Opinion

Stopping the federal IT security brain drain

cyber workforce

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

It's a clichéd but accurate reality, and it's as true in IT security as in any other environment or industry: You're only as strong as your weakest link.

And where is strength more important than at the federal agencies tasked with protecting the lives and livelihoods of millions of Americans?

As government leaders increasingly prioritize cyberspace's role in national security, a critical deficiency has begun to reveal itself: The best and brightest IT security professionals all too frequently migrate to the presumably greener -- or at least more equitable -- pastures of the private sector.

That doesn't bode well given the fact that the federal government needs to hire an estimated 10,000 cybersecurity experts in the next several years. Stopping the brain drain of existing federal IT security talent is imperative, especially as national security threats increasingly take place not on land but in the complex and obscure world of cyberspace. And while the challenge is real, potential solutions are within grasp.

Unorthodox recruiting methods

The Defense Department is actively addressing the problem, most recently through "Hack the Pentagon." Announced by Defense Secretary Ash Carter during the 2016 RSA Conference, the program invites cleared hackers to scour DOD networks for vulnerabilities.

At face value, it's a simple security exercise. But it could also enable the agency to fill security vacancies -- and none too soon. A new recruitment strategy is necessary and overdue, but even innovative programs like "Hack the Pentagon" aren't enough.

Plugging the brain drain requires resources and culture shifts. To recruit and retain the best IT security professionals, agencies must either offer financially competitive jobs or fundamentally change the relationship between government and private-sector IT contractors.

Compensation is the key

The first step is understanding and accepting why employees leave: because the private sector pays more for the same job.

Having worked in both sectors, I've seen it firsthand. Although we'd like to think that protecting our country is reason enough for dedicated and talented IT professionals to stay, even patriots have bills to pay.

Of course, fixing the pay gap requires rethinking our existing GS system -- something more easily said than done. But a few targeted alterations could potentially make a big difference -- for instance, a GS scale created specifically for technology positions.

Such a scale would improve federal IT salaries and eliminate current tensions over "grade inflation" (when the government categorizes tech positions at a higher GS level in relation to the job description). Although that approach wouldn't make government compensation equal to that of the private sector, it would at least make federal IT jobs more competitive.

A new public/private relationship

The irony of the federal IT brain drain is the government's complicity in paying private-sector salaries.

In the IT industry, federal contracts account for significant revenue. And although the private sector has much to offer federal agencies, current rules prevent contractors from fully taking over the roles and responsibilities of departed federal IT employees. If the government can't or won't improve compensation, then the contractors brought in to fill the gap must be allowed to play a more active role in federal IT security.

That would require a more formalized consulting relationship. After all, security doesn't work in a low-bid system. Contractors must be seen as partners who can advise, strategize and plan alongside federal agencies, instead of just workers tasked with implementing a preordained roadmap.

Why? Because the aforementioned brain drain has left the public sector with too few IT professionals who possess the expertise to create comprehensive IT security plans.

To succeed, security must be "baked in" throughout the network life cycle -- not just bolted on at the end. Therefore, security experts (whether federal employees or private contractors) must participate throughout the planning and strategy phases. When federal agencies lose talent to the private sector, they lose the ability to predict how ongoing decisions or regulations might affect their long-term security posture.

An urgent need

Until the government figures out how to mitigate the negative impact of turnover among its IT security professionals, agencies face increased risk and vulnerability.

The potential consequences aren't just hypothetical. In recent years, several major hacks have exposed volumes of sensitive data from government agencies and private citizens alike. Consequently, we know that major intrusions are more than possible. They've occurred already -- and they will again.

Whether through competitive compensation or better partnering opportunities, the federal government needs top IT security talent -- now.

About the Author

Greg Kushto is director of security and enterprise networking at Force 3.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Tue, May 24, 2016

The shortage is all bull shit, people there dont care whether there is a shortage or not. The only people who will be hired are known to hiring manager. I tried for over two years to apply to many opening, and I was qualified because I got in the pool every time, but not even a single interview call. The process is rigged, and same experience by my other friends. I moved on to better organization in private industry, and I am glad I did.

Fri, May 20, 2016

Changing the GS Scale wouldn't fix the issue. They will just reclassify or create positions that are basically IT but not categorize the job as such... As in the case of my current position with the Federal Government.

Fri, May 13, 2016 Jason Ostrow DC area

We need to be careful when screening government employees. One, we do not want to cause them or us a conflict of interest during the process. Two, their experience could be sub-par, and such concepts as productivity and meeting deadlines, may be foreign to them. Ditto for the necessity of competition, the need for some overtime, rigorous performance evaluation, no free parking, etc. Many feds do not make it on the outside, even tho they are fine, upstanding people. It is not for them. Further, if you hire the good ones, you may be disabling a good customer relationship. Be aboveboard and honest in everything u do when recruiting. If you are not, things may come to bite you

Wed, May 11, 2016

Why would a young computer science graduate want to work for the Federal Government? For more than Twenty years, the American Public has been told that government is the problem, government workers are losers, they collect their fat salaries and benefits at the expense of the American taxpayers. Think about it!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group