The Cybersecurity and Infrastructure Security Agency is preparing its hiring managers to begin using a new Cyber Talent Management System that gives CISA more leeway in how it recruits and retains cybersecurity personnel.
The Department of Homeland Security published interim final regulations laying out the new talent program in August. They go into effect Nov. 15. CISA and the Office of the DHS Chief Information Officer are the first two organizations that will be able to take advantage of the CTMS.
Angela Baily, DHS’ chief human capital officer, said “there is a little bit of conversation left” with the Office of Personnel Management, but otherwise, the system will go live on Nov. 15.
CTMS will start out with “somewhere around 150 positions,” Bailey said during Wednesday’s session of CISA’s month-long Cyber Summit. She said it’s up to users like CISA to decide how it expands from there.
One of the system’s major draws is giving hiring managers more flexibility to define both the particulars of a position and set its pay grade, as opposed to classifications laid out in the General Schedule. Salary offers can reach as high as the vice president’s annual pay, $255,800 in 2021.
Bailey said descriptions of CTMS positions on the agency’s website will be as specific as hiring managers dictate.
“Nothing’s going to be predefined from the beginning,” Bailey said. “We have to give people some idea what they’re going to do, and we have to give people some idea what we’re going to pay, but it doesn’t have to be so finite, like the current GS schedule is with the classification system.”
Nitin Natarajan, deputy director of CISA, said the agency is looking forward to taking advantage of CTMS as it looks to staff up to meet its growing mission sets. The new system comes as the United States faces a shortage of an estimated 500,000 cybersecurity professionals.
“We’re really focused on ensuring our hiring managers and our supervisors in the organization are well versed in CTMS, and how to use it correctly, how to hire, how to retain within that construct,” Natarajan said.
DHS also chose to define “cybersecurity talent” under the CTMS “loosely,” meaning it covers more than technical positions, according to Bailey.
“Whether it’s from a policy standpoint, attorneys as an example, folks that might do financial kinds of cyber work, whatever the needs might be, it is designed to ebb and flow based on what those needs are, so that you can bring people in to meet those needs,” she said.
The CTMS will also be geared at all levels of experience and career paths, giving DHS the ability to draw in people with non-traditional backgrounds, according to Natarajan.
“We have a lot of our workforce that’s in reskilling or upskilling later on in their careers,” he said. “We have a lot of people coming into the cyber industry, not when they’re 18 years old, but also later in life.”
Natarajan said CISA is particularly looking to take advantage of the new system’s flexibility allowing individuals to more easily transition back and forth between CISA and other organizations, including the private sector as well as state, local, tribal and territorial governments.
People in CTMS will also have more opportunities to move in between jobs and career tracks within the agency.
The flexibilities will ultimately help CISA retain more of its people, in addition to the obvious recruiting advantages, according to Natarajan.
“I want to help people with whatever their next step is,” he said. “Hopefully it’s with us. If it’s outside, so be it. But how do we help retain you and grow you professionally within the organization, and then if you’re going to leave momentarily, let’s keep the conversation going. And hopefully trying to bring you back in after you get more experience out there.”
The 2014 legislation that created the authority for CTMS is specifically written for DHS. But Bailey said the Office of Management and Budget is likely eyeing how to make use of the system for the rest of the federal government’s cybersecurity staffing needs.
“I wouldn’t be surprised if eventually this starts to spread out amongst the other federal agencies, but they too would need the same kind of legislative authority that we received in order to do it,” she said.