training opportunities, either within Raytheon or even outside,” he said. “We support people when they move to other places because as long as they’re in the community, then we’re really meeting the mission that we need to. I think that’s one of the ways that we’re really focused on ensuring that we’re part of the community.”

Check added setting up offensive and defensive labs helps cyber workers think differently and hone their skillsets.

That type of opportunity is attractive to the next generations, said Kyla Guru, a student at Stanford University and a member of the first place team at the 2023 National Collegiate Cyber Defense Competition.

Guru said the interdisciplinary nature of cyber is a highly attractive to the upcoming generation so it’s important not to cordon off cyber with computer science or coding.

“I think just bringing cyber into every classroom in high school and showing that if you’re interested in biology, think about genetics and think about the way that we’re protecting our genetic data online. It’s about making those like synaptic ties every time we talk about cyber,” she said. “There’s this quote that you can’t be who you can’t see, and I think as corny as it may sound, it is true that when you see people that represent your background and who you feel like you could be that’s very impactful in the way you see your career progressing. I think it is just showing role models from different walks of life and breaking down that image or that mental picture that a cybersecurity professional has to look like a certain type of person or a hacker in a basement wearing a hoodie, and working on their laptop. It’s breaking down that stereotype of being a cyber worker.”

Complimentary Registration
Please register using the form on this page or call (202) 895-5023.