Always be recruiting — that’s the advice Melinda Rogers has for anyone trying to maintain a cybersecurity staff. Part of that is due to the low unemployment rate, particularly in the cyber market. But part of it is also the turnover.
“I actively pursue candidates in any forum I’m in, whether it’s in a meeting with a vendor about a specific product or service, whether it’s working on site with a contractor firm, whether it’s going to a conference, whoever I crossed paths with, one of the first things I look at is I look at this candidate to see if this is a potential fit at the Department of Justice,” Rogers, deputy chief information security officer at the Justice Department, said on Agency in Focus – Justice Department. “Do they have an interest in joining our organization? And is there a potential value add where I can offer this candidate an interesting opportunity to focus on the mission and they can offer a hopefully a talent that we don’t currently have? So it’s a constant nonstop venture for me.”
Because employee turnover is inevitable, she said. Offering development opportunities and having an interesting and important mission and the satisfaction of adding value to that help. What an employee does and whether it makes them feel good can be more important than money, she said, but at the end of the day, everyone leaves.
A hiring manager has to keep their eye on a recruitment pipeline of candidates ready to roll in behind them. And that goes beyond just IT professionals. Cybersecurity hiring needs to be holistic. Rogers said they also need contracting and procurement professionals who understand software services, hardware needs and cloud products.
She also said an agency needs a team of financial managers that understand IT budgets and don’t get distracted by the shiny new thing, because that’s how agency’s wind up with a ballooning IT budget.
“It’s a hand-to-hand combat day-in and day-out where we’re constantly looking at new contracts to put in place, or expiring contracts that we might want to repurpose, or look at how do we restructure differently,” Rogers told the Federal Drive with Tom Temin. “And especially as more agencies, including the Department of Justice, look at leveraging cloud services, it is shifting the types of personnel we need on staff. We no longer are as focused on managing hardware on site, so we need to recruit for different people, the people we will be recruiting for are going to be more focused on — or we need them to be more focused on — the business element, understanding the business structure.”
And that’s becoming more and more important as the DOJ continues on its path of data center consolidation. Rogers said the department has closed 84 out of 110 data centers, avoiding $130 million of costs at the end of FY 2018.
She said DOJ is also working with the major cloud service providers, looking at infrastructure- and software-as-a-service, but the department’s requirements are specific. Moving to cloud isn’t just about outsourcing that work, she said. There’s an element of having to maintain accountability for the security stack.
“I think the initial pain of the move might be substantial, but once we’re there, I think it then allows us to look at our workloads differently. Allow the cloud service providers who do this best to make sure that the applications and the software hardware elements are kept current, so that we can focus on the mission operation side, the business side to make sure that we’re always providing our constituents who are the law enforcement officers on the front line, the attorneys who are doing the prosecution, that they get what they need,” she said.