It’s not just the private sector — agencies are competing with each other for cyber talent

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Justice Department has one of the most important and high profile cybersecurity missions in government, but like many other agencies, it struggles to attract and retain cyber specialists.

The department’s “Comprehensive Cyber Review” released this week runs through DOJ’s recent work to investigate and prosecute cybercrime, including initiatives aimed at ransomware gangs, the illicit use of...

READ MORE

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Justice Department has one of the most important and high profile cybersecurity missions in government, but like many other agencies, it struggles to attract and retain cyber specialists.

The department’s “Comprehensive Cyber Review” released this week runs through DOJ’s recent work to investigate and prosecute cybercrime, including initiatives aimed at ransomware gangs, the illicit use of cryptocurrency, contractor fraud, and other digital forms of malfeasance.

“The department continues to play a unique and critical role in addressing almost every cyber threat,” the report states.

But even DOJ’s reputation for high-quality cyber work can’t overcome compensation challenges and other issues that make it difficult for the agency to recruit and retain system engineers, cyber prosecutors and other experts, according to the review.

The number of cyber-specialized attorneys at DOJ has remained roughly the same over the past 15 years. The department’s Computer Crime and Intellectual Property Section has employed approximately the same number of attorneys — 37 — since 2010, despite the rising tide of cyber incidents over the past decade.

In general, DOJ’s attorneys are typically paid less than their private sector counterparts, but the report notes the disparity is “particularly acute” with cyber-specialized lawyers, where even relatively junior attorneys can secure a significant salary increase by jumping to the private sector.

“The department’s other cyber-related personnel, including special agents, analysts, computer scientists, and IT and information security personnel, face similar compensation disparities between the department and other employers,” the review states. “If not addressed, this problem will result in the department effectively becoming a temporary waystation for cyber talent, rather than a viable long-term career option.”

And DOJ says the private sector isn’t the only competition.

“The risk of personnel attrition is heightened by the fact that other departments within the U.S. government have recently begun to offer more competitive salaries to cyber experts,” the review states. “In many cases, hiring offices within the department do not appear to be aware of similar authorities.”

It specifically highlights the Defense Department’s Cyber Excepted Service, instituted in 2016, that allows DoD to hire cyber experts outside of the traditional civil service system, often at much higher salaries. And it notes the Department of Homeland Security’s new Cyber Talent Management System, introduced in November, also allows DHS to offer salaries as high as the vice president’s in some cases.

“Those pay scales highlight that the department’s ability to compensate its cyber-specialized workforce lags behind not only the private sector, but also the public sector,” the review states.

‘Equal footing’ for agencies

The widening gap between agency authorities for cyber hiring has caught the attention of White House leaders.

During a hearing held by the House Committee on Oversight and Reform subcommittee on government operations on Thursday, Office of Personnel Management Director Kiran Ahuja said OPM wants to work with lawmakers to streamline innovative hiring programs.

“We also want to work with Congress to develop a government wide cyber workforce plan that puts agencies on equal footing when competing for cyber talent,” she said.

Later on in the hearing, Ahuja said there is now “competition within and among our agencies” for cyber experts. She specifically called out DHS’s Cyber Talent Management System.

“That has now become kind of the king of programs within the federal government and other agencies are having to compete with that,” she said.

During the same hearing, Jason Miller, the deputy director for management at the White House Office of Management and Budget, called for “consistency” across agencies in the use of flexible hiring authorities for areas like cyber.

“When we have different authorities and different approaches to similar types of jobs and similar types of skills in one agency or another, it creates an imbalance that harms the federal government overall and makes us less competitive in the labor market,” he said.

Due to gaps in cyber workforce data, it’s difficult to get exact numbers on the shortage of cyber talent across the federal government. But Miller said implementing initiatives like the federal zero trust strategy will ultimately require more “in-house” cyber talent.

Earlier this week, the White House hosted a cyber workforce summit where officials pointed to more than 700,000 open cybersecurity jobs across the United States.

“This is a place that is a challenge for the federal government. It’s a challenge for a lot of employers,” Miller said. “There’s a shortage across the country.”

DOJ contemplates cyber hiring strategy

Even without additional programs, the DOJ review found the department could be doing more to take advantage of existing authorities for hiring tech talent. The main issue appears to be that many offices aren’t aware of existing hiring flexibilities, or are hesitant to use them due to budget concerns, according to the review.

“These reservations, however, similarly apply to other U.S. agencies who have nonetheless implemented new, enhanced recruitment incentives in recent years,” it adds.

For instance, DOJ could use existing direct hire authority for General Schedule-9 through GS-15 positions in IT management, as well as special pay rates for both entry- and developmental-level computer engineers, computer science and IT specialists.

DOJ can also offer recruitment and relocation bonuses for certain “hard-to-fill” positions, and it could seek approval for “superior qualifications” and “special needs pay-setting” authorities for new GS-level hires. Other tools include relocation pay, college loan repayment programs, and increased leave accrual for non-federal and military experience.

“Although these incentives are available across agencies, department managers and employees are often unaware of their existence, unsure of their requirements, and lack guidance regarding their application in recruitment and retention efforts,” DOJ’s review states.

It ultimately calls on DOJ to develop a hiring and retention strategy to attract a “best-in-class cyber workforce.” It calls for an internal campaign to educate hiring managers and others on existing incentives and authorities.

“Over a longer term, the department should establish a cross-component working group to explore collaboration with Congress to create new types of federal civil service positions for the department’s cyber-related workforce,” the review states.

Related Stories

    Getty Images/iStockphoto/HYWARDSCISA

    At CISA, even the chief of staff has been marinated in cybersecurity

    Read more
    FILE - In this Feb. 25, 2015 file photo, the Homeland Security Department headquarters in northwest Washington. An advisory issued by officials in the United States, United Kingdom and Australia warns that hackers linked to the Iranian government have been targeting a “broad range of victims” inside the U.S. with ransomware and other malicious cyber activity.  (AP Photo/Manuel Balce Ceneta, File)

    Why the new DHS cyber talent management system was nearly 7 years in the making

    Read more
    Amelia Brust/Federal News Network

    One potential job for the national cyber director? Fix the cyber workforce problem

    Read more