Gathering data on current federal cybersecurity personnel initiatives will be critical to tailoring a much-needed national workforce strategy, according to current and former officials, as agencies continue to contend with a shortage of cyber talent.
“This lack of coordination has created the potential for unnecessary duplication and lost opportunities for leverage and integration across agencies,” the report states. “Moreover, lack of clarity about federal agency roles and responsibilities has hindered the federal government’s ability to tap the capabilities and resources in the private sector, academia, and other levels of government.”
The academy recommends the White House Office of the National Cyber Director lead the development of a national workforce strategy in consultation with the Cybersecurity and Infrastructure Security Agency, the Office of Management and Budget, and the other relevant agencies.
John Costello, chief of staff within the office of the NCD’s office, applauded NAPA’s report and alluded to more to come from his office.
“We do want to define and help build a strategy for how we can tackle some of these issues,” Costello said during a NAPA event Wednesday. “We’ve got a few other things underway. It’s too early to speak about now. But I can guarantee you you’ll hear more from the National Cyber director’s office on this issue in the months to come.”
The report recommends Director Chris Inglis’s office develop a governance framework to coordinate workforce programs across government. It calls on the office to appoint a senior official to lead a working group responsible for both government-wide and external cybersecurity workforce development programs.
NAPA also recommends officials consider expanding the Department of Homeland Security’s Cyber Talent Management System. DHS launched CTMS as a pilot program in November. The system is exempt from many of the federal government’s traditional competitive hiring, classification and compensation practices.
CTMS attempts to “break the mold” of traditional ways of looking at job candidates based on college degrees and specific backgrounds, according to Karen Evans, former DHS chief information officer and one of the authors of the NAPA report.
Evans said measuring the success of CTMS and other cyber talent initiatives will be key in developing the whole-of-government strategy.
“You have to have data in order to be able to inform these decisions and these investments going forward,” she said. “It’s really going to take that analysis of the data in partnership with the private industry, academia, nonprofits, everyone looking at what are the right tools in order to be able to accomplish what’s going to be in the national strategy.”
Partnerships between chief information officers and chief human capital officers will also be key. Evans highlighted the leading role former DHS Chief Human Capital Officer Angie Bailey played in designing CTMS.
“The CHCO has to understand really what the needs are and what the CIO is trying to do,” Evans said. “And the CIO has to really understand some of the limitations and where the CHCO can partner with them in order to be able to accelerate the hiring process.”
CISA is among the first DHS organizations to start using the new cyber talent system. Kiersten Todt, chief of staff at CISA, said the agency is actively measuring workforce data through dashboards, including monitoring the results of the CTMS pilot.
“We’re going to look at, did we actually expedite the hiring process?” Todt said. “Everything from how long does it take to get a drug test done to where are we bringing in these individuals?”
She reiterated Evans’ point about data being central to the success of cybersecurity workforce initiatives, especially when agencies need to go to Congress to ask for funding or authorities.
“Once we have data, we can then say, ‘This is where we’re having trouble,’” Todt said. “’This may be where we need more support. And this is where we’re having successes. And we think the successes are coming from ‘X, Y, and Z.’ So that analysis is going to be critical to our success.”
The NAPA report says CISA “appears ready to take on an expanded role as a part of the national effort.” The report highlights CISA’s Cybersecurity Defense Education and Training (CDET) branch, which coordinates the agency’s cybersecurity workforce development programs.
“Despite changing leadership priorities, a small staff, and limited grant-making authority to partner with additional organizations, CDET has successfully incorporated diversity and excellence in its programs, which are also designed to be scalable with additional resources and grant-making authority,” the report states.
NAPA also suggests officials build off the work of the Interagency Federal Cyber Career Pathways initiative. The initiative was launched in 2019 and is led by CISA, the Department of Defense and the Department of Veterans Affairs.
“Since its formation, this group has sought to merge disparate federal cyber workforce efforts, develop and promote cyber workforce guidance and best practices, and standardize implementation of [NIST’s National Initiative for Cybersecurity Education] Framework by creating Cyber Career Pathways for NICE Framework work roles,” the report states.