Agencies have new instructions now for assigning standard codes to their cybersecurity positions.
The Office of Personnel Management revised standard data codes for information technology and cyber-related positions. New guidance recognizes nine categories and 31 specialty areas of cyber functions.
Using these codes will help agencies better understand their work requirements and skills and compare them to the private sector and academia, OPM wrote in a Jan. 4 memo to agencies.
“The coding allows us to consistently describe the tasks, functions and work roles of federal cybersecurity positions and leverage the affiliated [knowledge, skills and abilities] KSAs in job opportunity announcements, applicant assessments and staff development,” the guidance said.
Using the same language to describe agencies’ cybersecurity positions will also help the administration identify skills gaps and areas where agencies may need to devote more attention and people in the future.
OPM collaborated with various stakeholders to develop these directions, the agency said.
First, chief information officer, human resources and classification staff should identify encumbered and vacant positions with information technology, cybersecurity and cyber-related functions. Each position will receive one of OPM’s revised, three-digit Cybersecurity Data Standard Codes.
The previous codes were two digits.
“CIO staff will have perspectives on where cybersecurity work is being accomplished across the agency, how to interpret the work roles described in the Cybersecurity Data Standard Codes and what expectations the agency has regarding information technology, cybersecurity and cyber-related functions, skills, requirements, etc.,” the guidance said. “Managers will play a key role in knowing what positions are performing functions that will be coded.”
Next, agencies should embed standard codes into their position descriptions. They should send that information for their encumbered positions to OPM’s Enterprise Human Resources Integration data warehouse, the guidance said.
At some point in the next two years, agencies will be required to send coding details for their vacant positions once OPM begins to track vacant cyber positions across all of government.
Agencies have three months to set up procedures for identifying and coding their civilian positions with information technology, cybersecurity or cyber-related designations, according to deadlines set under the Federal Cybersecurity Workforce Assessment Act of 2015. They have one year to finish coding.
Congress included the Cybersecurity Workforce Assessment Act in the 2016 omnibus spending package, which passed at the end of 2015.
Since then, OPM has been busy implementing different parts of the law, as well as responding to the Office of Management and Budget’s call to hire more cyber talent and develop a governmentwide workforce strategy.
As of November 2016, the administration was on track to meet its goal in hiring 6,500 new cyber professionals by this month. OPM also plans to launch CyberCareers.gov, a new website aimed at reaching federal managers, current employees, job seekers and academic organizations and students. The site will be designed as a one-stop shop to better educate those audiences about new federal cyber opportunities and provide resources to help them develop their careers in the field.
The latest guidance comes shortly after the National Institute of Standards and Technology published a draft version of the National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework in November.
The framework is designed as a “cybersecurity workforce dictionary” to help agencies educate, recruit, train and retain top cyber talent. It also sets common terminology, like these standard codes, that agencies, cyber professionals, industry groups and academia can all use.
Common coding and language may also help OPM tackle other future priorities related to the cyber workforce. OPM Acting Director Beth Cobert has described a desire to build a professional credentialing framework modeled after the military. The goal is to develop accepted training where existing federal cyber pros could earn badges and certifications as they learn other skills.