Federal Cyber Workforce – Agencies Work to Balance “Govies” and Contractors
Published: March 20, 2013
One of the concerns for the impacts of budget sequestration and potential IT budget trimming going forward is the impacts such paring might have on the federal information security posture and ongoing operational protections. As we begin to see the signs of how the current sequestration is being implemented at various agencies, one of the areas we are hearing about is personnel furloughs – both at agencies and at supporting contractor firms. Some recently released federal information security personnel data provides a sense of what is at risk if these furloughs were to apply to these people.
In the latest OMB FY 2012 FISMA report OMB provides its latest figures on the make-up of the federal IT security workforce by full-time equivalent (FTEs) – both government and contractor. OMB began asking agencies for detailed IT security cost and personnel data as part of their FY 2009 FISMA reporting cycle. According to the FISMA data for fiscal years 2009, 2010, 2011, and 2012, the number of federal FTEs with major information security responsibilities at the 24 Chief Financial Officer (CFO) Act agencies was 60,000, 79,434, 84,426 and 90,433 respectively.
Looking at how this data breaks out between contractor and government FTE gives us a historical sense of what has been going on in this area. (See chart below.)
Changes from FY 2011 to FY 2012
Some of the approximate year-over-year changes in IT security personnel numbers for large departments and agencies revealed in the two most recent FISMA reports includes:
- Defense: +10K in government FTEs
- Treasury: Flat overall FTEs, but government FTEs increased by roughly 400
- SSA: +1000 FTEs to about 1,100 with all the growth in government personnel
- DHS: -350 FTEs down to just over 1,000 with the drop spread across both categories
- VA: – 100 FTEs down to roughly 750, with government FTEs taking the hit
- Justice: – 1,100 down to 745 FTEs fairly evenly spread across the categories
- Energy: – 1,375 down to about 700 FTEs with roughly 1,200 of that reduction being contractors
- HHS: – 400 FTEs down to about 700 overall with contractor FTE cuts taking 2/3 of the drop
The fluctuation relative to proportions and year-over-year changes suggests that federal agencies are still struggling to find the right mix of cybersecurity skill sets and balance of government and contractor staff levels. In a recent news account, the Air Force’s cyber workforce development lead, Maj. Gen. Earl Matthews, addressed some of the challenges the Defense Department is facing in managing their civilian cyber workforce that complements their uniformed cyber practitioners. Matthews wants to overhaul how it trains, organized and compensates its civilian cyber experts to move past the limitations of 50-year old civil service occupational series codes and other outdated limitations.
If changing personnel classifications to adapt to the changes brought on by the growth of cybersecurity is anything like changing procurement regulations and practices, then General Matthews has an up-hill battle ahead of him.