Feds Make Progress with Cybersecurity Workforce But Challenges Still Remain
Published: November 01, 2017
Federal efforts to strengthen the cybersecurity workforce are beginning to pay off. The number of federal cybersecurity hires has increased from FY 2015 to FY 2016. Standardized personnel codes have been adopted to track and fill staffing gaps. And agency information security has improved due to better security awareness, improved understanding of risk management and more effective security standards. However, challenges still remain.
Over the last two years, the federal government has implemented a number of initiatives aimed at strengthening its cybersecurity workforce.
The Federal Cybersecurity Workforce Assessment Act of 2015 required the development and implementation of a coding structure for cybersecurity positions. The act also required agencies to identify, code and report cybersecurity staffing needs to OPM. Using the codes will help agencies better understand their work requirements and skills and compare them to the private sector and academia. The new coding system allows for consistent task descriptions, functions and work roles of federal cybersecurity positions. OPM is using the NIST National Initiative for Cybersecurity Education (NICE) program’s cybersecurity workforce framework, which turns work roles into codes.
The Cybersecurity Workforce Strategy, released by OMB in July 2016, seeks to enhance the government’s ability to identify, recruit, develop, educate and retain talent while expanding the workforce pipeline. Since implementation, agencies have hired over 7,500 cybersecurity and IT employees in 2016; by comparison, federal agencies hired 5,100 cybersecurity and IT employees in 2015.
CyberCareers.gov, launched by OPM in January 2017, is a critical component of the Cybersecurity Workforce Strategy and will aid OPM in recruiting, hiring, developing, and retaining top cybersecurity talent and build the federal cybersecurity workforce pipeline. The website will provide specific cybersecurity information and resource portals to job seekers, managers and supervisors. The website is a multi-use platform used to recruit new talent, including students.
Additionally, the president’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure states that “the US seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving US objectives in cyberspace.” The executive order will establish workforce development for national cybersecurity education and training, which will support the U.S. cybersecurity workforce, but also strengthen the federal cybersecurity workforce.
Other initiatives strengthening the federal cyber workforce include:
- Promoting cyber and science, technology, engineering and mathematics (STEM) education: A center funded by DHS developed a kindergarten to 12th grade-level cyber-based curriculum.
- Cybersecurity scholarships: Such as the Scholarship for Service which provides tuition assistance to undergraduate and graduate students studying cybersecurity in exchange for a commitment to federal service.
- National Initiative for Cybersecurity Careers and Studies: DHS, in partnership with several other agencies, launched this initiative in 2013 as an online resource to connect government employees, students, educators, and industry with cybersecurity training providers across the nation.
Although progress is being made, agencies and the federal government face ongoing cybersecurity workforce challenges, including:
- Identifying and closing skill gaps - Agencies still face challenges in effectively implementing workforce planning processes for information technology (IT) and defining cybersecurity staffing needs.
- Recruiting and retaining qualified staff – Agencies continue to be challenged due to their inability to offer salaries or benefits packages that are competitive with the private sector for candidates with high-demand technical skills.
- Navigating the federal hiring process – The federal hiring process can be an impediment to hiring needed IT talent due to complex and lengthy procedures.
- Security training and awareness for non-technical staff – All employees need to be aware of cybersecurity risks and proper habits to protect the organization.
From a federal contractor standpoint, agencies will continue to supplement internal cybersecurity capabilities with contractor services and solutions. Also, competition for skilled talent between agencies and industry will continue. Agency demand for cybersecurity education and training will provide contractor support services opportunities.
Funding for cybersecurity initiatives is likely to remain strong, as well as reliance on contractor support. Additionally, increased resources to implement more comprehensive cybersecurity solutions could lead to related investments in hardware, software, and IT services, providing opportunities for contractors.
For more information on the federal information security market, see Deltek’s recently released report, Federal Information Security Market, 2017-2022.