The government has hired 3,000 cyber workers so far in 2016 and expects to add another 3,500 over the next six months.
But even adding 6,500 new cyber professionals to the federal workforce is not nearly enough, so the Office of Management and Budget is outlining a series of steps agencies should take to increase the number of people they recruit, train and prepare to protect federal networks.
“To address cybersecurity challenges in the immediate future, the administration will invest in the existing federal workforce through initiatives focused on training and retaining existing talent. At the same time, the government will adjust the way it recruits, including the way it approaches talented students and potential employees in the cybersecurity workforce outside federal service,” wrote OMB Director Shaun Donovan, Cybersecurity Coordinator Michael Daniel, Federal Chief Information Officer Tony Scott and Office of Personnel Management acting Director Beth Cobert in a blog post. “We must recognize that these changes will take time to implement, and the workforce strategy’s long-term success will depend on the attention, innovation, and resources from all levels of government. The initiatives discussed in this strategy represent a meaningful first step toward engaging federal and non-federal stakeholders and provide the resources necessary to establish, strengthen, and grow a pipeline of cybersecurity talent well into the future.”
The workforce strategy is one of the milestones the White House laid out in its Cybersecurity National Action Plan in February along with its request for a 35 percent increase in cybersecurity spending in fiscal 2017.
The strategy and accompanying memo focuses on four areas, including developing the current federal cyber workforce and creating new career paths for these employees.
The focus on the current workforce needs is an important piece to this broader puzzle as agencies are struggling to keep employees with these skills. For example, the Homeland Security Department is rolling out a new series of incentive payments to lure cyber experts from the private sector and keep them in the civil service. DHS began piloting the bonuses within its National Protection and Programs Directorate (NPPD) in 2015 and is about to expand them across the rest of its headquarters elements. They provide an additional 20 percent to 25 percent on top of an employee’s annual pay, depending on the certifications they’ve earned and the position they occupy.
Under the new strategy, OMB will implement the findings of an OPM-led team of public and private sector experts who reviewed existing education and talent develop opportunities in the government.
“The team found that while a myriad of talent development opportunities exist, cybersecurity professionals may not be aware of or may not have adequate access to the opportunities. Based on this gap analysis, the team developed a series of findings and recommendations to close these gaps.”
The team recommended that the National Institute of Standards and Technology, the Defense Department and DHS to lead an enterprisewide workforce planning effort to take advantage of certifications and training to ensure the current workforce remains up-to-date on trends.
Retaining and Developing Highly Skilled Talent
Increase the focus on retention for top performers by helping agencies develop career paths that leverage existing programs and responsibilities to deliver on best practices of performance management, talent development, and compensation flexibility
6 Months and Ongoing
Develop and leverage existing tailored cybersecurity training (e.g. FedVTE) for employees, senior managers, and executives who work in related career fields outside of cybersecurity, including finance and acquisitions so that budget planning, financial management, and contracting help improve agencies’ cybersecurity posture.
DHS, NIST, DOD
Develop a common training program for specific categories of cybersecurity professionals, including but not limited to those personnel engaged in incident response and penetration testing activities.
Develop a government-wide cybersecurity orientation program for new cybersecurity professionals.
OPM, NIST, DOD, OMB DHS
Develop and leverage existing competitions, certifications, and credentialing to improve the skills of existing employees that may qualify them for potential pay increases or promotions based on demonstrated improvements in technical abilities. Explore a legislative proposal for a cybersecurity skills and education incentive, where employees receive additional compensation based on their demonstrated skills and education.
Develop and promote cybersecurity career paths, rotational assignments, and mentoring and coaching programs, to provide employees with opportunities to become subject matter experts in their field or move into managerial roles and take on increased responsibilities.
9 Months and Ongoing
“The workforce strategy directs agencies to adopt a new approach to identifying their cybersecurity workforce gaps by using the National Cybersecurity Workforce Framework developed by National Initiative for Cybersecurity Education (NICE) partner agencies, which identifies 31 discrete specialty areas within cybersecurity workforce,” OMB said in the blog post. “Agencies are now able to better identify, recruit, assess, and hire the best candidates with specific cyber-related skills and abilities, and we are already making progress in this effort.”
In implementing the NICE framework, OPM also will work with agencies to develop cybersecurity career paths, badging and credentialing programs.
Additionally, OPM will “establish a cybersecurity HR Cadre, an expert group of HR professionals from across the government, who will execute a model cybersecurity end-to-end hiring process at agencies that is tailored, timely, and a high quality experience for both applicants and hiring managers.”
OPM also will “promote the use of the PushButtonPD that managers, supervisors and HR specialists can use to rapidly draft a federal employee position description (PD) leveraging accumulated knowledge in order to streamline position classification.”
The strategy also wants agencies to work outside of the walls of government. OMB, DHS and the National Security Agency, for example, will work with academic institutions to survey the current state of cyber curriculum and develop guidelines detailing minimum requirements for specific areas.
OPM also will implement a governmentwide recruitment strategy aimed at recruiting diverse talent, including developing the CyberCorps Scholarships for Service program and expanding the Presidential Innovation Fellows program to include a cybersecurity hiring track.
“To develop and strengthen the workforce of federal cybersecurity professionals, the government must demonstrate that it is the employer of choice for such professionals, as it offers rewarding, unique, and dynamic careers that rival opportunities anywhere else in the world. In particular, the federal cybersecurity workforce is entrusted with the mission of protecting government information technology systems, networks, and data from the most sophisticated adversaries; safeguarding sensitive data; supporting our nation’s financial systems; and securing our critical infrastructure, and intelligence systems,” OMB stated in the memo. “The government is seeking college students and industry employees of all skill and experience levels to bring their skills into public service to take on these challenging missions and further expand the existing, highly capable federal cybersecurity workforce. Moreover, the government seeks to provide cybersecurity professionals the flexibility to join federal service at different times in their careers to create new opportunities for career growth, development, and innovation for such professionals across private industry, academia, and government.”