White House officials believe they have built broad consensus across agencies on proposed legislation that would reform how the government recruits and retains cyber talent.
The forthcoming legislative proposal attempts to tackle what officials think is one of the biggest barriers to cyber recruiting inside the federal government: the patchwork of disparate workforce authorities across agencies.
The Office of Personnel Management is close to delivering the proposal to Congress. Officials say it combines the best elements and lessons learned from current specialized authorities, notably the Defense Department’s Cyber Excepted Service and the Department of Homeland Security’s Cyber Talent Management System.
“We wanted to look at a package that makes sense government wide, so we don’t have more pop up legislation, we have one system that fits across government,” Jason Barke, deputy associate director for strategic workforce planning at OPM, said during a Monday event hosted by the Foundation for the Defense of Democracies.
“We feel that this package really kind of does that, answers a lot of those questions, and so we’re excited to see it move forward,” Barke added.
The proposal was developed through the Federal Cyber Workforce Working Group, which includes 34 agencies and is co-led by the Office of Management and Budget and the Office of the National Cyber Director.
Kristy Daphnis, the federal workforce branch chief at OMB, said officials took months to build consensus within the working group on the cyber hiring legislation before sharing it for formal interagency review.
“The hope there is that we were creating a package that when it does go up to the Hill, that there’s buy-in from all of the agencies, and there isn’t as much of a clamoring for those special authorities in different places,” Daphnis said.
That kind of consensus-building could make it easier to support on Capitol Hill, according to Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation and executive director of the Cyberspace Solarium Commission 2.0.
“The thing that kills a lot of OMB-White House legislation is federal agencies going behind their back to the congressional committees of concern, saying, ‘Don’t do this,’” Montgomery said. “You have to get everybody on board. Because if you don’t, I won’t name names, but there are federal agencies that are very effective in using their committees of jurisdiction to kill legislation.”
DHS’s new system for cyber personnel, CTMS, is exempt from many of the federal government’s traditional competitive hiring, classification and compensation practices. Hires under the system, for example, can make a salary as high as the vice president’s in some cases.
“Some of the stuff that I don’t think private sector companies face is the fact that we have all sorts of different authorities and flexibilities that are either created through guidance, rulemaking, or by law,” Seeyew Mo, assistant national cyber director for workforce, education, and awareness, said during the FDD event. “Navigating that in an environment in which technology changes faster than we can train people, in which the skills are constantly changing, I think that’s a unique challenge that our federal workforce faces in trying to recruit people.”
Through its forthcoming legislative proposal and other initiatives, Barke said OPM has been focused on evening out the competition for cyber talent within government.
“How do we create kind of this equity across the federal government, so everybody is on this level playing field, so we’re not really competing against each other,” he said. “Maybe we’re competing against private sector, but we’re able to bring in that talent that we need.”
Barke said those assessments will be crucial to shifting away from self-assessments, which are still used for job openings across government, even for technical positions like cybersecurity. He said it will also reduce the burden on human resources employees, who currently have to sift through dozens or even hundreds of self-assessments for each open position.
“How do we start thinking about that next level to really get the targeted, quality people that have the qualifications into these positions?” Barke said. “And how do we start using things like multi hurdle assessments to take it to that next level? So we’re really focused on that hiring area, and how do we improve efficiencies in supporting the initiative.”
‘It’s a process’
While the legislative proposal could end up being a landmark change for federal cyber hiring and retention, officials also cautioned that it will take time to implement any new authorities. And Congress first has to agree to pass the proposals into law.
“It’s a process,” Daphnis said. “And it will take some time to get to a point where this is useful.”
Previous cyber hiring authorities have also been slow to get off the ground. It took DHS seven years to implement the CTMS authorities, and the system is still slowly gaining traction within the department. DoD’s CES faced similar growing pains.
“There is always that lag because when you are in this case affecting someone’s livelihood, we want to make sure that we are crossing the t’s dotting the i’s and ensuring that we can implement the policy in an equitable and sound way,” Mo said.
OPM drew on the lessons learned from CES and CTMS, respectively, as they crafted the upcoming legislative proposal, according to Daphnis.
“OPM has been a phenomenal partner with all agencies in thinking about how do you bridge some of that more technical HR stuff with the strategic needs of the government?” she said. “And they were really looking at it through that lens to say, ‘Okay, here’s what worked in CTMS. Here’s what didn’t. Here’s what we could do better. Here’s how this looks in a manner that can scale across government.”
In the meantime, agencies are looking at ways to bring technical talent into government more quickly today through initiatives like “Tech to Gov.” The effort aims to make it easier for technical people currently working in the private sector to find a job in government. It also encourages agencies to use authorities they already have, like pooled hiring and shared certificates.
“It’s agencies getting together on a few really key occupations, and working together to do some of that recruitment, and to do some of that hiring,” Daphnis said.