In the intense competition to hire qualified cybersecurity professionals, the government’s advantage has always been its appeal to a sense of mission, not necessarily large salaries.
On the other hand, money helps too. So the Homeland Security Department is about to roll out a new series of incentive payments to lure cyber experts from the private sector and keep them in the civil service.
DHS began piloting the bonuses within its National Protection and Programs Directorate (NPPD) six months ago and is about to expand them across the rest of its headquarters elements. They provide an additional 20 percent to 25 percent on top of an employee’s annual pay, depending on the certifications they’ve earned and the position they occupy, said Paul Beckman, the chief information security officer for DHS’ headquarters.
“Twenty-five percent is a pretty good chunk, and we’ve seen that it actually can get us, very quickly, into being able to compete with private sector salaries,” Beckman said Tuesday during an event hosted by FedInsider and the Immix Group in Washington. “It’s been a resounding success at NPPD.”
DHS initially authorized the NPPD bonuses as a one-year “test drive,” but Beckman said the department plans to continue to renew the program each year in relative perpetuity. He said DHS is especially interested in hiring technically-competent leaders, not necessarily with insourcing the day-to-day work currently provided by contractors.
The department’s bonus program follows new cyber hiring authorities Congress passed in 2014 as part of a Border Patrol pay reform bill . Tucked into the legislation were provisions that let the DHS secretary flag certain jobs as critical to cybersecurity, pay those employees what they’d be earning if they worked for the Defense Department and also give them “additional compensation, incentives, and allowances.”
During Senate testimony in March, Jeh Johnson, the current DHS secretary, praised the new cyber pay authorities while also acknowledging the department had much work to do.
“We are competing in a tough marketplace against the private sector that is in a position to offer a lot more money. We need more cyber talent without a doubt in DHS, and we are not where we should be right now,” he said.
But Beckman said some of the difficulties have less to do with salary than the federal hiring process. In too many cases, he said, agencies are still relying on general-purpose recruiting venues such as USAJobs.gov to hunt for cyber talent rather than leveraging special hiring authorities that are already on the books.
“Every single time I talk to one of the smart contractors that I want to bring into the federal government and ask them why they’re not already working for us, the answer is always, ‘Oh my God, USAJobs. It’s a black hole, I never hear anything back about why I didn’t get a call or an interview,’” Beckman said. “And I can appreciate that. I probably applied to 100 jobs before I got my first opportunity with DHS. You’ve got to be persistent, but you shouldn’t have to be that persistent.”
Instead, he said, DHS and other agencies need to make more use of longstanding provisions in current law that vastly streamline the hiring process, such as governmentwide direct hire authorities for the GS-2210 series, which covers myriad IT management and cybersecurity jobs.
“I don’t understand why we’ve been so hesitant to leverage those authorities, but we’re going to start doing that, at least at our headquarters,” Beckman said. “We’re really going to start going after the tools we have to bring the smart guys in.”
DHS chief: Agency ‘not where we should be’ for hiring cyber talent
DHS also wants to use its authorities to employ young people skilled in the cyber arts straight out of college, especially considering the large number of colleges and universities in the National Capital Region with programs specializing in cybersecurity. Beckman said he’d like to create a direct pipeline in which the top 5 percent of graduates from such programs receive job offers from DHS.
Dr. Diana Burley, the executive director of the information infrastructure protection program at George Washington University, said she receives inquiries from federal agencies along those lines every few weeks.
The trouble, she said, is that the collective bandwidth of all of the nation’s institutions of higher learning is inadequate to meet federal agencies’ workforce needs.
“We have a supply problem,” she said. “There are about 4,700 colleges and universities across the country, but when you look at the number of cyber centers of academic excellence designated by DHS and NSA, it’s 181. We have quite a gap between the institutions that are able to provide the human capital agencies need and what actually exists. Part of what we have to do as academicians is to work on developing core standards that will allow us to ramp up so that we can do those kinds of arrangements. But even the institutions that have been designated as centers of excellence have a lack of faculty members, and that’s another reason we’re not yet able to scale up to what’s required.”