It’s been more than four years since the Obama administration issued a comprehensive strategy to expand the federal cyber workforce and fill thousands of vacant positions by 2016.
But it’s been difficult to measure the progress when the definition of a “cyber job” continues to expand and evolve. Today, more than one in three cybersecurity jobs in the public sector go unfilled, according to a recent report on persistent federal workforce challenges from the Cyberspace Solarium Commission.
The commission noted some progress in recent years among federal agencies to recruit and retain cyber talent, but the government as a whole still lacks a comprehensive strategy and can’t make changes fast enough to keep up with demand for new professionals.
“At the end of the day, we still have a federal government that has a complex, uneven and stove-piped system that’s difficult to navigate, sets up underlaps, creates haves and have-nots and creates unhealthy competition,” Chris Inglis, a solarium commissioner and former deputy director of the National Security Agency, said Tuesday at a virtual event hosted by the Intelligence and National Security Alliance.
That stove-piped approach has forced agencies to get creative on their own. It’s why the FBI established a new partnership this fall with the U.S. Space and Rocket Center in Huntsville, Alabama, said Tonya Ugoretz, deputy assistant director for cyber readiness for the FBI’s outreach and intelligence branch.
The center is well-known for hosting a space camp for middle-school students, but it also sponsors a similar camp for cybersecurity.
“We just signed an MOU with [the space and rocket center] in October, where we’re going to partner with them on curriculum development, on injecting real-world scenarios and having some of our subject matter experts there to talk to the teams,” Ugoretz said.
The FBI is building a new cyber range in Huntsville, she added. Once the building is complete, campers will visit and use the facility themselves.
“They’ll literally be able to see that these skills that [they’re] learning and having fun with at this camp actually exist in the real world and [they] could apply those in a cyber career,” Ugoretz said.
Like other agencies in the intelligence community, the FBI is also focusing its recruitment efforts on talent pools that have perhaps been overlooked in the past.
“[We’re] looking at people who are on the autism spectrum who have strengths in rapid pattern recognition, out-of-the-box thinking, attention to detail and sustained focus,” Ugoretz said. “A lot of those skills make them highly desirable to be in cyber-related fields. We have folks here who are very passionate about recruiting folks with those skillsets.”
On the bright side, once cyber agents enter the FBI, many tend to stay, Ugoretz said. In fiscal 2020, just three FBI cyber agents left the bureau. Two other cyber agents who had left the FBI in previous years returned to the bureau in 2020.
Still, Ugoretz recognized the bureau had a good year in retaining FBI cyber agents, and recruitment and retention challenges aren’t going away. She’s hopeful that job rotation programs currently under development at the Office of the Director of National Intelligence will give FBI cyber professionals an outlet to take on temporary details in and out of the private sector.
“We have to keep evolving. We have to keep our cyber workforce engaged,” she said. “We need to make sure our training, development and career paths continue to keep pace with the way the entire cyber environment and threat landscape for us is changing.”
The Office of Personnel Management issued new guidance to federal agencies in mid-November, describing the terms of a successful cyber talent exchange or rotational program.
Agencies have a few different options to choose from, including the Federal Cybersecurity Rotation Program, which the Trump administration established in a 2019 executive order, as well as a cyber detail program and a small inter-agency cyber track coordinated through OPM and the President’s Management Council.
But as the Cyberspace Solarium Commission said in its recent report, these programs are still relatively small in scale. It recommended Congress direct and fund the Cybersecurity and Infrastructure Security Agency to develop a new talent exchange program, where cyber experts from CISA and the private sector could spend one-to-three-year stints working for one another.
OPM acknowledged the small size of current rotation programs in its recent guidance, encouraging agencies to engage their employees more often in these opportunities.
“Cybersecurity practitioners at all levels, from entry level to senior executives, will benefit from federal agencies offering more frequent opportunities for rotational assignments, both internally and externally,” Michael Rigas, OPM’s acting director, said in a Nov. 18 memo to agencies.