The Federal Cyber Workforce Management and Coordinating Working Group has released a new report that lays out a multi-year strategy and implementation plan to address the shortfall of cybersecurity employees in the Federal government.
The “State of the Federal Cyber Workforce” report highlights that the long-term health of the Federal cyber workforce is at risk from too many looming retirements, and too few new hires. The report finds that the cyber workforce now features less than six percent of employees who are under the age of 30, and 30 percent who are 55 or older.
“Given expected retirements, lack of entry-level and diverse talent, turnover, and the growing need for new skill sets, there is a significant risk to our cyber mission effectiveness and the long-term health of our Federal cyber workforce,” the report states.
The working group’s tri-chairs from the Department of Veterans Affairs (VA), Department of Defense (DoD), and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) held a media roundtable on Oct. 12 to discuss the report and detail its recommendations.
“In an effort to move the needle and rapidly strengthen the Federal cyber talent pipeline, the working group took a closer look at common pain points and challenges faced by our Federal departments and agencies,” Megan Caposell, CISA’s associate chief of workforce planning in the Office of the Chief Human Capital Officer, told reporters.
Those common pain points and challenges include insufficient cyber workforce policies and classification standards; a lack of cyber workforce data; a lack of support and current structures in place to attract entry-level cyber talent; insufficient upskilling opportunities for current cyber talent; and the need for competitive compensation and employee-centric onboarding programs.
Recommendations and Next Steps
The working group – with the support of its 24 Federal agency partners – offered a number of recommendations to address these workforce challenges.
One notable recommendation that is already in progress is the proposal for a new pay model to attract cyber employees to the Federal government.
Chris Paris, VA’s senior advisor for cyber workforce management at the Office of the Chief Information Officer, explained the working group is currently pursuing a government-wide Special Salary Rate (SSR) for positions within the 2210-Information Technology Management occupational series.
Paris said the agencies hope to hear back from the Office of Personnel Management (OPM) on the SSR by the end of the calendar year, so they can start forecasting for fiscal year (FY) 2024.
“We submitted that proposal to OPM in July and it’s with them for review, but if approved and implemented, it would really mark a huge increase in pay across the general schedule, but primarily for our entry talent positions, where there is such a severe pay gap between what we can provide and what industry offers,” Paris said.
He noted that the VA, CISA, the Department of Health and Human Services, the State Department, and the Energy Department put “a lot of blood, sweat, and tears” into the SSR proposal “that a lot of agencies have been clamoring for for some time, but no one has ever put the resources behind it to actually get it past the finish line.”
Another notable proposal from the report is the creation of a Federal cyber academy that can centralize and modernize training and development for current and future cyber employees.
Patrick Johnson, the director of DoD’s Cyber Workforce Management Directorate, explained that the academy would be able to bring folks in for cyber training right out of high school.
“This academy would be a key to bolstering our numbers, because you can put people in the seats much, much faster than waiting for a four-year degree to run through,” Johnson said. “And from the same pool, then you can look at if you want to upskill and start tracking individuals for a bachelor’s degree or sending them for their masters or sending in for a Ph.D.”
“It’s a great way to look at the workforce and solve it, because let’s be honest, we’re not going to hire our way out of the problems that this report identifies,” he added. “We have to build a bench across the Federal government and start bringing in our own.”
Johnson said another recommendation is to create a Federal-wide cyber workforce dashboard to enable data-driven recruitment, development, and retention efforts.
Having that data will be critical, Johnson said, because “the workforce we need right now, we should have started building it 10 years ago, and… we need data to drive the decisions we’re making.”
The report also recommends the creation of an end-to-end recruitment and onboarding program to cultivate employee engagement, as well as the establishment of a cadre of expert cyber-HR practitioners. Within those recommendations, the working group hopes to set up CyberCareers.gov as a central hub for Federal cyber career resources.
The tri-chairs noted that they have action teams working on more tactical steps for their recommendations. Although some of their goals are “aspirational,” Paris noted that the working group has the support of the former Cyberspace Solarium Commission – now a private nonprofit group called CSC 2.0 – which has “drafted actual pieces of legislation that if adopted, or there’s widespread support for, can easily make their way into” the FY2023 National Defense Authorization Act.
