The Cyberspace Solarium Commission (CSC) recently published a white paper that addresses the need for growing a strong federal cyber workforce by presenting a strategy to invest in that development.
“Without talented cyber professionals working the keyboard, all the cutting-edge technology in the world cannot protect the United States in cyber-space. If we do not take action now to ensure that our talented and experienced workforce continues to grow, we are leaving our country vulnerable to future cyber attacks,” state the commission’s co-chairs, Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI).
The white paper details five elements that guide the development of a strong cybersecurity workforce: organize, recruit, develop, retain, and stimulate growth. The CSC paper asserts working in cyber security extends well beyond just information technology and notes that the Office of Personnel Management (OPM) reduces incentives agencies can offer their employees by defining many cybersecurity roles as “IT Specialist.” This designation may dissuade applicants from applying to positions who prefer to apply more interdisciplinary skills. With one in three public-sector cybersecurity jobs currently vacant, according to the commission, the paper emphasized the need to retain and recruit employees that will remain in their jobs and not leave for private sector positions that are often more lucrative. Reducing obstacles to obtaining security clearances and not requiring three years’ experience for entry level positions are some of the ideas laid out by the commission.
Representative Jim Langevin (D-RI), who is also a CSC Commissioner, explained in a press release announcing the white paper, “We need to focus on growing cyber talent among those in the earliest stages of their K-12 schooling, but we also need mentors—diverse mentors—who allow our young people to envision a fulfilling career for themselves in the cyber workforce.” Langevin explains that engaging the next generation of the cybersecurity workforce is just as essential as recruiting current cybersecurity professionals.
John C. Inglis, a former deputy director of the National Security Agency (NSA) and another member of the Commission explained in the same release, “The federal cyber workforce is not independent of the national workforce; they share a common problem—it is literally the same problem. The federal workforce cannot just figure out how we get a bigger slice of a fixed-size pie of national cyber talent. We need to build a bigger pie.”
While there are long-term avenues to “building a bigger pie” such as sustained, long-term investments, NextGov explained in an article that there is a quicker organizational fix to deciding who to hire for cybersecurity roles. OPM’s information technology categorization, referred to as series 2210, is one of few that grants exceptions to rules regarding where officials can post openings and the compensation they can offer. Depending on the GS level of the job being offered, there are basic requirements that must be met by applicants.
The commission believes the current cybersecurity hiring system can be reformed and this is preferable to building a new system entirely. Looking to the future, the commission recommends establishing metrics to assess the success of cyber workforce efforts, a proposal that is expected to be finalized in the NDAA 2021.