Agencies got more details from the Office of Personnel Management on how to get started with an interagency program aiming to boost retention of federal cybersecurity professionals.
The guidance from OPM came after President Joe Biden signed a bill into law last June, which established a federal rotational cyber workforce program.
The program lets agencies offer up rotation assignments for federal employees currently working in IT, cyber or cyber-related positions. Eligible employees can apply for, and work at, a different federal agency for a limited time period, between six months and one year, before returning to their home agency.
“The program will help federal agencies continue to enhance their cyber workforce by developing critical cyber skills and creating environments where employees have ongoing learning and development opportunities,” OPM Director Kiran Ahuja said in the March 17 memo.
OPM’s latest guidance for the cyber workforce program, a requirement under the 2022 bipartisan legislation, outlines how the program will operate for the next several years.
Agencies can advertise their own rotations through the program, as well as select employees from other agencies for temporary assignments. And agencies can determine which internal positions are eligible for the program, OPM said. Agencies will also have to approve requests from internal employees who are interested in participating.
All available rotations will be listed on Open Opportunities, a subsection of USA Jobs for current federal workers. OPM said it will offer training on how to use the platform.
The federal rotational cyber workforce program aligns with the White House’s new national cybersecurity strategy, looking to strengthen the federal cyber workforce through improvements to staff development and retention.
The idea of a rotating cyber workforce for federal agencies is hardly a new concept — both the Trump and Obama administrations implemented similar types of initiatives. It also builds off of several initial programs, including those in the Defense Department and the Department of Homeland Security, two agencies that are already implementing rotational programs. A 2020 memo from OPM also precedes the latest guidance from the agency.
But rotational programs have become increasingly popular — it’s a way for agencies to encourage staff retention, by letting cyber professionals try out different areas of the federal government and develop new skills, OPM said. Agencies also get the benefit of those employees then bringing their newly developed skills back to their permanent positions.
“Cyber rotations help advance career opportunities and support employee engagement, satisfaction and retention,” Ahuja said.
The interagency program comes after a report from OPM showed that agencies continue to struggle with a governmentwide skills gap in cybersecurity. Agencies can have a difficult time recruiting and retaining cyber professionals, often because of a significant wage gap in the field between the public and private sectors.
The guidance also dovetails OPM’s recent approval of a special salary rate (SSR) for federal IT and cyber positions. The SSR is optional for agencies and many of the details of the pay model are not yet solidified. But many have expressed support for the new special pay rate.
Beyond challenges with pay, there are other workforce issues for federal cyber employees as well. Federal employees working in IT are on average older than those comprising the federal workforce overall. Notably, more than half of the federal IT workforce is over age 50.
In fiscal 2022, just 3.8% of federal IT employees were under age 30, compared with about 7% in the same age range for the federal workforce overall. In contrast, federal workers ages 60 and older make up more than 17% of the federal IT workforce, but just about 14.5% of the federal workforce overall.
And that age disparity is growing, the White House said in an analytical perspectives section of the fiscal 2024 budget request. Not to mention, the cyber workforce is also one of the least diverse segments of the federal workforce.
There are currently more than 755,000 open cyber jobs nationwide, more than 45,000 of which are openings in the public sector, according to data from Cyberseek, a partner of the National Institute of Standards and Technology (NIST).
And there are further efforts on Capitol Hill attempting to address cyber workforce challenges at federal agencies. Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.) reintroduced bipartisan legislation Tuesday, first reported by the Washington Post. The Civilian Cybersecurity Reserve Act would let DoD and DHS hire reserve cyber staff in the civilian federal workforce, which the agencies could then activate during large-scale cyber incidents. The legislation aims to address growing cyber threats nationwide.
These efforts also come just after the Government Accountability Office reported in January that 60% of its recommendations for improving federal cybersecurity since 2010 are still open. The lack of agencies’ response could result in growing threats to national security, GAO said.
Notably, GAO recommended that agencies address the federal cyber workforce shortage, for example, by creating a governmentwide workforce plan and creating a leadership team to help implement changes.
Given the current workforce challenges, the Partnership for Public Service said the federal rotational cyber workforce program is coming at a good time for agencies.
“The deficit of qualified cybersecurity professionals requires government to be innovative about recruitment and retention. Rotational programs are an opportunity to encourage retention, development of new skills and community building across the federal enterprise,” the Partnership’s Vice President of Federal Workforce Programs Michelle Amante said in an email to Federal News Network.
Starting later this year, the program will have an open period each November, during which all agencies can coordinate to advertise rotation opportunities. Agencies will also have the flexibility to share rotation openings any time during the year, OPM said.
Similar to other cyber workforce initiatives, OPM said agencies should work with their internal offices of the Chief Information Officer (CIO) and Chief Information Security Officer (CISO), to most effectively implement the program.
In June 2024, agencies will have to start reporting to OPM annually on their participation in the rotational program.
The program will run through June 2027, when the original authority expires, unless the program gets an extension from Congress.