The Federal Cyber Workforce Management and Coordinating Working Group announced a new cyber workforce report that details the challenges federal agencies face in closing the cyber workforce gap and outlines a “coordinated, interagency approach” to recruit and retain top talent.
“The federal workforce must be ready to counter the increasing threat of cyberattacks while also meeting the demand of U.S. citizens for a more responsive, digital government,” the report states. "Systemic changes to the development of our cyber workforce are vital for our nation to sufficiently govern and maintain our critical infrastructures and data security."
The working group tri-chairs from Cybersecurity and Infrastructure Security Agency and the departments of Defense and Veterans Affairs explained the common threads and cyber workforce challenges across all of government during a media roundtable Wednesday.
“In an effort to move the needle and rapidly strengthen the federal cyber talent pipeline, the working group took a closer look at common pain points and challenges faced by our federal departments and agencies,” CISA’s Associate Chief of Workforce Planning at the Office of the Chief Human Capital Officer, Megan Caposell explained.
The COVID-19 pandemic forced federal agencies to quickly shift to remote work, cloud-based infrastructure and IoT. Agencies also have geographically dispersed hardware and software supply chain, which has expanded the attack surface. During 2020 alone, the report noted a 238% increase in cybercrime. Even with sophisticated technology tools, agencies are realizing that they need an expert workforce to mitigate evolving threats.
Despite the federal cyber workforce growing faster, it's not growing at a rate that is satisfying the current demand. Between 2020 and 2030, the report predicts cyber talent will grow by 13%; for some professions like information security specialists, it could grow up to 33%. Additionally, agencies struggle with diversifying their workforce with only 6% of cyber professionals being under 30 years old.
"We noticed a lot of disjointed approaches for the way that our federal partners... analyze and report our cyber workforce data. It makes it increasingly difficult to project the health and maturity of the federal cyber workforce,” senior advisor for cyber workforce management at VA’s Office of the Chief Information Officer, Chis Paris noted. “There’s [also] a lack of entry level talent.”
The State of the Federal Cyber Workforce report recognized cross-government challenges across three core areas: foundations, development and recruitment and retention.
To address these challenges, the working group outlined a Multi-Year Strategy and Implementation Plan to drive an overarching long-term, tangible vision of what’s needed for the cyber workforce.
"The National Cyber Director [is] lacking robust and accurate data that's needed to measure and understand the composition of our workforce, as well as the impact that any development initiatives or policy intervention interventions would actually have on the workforce,” Paris said. “For us, the working group, our vision when it comes to data is, first and foremost, to get good data—good data in data out... This is the baseline we need for conducting more foundational analysis.”
As part of its strategy, the working group will deliver new tools and playbooks to federal hiring teams, as well as build out cybercareers.gov as the “central hub” for federal cybersecurity positions and professionals. The tri-chairs also plan to partner with key policymakers to promote and adopt those federal cyber qualifications policy. These efforts will help standardize and organize cyber-specific career pathways.
The plan focuses more on a skill-based hiring strategy, revising policies so that they serve as a quick way to intake talent, not as a barrier. The working group is leveraging NIST’s National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity to provide hiring teams and HR management with services to better identify, recruit, develop and retain an expert cyber workforce.
“In this sphere, people are so much more critical than the technology because they drive it [and] they make it,” director of DOD’s Cyber Workforce Management Directorate Patrick Johnson explained.
The Office of Personnel Management plays a critical role in the strategy. VA is collaborating with OPM to request a special salary rate for the 2210 community for cyber professionals to make government pay more competitive with industry. Additionally, CISA is partnering with OPM to create a centralized dashboard and dataset remodel that will define key performance metrics and identify areas of improvement to inform future strategy.
“We submitted that proposal to OPM. It's with them for review. If approved and implemented, it would really mark a huge increase in pay across the general schedule, but primarily for our entry talent positions where there is such a severe pay gap between what we offer and what industry offers. That will go a long way in attracting folks,” Paris told GovCIO Media & Research.
Paris hopes to see a decision from OPM by the end of the calendar year, Paris added. The team’s goal is to have additional information to leverage to start forecasting for fiscal year 2024.
"Our goal moving forward [is] that the actions that we've laid forth in our multiyear strategy, implementation plans and subsequent strategies we build will provide the tactical support that the Office of the National Cybersecurity needs to move out on initiatives that it will have within its forthcoming national workforce strategy,” Paris said.