Data will be key to building national cyber workforce strategy, officials say

Gathering data on current federal cybersecurity personnel initiatives will be critical to tailoring a much-needed national workforce strategy, according to current and former officials, as agencies continue to contend with a shortage of cyber talent.

A new report from the National Academy of Public Administration released this week highlights the lack of a governmentwide approach to cybersecurity workforce management.

“This lack of coordination has created the potential for unnecessary duplication and lost opportunities for leverage...

READ MORE

Gathering data on current federal cybersecurity personnel initiatives will be critical to tailoring a much-needed national workforce strategy, according to current and former officials, as agencies continue to contend with a shortage of cyber talent.

A new report from the National Academy of Public Administration released this week highlights the lack of a governmentwide approach to cybersecurity workforce management.

“This lack of coordination has created the potential for unnecessary duplication and lost opportunities for leverage and integration across agencies,” the report states. “Moreover, lack of clarity about federal agency roles and responsibilities has hindered the federal government’s ability to tap the capabilities and resources in the private sector, academia, and other levels of government.”

The academy recommends the White House Office of the National Cyber Director lead the development of a national workforce strategy in consultation with the Cybersecurity and Infrastructure Security Agency, the Office of Management and Budget, and the other relevant agencies.

The report comes as some estimates peg the U.S. cyber workforce shortage of approximately 460,000 unfilled positions.

John Costello, chief of staff within the office of the NCD’s office, applauded NAPA’s report and alluded to more to come from his office.

“We do want to define and help build a strategy for how we can tackle some of these issues,” Costello said during a NAPA event Wednesday. “We’ve got a few other things underway. It’s too early to speak about now. But I can guarantee you you’ll hear more from the National Cyber director’s office on this issue in the months to come.”

The report recommends Director Chris Inglis’s office develop a governance framework to coordinate workforce programs across government. It calls on the office to appoint a senior official to lead a working group responsible for both government-wide and external cybersecurity workforce development programs.

NAPA also recommends officials consider expanding the Department of Homeland Security’s Cyber Talent Management System. DHS launched CTMS as a pilot program in November. The system is exempt from many of the federal government’s traditional competitive hiring, classification and compensation practices.

CTMS attempts to “break the mold” of traditional ways of looking at job candidates based on college degrees and specific backgrounds, according to Karen Evans, former DHS chief information officer and one of the authors of the NAPA report.

Evans said measuring the success of CTMS and other cyber talent initiatives will be key in developing the whole-of-government strategy.

“You have to have data in order to be able to inform these decisions and these investments going forward,” she said. “It’s really going to take that analysis of the data in partnership with the private industry, academia, nonprofits, everyone looking at what are the right tools in order to be able to accomplish what’s going to be in the national strategy.”

Partnerships between chief information officers and chief human capital officers will also be key. Evans highlighted the leading role former DHS Chief Human Capital Officer Angie Bailey played in designing CTMS. 

“The CHCO has to understand really what the needs are and what the CIO is trying to do,” Evans said. “And the CIO has to really understand some of the limitations and where the CHCO can partner with them in order to be able to accelerate the hiring process.”

CISA is among the first DHS organizations to start using the new cyber talent system. Kiersten Todt, chief of staff at CISA, said the agency is actively measuring workforce data through dashboards, including monitoring the results of the CTMS pilot.

“We’re going to look at, did we actually expedite the hiring process?” Todt said. “Everything from how long does it take to get a drug test done to where are we bringing in these individuals?”

She reiterated Evans’ point about data being central to the success of cybersecurity workforce initiatives, especially when agencies need to go to Congress to ask for funding or authorities.

“Once we have data, we can then say, ‘This is where we’re having trouble,’” Todt said. “’This may be where we need more support. And this is where we’re having successes. And we think the successes are coming from ‘X, Y, and Z.’ So that analysis is going to be critical to our success.”

The NAPA report says CISA “appears ready to take on an expanded role as a part of the national effort.” The report highlights CISA’s Cybersecurity Defense Education and Training (CDET) branch, which coordinates the agency’s cybersecurity workforce development programs.

“Despite changing leadership priorities, a small staff, and limited grant-making authority to partner with additional organizations, CDET has successfully incorporated diversity and excellence in its programs, which are also designed to be scalable with additional resources and grant-making authority,” the report states.

NAPA also suggests officials build off the work of the Interagency Federal Cyber Career Pathways initiative. The initiative was launched in 2019 and is led by CISA, the Department of Defense and the Department of Veterans Affairs.

“Since its formation, this group has sought to merge disparate federal cyber workforce efforts, develop and promote cyber workforce guidance and best practices, and standardize implementation of [NIST’s National Initiative for Cybersecurity Education] Framework by creating Cyber Career Pathways for NICE Framework work roles,” the report states.

Related Stories

    FILE - In this Feb. 25, 2015 file photo, the Homeland Security Department headquarters in northwest Washington. An advisory issued by officials in the United States, United Kingdom and Australia warns that hackers linked to the Iranian government have been targeting a “broad range of victims” inside the U.S. with ransomware and other malicious cyber activity.  (AP Photo/Manuel Balce Ceneta, File)

    Why the new DHS cyber talent management system was nearly 7 years in the making

    Read more
    (AP Photo/Lynne Sladky)FILE - In this Nov. 20, 2020, file photo a U.S. Department of Homeland Security plaque is displayed a podium as international passengers arrive at Miami international Airport where they are screened by U.S. Customs and Border Protection in Miami. The damned-if-you-pay-damned-if-you-don’t dilemma on ransomware payments has left U.S. officials fumbling about how to respond. While the Biden administration “strongly discourages” paying, it recognizes that failing to pay would be suicidal for some victims. (AP Photo/Lynne Sladky, File)

    Even the government’s premier cybersecurity bureau has a talent acquisition challenge

    Read more
    AP Photo/Manuel Balce CenetaFILE - In this Feb. 25, 2015 file photo, the Homeland Security Department headquarters in northwest Washington. President Joe Biden has selected two former senior National Security Agency officials for key cyber roles in his administration.  Chris Inglis, a former NSA deputy director, is being nominated as the government's first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. (AP Photo/Manuel Balce Ceneta, File)

    DHS cyber talent system set to go live with ‘around 150 positions’ next month

    Read more