The Department of Homeland Security’s plan for filling the cyber talent gap is intended to focus on talent, more so than established credentials, which means leaving behind some of the traditional methods of hiring, paying, and retaining skilled employees. At the bottom line, DHS wants to take off the General Schedule handcuffs.
The idea of removing General Schedule restrictions is reflected in the agency’s Fiscal 2020 Budget Request, which includes $11.4 million for a new Cyber Talent Management System (CTMS), a streamlined hiring system that it hopes will help it better compete with the private sector, and through which it plans to hire 150 cybersecurity employees by the end of 2020.
“Key shifts in the design include a focus on the capability of people, not the duties of the position,” DHS says in a document justifying the budget request. The program also would address the constantly shifting cyber landscape by focusing on continual development of capabilities and allowing employees to seamlessly move around the department in order to meet mission needs, the document states.
DHS will use CTMS as something of a proving ground, saying it plans eventually to expand the program so that all Federal departments and agencies can employ the same methods.
The reform and reorganization plan issued by the White House last June noted that the CTMS would free DHS from some of the Title 5 restrictions on hiring cybersecurity professionals, “speeding up the hiring process, attracting talent from non-traditional educational backgrounds, using innovative tools to assess applicants, and offering more flexible performance-based compensation.” In addition to more fluidly aligning talent with mission needs as circumstances dictate, the system also “will allow these technical professionals to accelerate their careers as rapidly as their aptitudes allow,” the plan states.
Chris Krebs, director of DHS’ new Cybersecurity and Infrastructure Security Agency (CISA), created as part of the reorganization, described the system in recent testimony before Congress, pointing out that the government’s General Schedule approach doesn’t fit with the realities of the cyber talent pool. Take a 22-year-old with little or no college but with advanced skills honed by years of exploring online alleyways, for instance. “[H]ow do I account for that? Are they a GS-4 or a GS-11?” Krebs asked lawmakers. “By the standards that we have in place right now, I can’t reward that person and pay them the way they could be paid in the private sector.”
The plan also includes retraining existing staff to improve their skills, and stepping up recruitment of new talent through programs such as the National Science Foundation’s CyberCorps, the Army Cyber Center of Excellence, and DHS’ own Cybersecurity Education and Training Assistance Program. The White House reorganization plan also orders DHS, the Office of Management of Budget, and the Office of Personnel Management to evaluate the feasibility of a cyber reservist plan for mobilizing cyber professionals when needed, possibly through the likes of the U.S. Digital Service, which recruits talent from the private sector.
CISA is still being shaped, but the budget request outlines the agency’s priorities aside from building the cyber workforce, requesting:
- $694.1 million for Federal network protection, to defend the civilian Federal IT infrastructure against advanced cyber threats;
- $371.4 million for proactive cyber protection, supporting the National Cybersecurity and Communications Integration Center (NCCIC), which shares cyber threat indicators and defensive measures with Federal and non-Federal entities, including the private sector, and supports election infrastructure.
- $246.1 million for programs to protect critical infrastructure–including specific areas such as the election sub-sector–from physical threats.
- $167.3 million for emergency communications to ensure real-time information sharing among responders during all threats and hazards.
DHS is sharpening its focus on cybersecurity, though it’s still just one part of its mission; CISA totals only 3 percent of DHS’ 2020 budget. The Federal Emergency Management Agency has the largest share, at 31 percent, with Customs and Border Protection close behind at 23 percent, and Immigration and Customs Enforcement at 10 percent. The agency is hoping that using CTMS to take a more private-sector-style approach recruiting and retaining talent could help level the playing field.